This is PoC to connect to the AWS Client VPN with OSS OpenVPN using SAML authentication. Tested on macOS and Linux, should also work on other POSIX OS with a minor changes.
See my blog post for the implementation details.
P.S. Recently AWS released Linux desktop client, however, it is currently available only for Ubuntu, using Mono and is closed source.
- openvpn-v2.4.9-aws.patch - patch required to build AWS compatible OpenVPN v2.4.9, based on the AWS source code (thanks to @heprotecbuthealsoattac) for the link.
- server.go - Go server to listed on http://127.0.0.1:35001 and save SAML Post data to the file
- aws-connect.sh - bash wrapper to run OpenVPN. It runs OpenVPN first time to get SAML Redirect and open browser and second time with actual SAML response
- Build patched openvpn version and put it to the folder with a script
- Start HTTP server with
go run server.go
- Set VPN_HOST in the aws-connect.sh
- Replace CA section in the sample vpn.conf with one from your AWS configuration
- Finally run
aws-connect.sh
to connect to the AWS.
Inspect your ovpn config and remove the following lines if present
auth-user-pass
(we dont want to show user prompt)auth-federate
(propietary AWS keyword)auth-retry interact
(do not retry on failures)remote
andremote-random-hostname
(already handled in CLI and can cause conflicts with it)
Better integrate SAML HTTP server with a script or rewrite everything on golang