Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Perl

Java

Swift

TypeScript

Dart

Jupyter Notebook

Scala

Lua

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Clojure

Go

C++

Elixir

PowerShell

Racket

Julia

R

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇦🇴 Angola

🇬🇭 Ghana

🇸🇬 Singapore

🇫🇴 Faroe Islands

🇬🇳 Guinea

🇪🇷 Eritrea

🇸🇮 Slovenia

🇱🇻 Latvia

All Countries Compare Countries

samm-git/aws-vpn-client

Stars
205
Rank 191,264 (Top 4 %)
Language
Ruby
License
MIT License
Created over 4 years ago
Updated 11 months ago

samm-git/aws-vpn-client

samm-git

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Connect to the AWS Client VPN with SAML using OSS Client

aws-vpn-client

This is PoC to connect to the AWS Client VPN with OSS OpenVPN using SAML authentication. Tested on macOS and Linux, should also work on other POSIX OS with a minor changes.

See my blog post for the implementation details.

P.S. Recently AWS released Linux desktop client, however, it is currently available only for Ubuntu, using Mono and is closed source.

Content of the repository

openvpn-v2.4.9-aws.patch - patch required to build AWS compatible OpenVPN v2.4.9, based on the AWS source code (thanks to @heprotecbuthealsoattac) for the link.
server.go - Go server to listed on http://127.0.0.1:35001 and save SAML Post data to the file
aws-connect.sh - bash wrapper to run OpenVPN. It runs OpenVPN first time to get SAML Redirect and open browser and second time with actual SAML response

How to use

Build patched openvpn version and put it to the folder with a script
Start HTTP server with go run server.go
Set VPN_HOST in the aws-connect.sh
Replace CA section in the sample vpn.conf with one from your AWS configuration
Finally run aws-connect.sh to connect to the AWS.

Additional Steps

Inspect your ovpn config and remove the following lines if present

auth-user-pass (we dont want to show user prompt)
auth-federate (propietary AWS keyword)
auth-retry interact (do not retry on failures)
remote and remote-random-hostname (already handled in CLI and can cause conflicts with it)

Todo

Better integrate SAML HTTP server with a script or rewrite everything on golang

btest-opensource

Mikrotik btest (bandwith test) protocol description and opensource implementation

jvpn

Perl script to connect to the Juniper VPN with Host Checker enabled

cm_redis_tools

CLI tools for the cm_redis ZF backend

marantz-rc-esp32

Web based remote control for Matantz amplifier using ESP32

turris-containers

Add containers support to the Turris router

clock-controller-esp

Slave clock controller based on the ESP32 board

e3372h-vendor-src

Huawei E3372h source code from http://consumer.huawei.com/en/support/downloads/detail/index.htm?id=56443

atop-freebsd

atop system utility - FreeBSD port

nazk-data

Declarations from the nazk.gov.ua

syno_control

Utility to control "status" LED and buttons on Synology DS207 NAS

turris-buildroot

Dockerfile for the turris buildroot openwrt

objidlib

bruteblock

Bruteblock allows system administrators to block various bruteforce attacks on UNIX services.

test-gha-aws

structurizr-chart

device_alcatel_OT993D

Configuration for CM10 recovery (alpha)

staroeradio-dl

staroeradio.ru downloader

alcatel_ot993d_liblights

liblights with BLN support for OT-993(D)

alcatel_ot993D_kernel

Kernel for Alcatel One Touch 993D