Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

AWS Client VPN endpoint connection from mobile phone

0

Good Day, I am getting "Authentication Failed" error when attempting to connect to AWS Client VPN endpoint from a mobile device. Based on https://docs.aws.amazon.com/vpn/latest/clientvpn-user/android.html "OpenVPN" client was installed on iphone device and configured with the same configuration profile that works perfectly fine on Desktop with "AWS VPN Client" app. The authentication is configured as federated going against MS Azure AD (SAML), No Client Certificate is being used. In OpenVPN client logs we are getting "AUTH_FAILED Invalid username or password". Is there anything that can be done about this? Thank you, Sergey

Tópicos
Web e dispositivos móveis front-endRede e entrega de conteúdo
Tags
Web e dispositivos móveis front-endVPN para clientes da AWS
Idioma
English
Sergey
feita há um ano859 visualizações
1 Resposta
0
Resposta aceita

AWS Client VPN with SAML based federated access ONLY supports the official AWS Client VPN Software.

You can not use 3rd party VPN Software (open vpn client) if you are using federated access. To use 3rd Party VPN Software, you have to use certificate based authentication.

It is also confirmed here https://docs.aws.amazon.com/vpn/latest/clientvpn-user/linux.html

profile picture
ESPECIALISTA
Gary Mclean
respondido há um ano
profile pictureAWS
ESPECIALISTA
Tushar_J
avaliado há um ano
profile picture
ESPECIALISTA
Sedat Salman
avaliado há um ano
  • Sergey
    há um ano

    I guess I can still use a variation of AWS AD, potentially AWS AD Connector. In our case certificate based authentication is not an option. But I've got the point about the "federated access" part. Thanks

  • Gary Mclean ESPECIALISTA
    há um ano

    Yeah you may have to create an AWS managed AD and then create a trust with your azure ad and use AD auth. 100% I agree, I wouldn’t use certificates. I have in the past but it’s far easier with SAML with azure that I’ve setup in the past. Good luck hope you get to a working solution.

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante