By using AWS re:Post, you agree to the Terms of Use

Questions tagged with AWS Virtual Private Network (VPN)

Sort by most recent
  • 1
  • 12 / page

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Multi-Factor Fails To Enable On Directory Service For DUO/VPN setup

Hey there, been having trouble trying to enable Multi-Factor for Directory service in order to integrate DUO with my VPN client. I have followed to the post here to a tee but when I go to enable MFA it keeps failing: https://aws.amazon.com/blogs/networking-and-content-delivery/using-microsoft-active-directory-mfa-with-aws-client-vpn/ So I have everything checked off. I do have an EC2 instance joined to the domain. I have rules in place that allow the radius port through. I have also tested connectivity to the EC2 instance from Directory service and it reaches it fine. I have my config for DUO setup according the post above, matching DUO keys and verified the shared radius key is good. But with that being said, its not very clear on the EC2 instance should have radius /NPS role installed and configured. It only mentions having a radius server. So just to see, I did install the NPS role and set it up for Directory service as a client. When trying to re-enable MFA, I do see DS trying to connect and creates an error in the log. Event ID:6273 Network Policy Server denied access to a user. Contact the Network Policy Server administrator for more information. User: Security ID:NULL SID Account Name:fakeusername Account Domain:MYDOMAIN Fully Qualified Account Name:MYDOMAIN\fakeusername And just to note, the "fakeusername" is actually what is appearing in the log. Now there is no area in the whole setup where you create a system account or some account for DS to connect to radius server so I am bit puzzled in this. Obviously, there is not user by that name and for fun I did create one with the radius secret just to see if that would do anything but of course it still fails. If there is anyone that help provide any insight to this, I would appreciate your time. Thanks! Chris.
2
answers
0
votes
12
views
asked 6 hours ago

AWS VPN Client can not be connected.

AWS VPN Client can not be connected with below logs. ``` 2022-08-10 13:21:44.518 +09:00 [DBG] CM processsing: >LOG:1660105304,I,open_tun 2022-08-10 13:21:44.518 +09:00 [DBG] CM processsing: 2022-08-10 13:21:44.518 +09:00 [DBG] 🥶 APPEND line 2022-08-10 13:21:44.518 +09:00 [INF] Begin receive init again 2022-08-10 13:21:44.521 +09:00 [INF] Received bytes: 105 2022-08-10 13:21:44.521 +09:00 [DBG] Message marshalling complete 2022-08-10 13:21:44.521 +09:00 [DBG] CM received: >LOG:1660105304,,CreateFile failed on TAP device: \\.\Global\{5B0DB356-AB62-485C-A071-3537D307D3BB}.tap 2022-08-10 13:21:44.521 +09:00 [DBG] CM processsing: >LOG:1660105304,,CreateFile failed on TAP device: \\.\Global\{5B0DB356-AB62-485C-A071-3537D307D3BB}.tap 2022-08-10 13:21:44.521 +09:00 [DBG] CM processsing: 2022-08-10 13:21:44.521 +09:00 [DBG] 🥶 APPEND line 2022-08-10 13:21:44.521 +09:00 [INF] Begin receive init again 2022-08-10 13:21:44.521 +09:00 [INF] Received bytes: 151 2022-08-10 13:21:44.521 +09:00 [DBG] Message marshalling complete 2022-08-10 13:21:44.521 +09:00 [DBG] CM received: >LOG:1660105304,F,All TAP-Windows adapters on this system are currently in use. >FATAL:All TAP-Windows adapters on this system are currently in use. 2022-08-10 13:21:44.521 +09:00 [DBG] CM processsing: >LOG:1660105304,F,All TAP-Windows adapters on this system are currently in use. 2022-08-10 13:21:44.521 +09:00 [DBG] CM processsing: >FATAL:All TAP-Windows adapters on this system are currently in use. ``` I reinstalled the VPN Client but the error occurs continuously. Raptop brand is Lenovo and OS is Windows. How should I correct this error?
1
answers
0
votes
38
views
asked 6 days ago

Problem Setting up EC2 as Airgap Server with Client VPN Endpoint

Afternoon All, I'm a (very) inexperienced user who's keen to learn and appreciate I might have bitten off far more than I can chew with this. I'm working on a project where we need to share UDP packets between two companies with the packets going in both directions. I want to setup an airgap server where exchange of data could take place. I have an EC2 server with an external IP address (that I SSH into) as the airgap machine and a VPN client endpoint linked to the subnet the EC2 instance is in. My intent was to send UDPs from my company system to the airgap on a particular port say 3005, for example and then listen on a different port, say 4005, for example, on the same EC2 instance for UDP packets from the other company. And use socat to send packets from 4005 to the client IP on my Windows machine (currently set in the Endpoint to 16.10.0.0/16 (yes I know the subnet is probably far too big for this)). I have successfully created the VPN client endpoint, downloaded the configuration file and can connect in from my Windows10 laptop using OpenVPN client. I can send packets from my Windows10 machine to the Airgap EC2 instance and see that it arrives on port 3005 as expected using tcpdump. I can also ping from the Windows machine to the Airgap server... so the connection is working in one direction. The issue I have is that the connection does not work sending packets from the Airgap EC2 instance to my machine via the VPN... If I run socat with various options of udp-recvfrom or udp-listen and udp-sendto or udp-datagram I get no packets arriving at my Windows machine. Neither can I ping the Windows machine from the EC2 Airgap instance (I have tried this with Windows Firewall turned off to test whether the FW was getting in the way) My questions then: 1. Is it possible to do what I want? 2. WHat am I doing wrong and how can I fix? 3. Is my assumption about an EC2 instance being a good way of setting up an airgap server like this correct? Many Thanks G
0
answers
0
votes
53
views
asked 20 days ago
  • 1
  • 12 / page