By using AWS re:Post, you agree to the Terms of Use

Questions tagged with AWS Virtual Private Network (VPN)

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Clientvpn, error on linux client when adding route number 63

Hi, we have a very rare problem with aws clientvpn, we have 62 routes/authorizations and the service works fine, we have windows clients with clientvpn software and linux clients with openvpn software. But, when we add the route number 63, windows clients go fine, but linux clients (all of them) fails with messages like this: ... ``` 55.0,route 10.53.4.0 255.255.255.0,route 10.1.124.0 255.255.255.0,route 10.105.0.0 255.255.0.0,route 172.25.246.0 255.255.255.0,route 172.24.191.0 255.255.255.0,route 172.25.182.0 255.255.255.0,route 10.55.36.0 255.255.255.0,route 10.53.132.0 255.255.255.0,route 172.25.196.0 255.255.255.0,route 172.25.76.0 255.255.255.0,route-gateway 10.200.0.129,topology subnet,ping 1,ping-restart 20,ifconfig' 2022-03-24 09:14:12 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:68: ifconfig (2.5.6) 2022-03-24 09:14:12 OPTIONS IMPORT: timers and/or timeouts modified 2022-03-24 09:14:12 OPTIONS IMPORT: --ifconfig/up options modified 2022-03-24 09:14:12 OPTIONS IMPORT: route options modified 2022-03-24 09:14:12 OPTIONS IMPORT: route-related options modified 2022-03-24 09:14:12 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified 2022-03-24 09:14:12 Using peer cipher 'AES-256-GCM' 2022-03-24 09:14:12 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2022-03-24 09:14:12 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2022-03-24 09:14:12 net_route_v4_best_gw query: dst 0.0.0.0 2022-03-24 09:14:12 net_route_v4_best_gw result: via 192.168.0.1 dev enx000ec675f0d5 2022-03-24 09:14:12 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=enx000ec675f0d5 HWADDR=00:0e:c6:75:f0:d5 2022-03-24 09:14:12 TUN/TAP device tun0 opened 2022-03-24 09:14:12 WARNING: OpenVPN was configured to add an IPv4 route. However, no IPv4 has been configured for tun0, therefore the route installation may fail or may not work as expected. 2022-03-24 09:14:12 net_route_v4_add: 10.203.0.0/16 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed 2022-03-24 09:14:12 net_route_v4_add: 10.204.0.0/16 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed 2022-03-24 09:14:12 net_route_v4_add: 10.202.0.0/16 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed 2022-03-24 09:14:12 net_route_v4_add: 10.52.12.0/24 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed 2022-03-24 09:14:12 net_route_v4_add: 10.24.0.0/24 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed 2022-03-24 09:14:12 net_route_v4_add: 10.201.0.0/16 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed 2022-03-24 09:14:12 net_route_v4_add: 10.53.8.0/24 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed 2022-03-24 09:14:12 net_route_v4_add: 172.24.224.0/24 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed 2022-03-24 09:14:12 net_route_v4_add: 10.1.28.0/24 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed 2022-03-24 09:14:12 net_route_v4_add: 172.24.0.0/24 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed ``` ... Any help is welcome, thanks in advance! Bye,
1
answers
0
votes
41
views
asked 6 months ago

Client VPN on Linux : Connection failed - sql lite error ?

The only clue is in /var/log/syslog which says > Mar 23 11:55:17 lego AWS VPN Client: SQLite error (5): database is locked in "PRAGMA max_page_count = 5000" The AWS client logs says ``` 2022-03-23 12:03:03.870 +00:00 [DBG] Inserted event UI_APP_VPN_CONNECT_GENERAL_ERROR 0 to MetricsTable 2022-03-23 12:03:03.870 +00:00 [DBG] Starting OpenVpn process 2022-03-23 12:03:04.150 +00:00 [DBG] Inserted event UI_APP_VPN_CONNECT_ATTEMPT 1 to AnalyticsTable 2022-03-23 12:03:04.151 +00:00 [DBG] Shutting down metrics agent 2022-03-23 12:03:04.151 +00:00 [DBG] Metrics agent shut down 2022-03-23 12:03:04.157 +00:00 [DBG] OvpnGtkServiceClient connected. Calling StartVpnAsync 2022-03-23 12:03:04.178 +00:00 [DBG] OvpnGtkServiceClient received OpenVPN process PID: -1 2022-03-23 12:03:04.178 +00:00 [DBG] DeDupeProcessDiedSignals: Unknown error caused OpenVPN process to not start: -1 2022-03-23 12:03:04.178 +00:00 [WRN] Acs did not stop correctly! 2022-03-23 12:03:04.178 +00:00 [ERR] Process died signal sent ACVC.Core.OpenVpn.OvpnProcessFailedToStartException: Unknown error caused OpenVPN process to not start: -1 at ACVC.Core.OpenVpn.OvpnGtkProcessManager.Start(String openVpnConfigPath, String managementPortPasswordFile, Int32 timeoutMilliseconds) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnProcessManager.cs:line 696 at ACVC.Core.OpenVpn.OvpnConnectionManager.Connect(OvpnConnectionProfile configProfile, GetCredentialsCallback getCredentialsCallback, Int32 timeout) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnConnectionManager.cs:line 861 2022-03-23 12:03:04.180 +00:00 [DBG] Received exception for connection state Disconnected. Show error message to user 2022-03-23 12:03:04.180 +00:00 [ERR] Exception received by connect window view model ACVC.Core.OpenVpn.OvpnProcessDiedException: The VPN process has stopped unexpectedly. 2022-03-23 12:03:04.539 +00:00 [DBG] Inserted event UI_APP_VPN_CONNECT_GENERAL_ERROR 1 to MetricsTable 2022-03-23 12:03:04.856 +00:00 [DBG] Inserted event UI_APP_VPN_CONNECT_GENERAL_ERROR 1 to AnalyticsTable 2022-03-23 12:03:05.212 +00:00 [DBG] Inserted event UI_APP_VPN_CONNECT_ATTEMPT_FAIL_VPN_PROCESS_DIED 1 to MetricsTable 2022-03-23 12:03:05.497 +00:00 [DBG] Inserted event UI_APP_VPN_CONNECT_ATTEMPT_FAIL_VPN_PROCESS_DIED 1 to AnalyticsTable 2022-03-23 12:03:05.497 +00:00 [DBG] Clean up connections. Connection state: Connecting 2022-03-23 12:03:05.498 +00:00 [INF] Validating schema for OpenVPN config: /home/falken/.config/AWSVPNClient/OpenVpnConfigs/AWS JumpCloud 2022-03-23 12:03:05.801 +00:00 [DBG] Inserted event CONNECTION_PROFILE_TYPE 1 to AnalyticsTable 2022-03-23 12:03:06.500 +00:00 [DBG] Caught exception when getting connection status. Exception information: System.TimeoutException: The message did not respond within the expected timeframe or was cancelled at ACVC.Core.OpenVpn.OvpnConnectionManager.SendMessage(String message, Int32 timeout, CancellationToken cancellationToken) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnConnectionManager.cs:line 1140 at ACVC.Core.OpenVpn.OvpnConnectionManager.GetConnectionStatus() in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnConnectionManager.cs:line 1228 at ACVC.Core.Metrics.MetricsClient.RecordBytesMetricsAndAnalytics(IConnectionManager connectionManager) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/Metrics/MetricsClient.cs:line 136 ``` /var/log/aws-vpn-client/falken/gtk_service_aws_client_vpn_connect_20220301.log ``` 2022-03-23 12:19:36.142 +00:00 [DBG] [TI=9] Start method called: OpenVPN validation file: /home/falken/.config/AWSVPNClient/OpenVpnConfigs/current_connection.txt, management password file: /home/falken/.config/AWSVPNClient/acvc-8096.txt 2022-03-23 12:19:36.146 +00:00 [ERR] Drive type Network not supported. 2022-03-23 12:19:36.146 +00:00 [ERR] [TI=9] Unhandled exception ACVC.Core.OpenVpn.ReferencedFilePathInvalidException: File: /home/falken/.config/AWSVPNClient/OpenVpnConfigs/current_connection.txt may be a path to an unsupported drive type, which is not allowed for security reasons at ACVC.Core.OpenVpn.OvpnConfigParser.CheckSupportedDriveType(String path) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnConfigParser.cs:line 795 at ACVC.Core.OpenVpn.OvpnConfigParser.ValidateReferencedFilePath(String path, String flag) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnConfigParser.cs:line 689 at ACVC.GTK.Service.DBus.OvpnGtkService.StartVpnAsync(String ovpnConfigValidationFile, String managementPortPasswordFile) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.GTK.Service/DBus/OvpnGtkService.cs:line 46 ``` How can I find out what's up or what DB this is ? v2 seemed to work fine. I've purged and reinstalled the package, and renamed ~/.config/AWSVPNClient to no avail. Ubutn 20.04 LTS, all updated.
1
answers
0
votes
197
views
asked 6 months ago
2
answers
0
votes
122
views
asked 6 months ago

Advice on creating VPC for EC2 to use IPSec connection

I am currently working on the integration of 2 platforms which need to communicate to each other via https requests. However one of these platforms' endpoints is only accessible via a VPN into their own network. I therefore want to use AWS to establish an intermediary app that will receive https communications from platform 1, and send it to platform 2, which is the one behind the VPN. To this end, I have been looking at documentation on AWS, and it looks like the best solution is to create a VPC on which I'd create a Site-to-Site VPN Connection using IPSec. Then I would create a new EC2 instance on this VPC which I will use to forward requests from platform 1 to platform 2. The questions I have are as follows: 1) Once the IPSec Site to site connection is established, will my EC2 instance (deployed to the same VPC that hosts the Site-to-Site connection) immediately be able to communicate with platform 2 which is behind their VPN based solely on the fact that it is on the same VPC, or will there be further routing setup required to allow to communicate via the tunnel established? 2) The VPN we wish to connect to has a process through which they must whitelist any given entities they connect with. A) They ask for an IPSec Gateway IP; I have looked at the documentation at https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html , and assume this is referring to the IP of what is in the document called the Virtual Private Gateway. I have created a VPG in my VPC but I cannot see an IP address associated with it. Is this something that only appears once the VPG is associated with site to site connection (and is no longer in a state of detached)? B) They require the IP addresses of the applications they will be interacting with, which in this case I assume will be my EC2 instance. However they require that subnet /29 or higher is required. How can I enforce that subnet on the EC2 public IPs? When creating a VPC I have the option of specifying the IPv4 CIDR block, however I cannot specify a netmask that is not between /16 and /28. I'm looking for advice on the above so I can make sure that the solution I wish to undertake with the VPC is not flawed, and that I am on the right track. Any guidance is appreciated.
1
answers
0
votes
32
views
asked 7 months ago

Linux VPN Client halts on 'Drive type Network not supported' after upgrade to 3.0.0

My Ubuntu 20.04 installation decided 1,5 hours ago to update awsvpnclient from version 2.0.0 to 3.0.0, and it has not worked since because it seems to think that its configuration directory is hosted on a network file system, which is not supported (the file is, and always was hosted on a local, eCryptFS-encrypted file system). The UI shows a dialog "Connection failed, try again". This is from the logs in /var/log/aws-vpn-client/$USER ``` 2022-03-07 17:36:56.875 +01:00 [DBG] [TI=6] Start method called: OpenVPN validation file: /home/stefan/.config/AWSVPNClient/OpenVpnConfigs/current_connection.txt, management password file: /home/stefan/.config/AWSVPNClient/xxxx-1234.txt 2022-03-07 17:36:56.875 +01:00 [ERR] Drive type Network not supported. 2022-03-07 17:36:56.875 +01:00 [ERR] [TI=6] Unhandled exception ACVC.Core.OpenVpn.ReferencedFilePathInvalidException: File: /home/stefan/.config/AWSVPNClient/OpenVpnConfigs/current_connection.txt may be a path to an unsupported drive type, which is not allowed for security reasons ``` I downgraded successfully back to 2.0.0 so that my connection is working again, for now. As I'm sure this is a temporary solution and the 2.0.0 client will be rejected by the AWS VPN service at some point, is it possible for me to file a bug about this problem, or can I solve it in some other way? I tried moving `/home/$USER/.config/AWSVPNClient` to a location outside of the encrypted drive and create a symbolic link to this directory in `~/.config/`, but the Network drive error kept occurring.
1
answers
3
votes
28
views
asked 7 months ago