Questions tagged with AWS Virtual Private Network (VPN)

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

VPN Client Endpoint - losing internet access even with split tunnel enabled

Hi, I have been working with aws vpn client for some time and I have enough understanding of how it works and its config. The only thing Im having issues with right now is even when I have the split tunnel feature enabled, I lose internet access from my computer, at home. If I understand this correctly the whole idea behind the split tunnel is to make sure AWS traffic is only what goes through the vpn tunnel, to avoid extra charges,...etc. I have older endpoints created previously and are working as expected, both at home and at the office. All clients have the same configs with the CIDR being the only difference, and the new one was created using AWS CDK. My local routing seems ok, but when trying to access "amazon.com" for example I get DNS resolution error in my browser, simply nothing works. Following is my routing when connected to the vpn client im having issues with. I use 192.168.0.0/16 for my vpc. ``` Internet: Destination Gateway Flags Netif Expire default 10.0.0.1 UGScg en0 10/24 link#15 UCS en0 ! 10.0.0.1/32 link#15 UCS en0 ! 10.0.0.1 f4:c1:14:8e:ad:16 UHLWIir en0 1190 10.0.0.131 a4:93:3f:60:53:84 UHLWI en0 668 10.0.0.145 f8:28:19:3d:bb:b6 UHLWI en0 ! 10.0.0.166/32 link#15 UCS en0 ! 10.0.0.245 e:bf:67:db:69:3 UHLWI en0 ! 10.0.0.255 ff:ff:ff:ff:ff:ff UHLWbI en0 ! 127 127.0.0.1 UCS lo0 127.0.0.1 127.0.0.1 UH lo0 169.254 link#15 UCS en0 ! 192.168.0/16 192.168.100.1 UGSc utun3 192.168.100/27 192.168.100.2 UGSc utun3 192.168.100.2 192.168.100.2 UH utun3 ```
2
answers
0
votes
251
views
Ziad_S
asked 3 months ago

Multi-Factor Fails To Enable On Directory Service For DUO/VPN setup

Hey there, been having trouble trying to enable Multi-Factor for Directory service in order to integrate DUO with my VPN client. I have followed to the post here to a tee but when I go to enable MFA it keeps failing: https://aws.amazon.com/blogs/networking-and-content-delivery/using-microsoft-active-directory-mfa-with-aws-client-vpn/ So I have everything checked off. I do have an EC2 instance joined to the domain. I have rules in place that allow the radius port through. I have also tested connectivity to the EC2 instance from Directory service and it reaches it fine. I have my config for DUO setup according the post above, matching DUO keys and verified the shared radius key is good. But with that being said, its not very clear on the EC2 instance should have radius /NPS role installed and configured. It only mentions having a radius server. So just to see, I did install the NPS role and set it up for Directory service as a client. When trying to re-enable MFA, I do see DS trying to connect and creates an error in the log. Event ID:6273 Network Policy Server denied access to a user. Contact the Network Policy Server administrator for more information. User: Security ID:NULL SID Account Name:fakeusername Account Domain:MYDOMAIN Fully Qualified Account Name:MYDOMAIN\fakeusername And just to note, the "fakeusername" is actually what is appearing in the log. Now there is no area in the whole setup where you create a system account or some account for DS to connect to radius server so I am bit puzzled in this. Obviously, there is not user by that name and for fun I did create one with the radius secret just to see if that would do anything but of course it still fails. If there is anyone that help provide any insight to this, I would appreciate your time. Thanks! Chris.
2
answers
0
votes
64
views
asked 3 months ago

AWS VPN Client can not be connected.

AWS VPN Client can not be connected with below logs. ``` 2022-08-10 13:21:44.518 +09:00 [DBG] CM processsing: >LOG:1660105304,I,open_tun 2022-08-10 13:21:44.518 +09:00 [DBG] CM processsing: 2022-08-10 13:21:44.518 +09:00 [DBG] 🥶 APPEND line 2022-08-10 13:21:44.518 +09:00 [INF] Begin receive init again 2022-08-10 13:21:44.521 +09:00 [INF] Received bytes: 105 2022-08-10 13:21:44.521 +09:00 [DBG] Message marshalling complete 2022-08-10 13:21:44.521 +09:00 [DBG] CM received: >LOG:1660105304,,CreateFile failed on TAP device: \\.\Global\{5B0DB356-AB62-485C-A071-3537D307D3BB}.tap 2022-08-10 13:21:44.521 +09:00 [DBG] CM processsing: >LOG:1660105304,,CreateFile failed on TAP device: \\.\Global\{5B0DB356-AB62-485C-A071-3537D307D3BB}.tap 2022-08-10 13:21:44.521 +09:00 [DBG] CM processsing: 2022-08-10 13:21:44.521 +09:00 [DBG] 🥶 APPEND line 2022-08-10 13:21:44.521 +09:00 [INF] Begin receive init again 2022-08-10 13:21:44.521 +09:00 [INF] Received bytes: 151 2022-08-10 13:21:44.521 +09:00 [DBG] Message marshalling complete 2022-08-10 13:21:44.521 +09:00 [DBG] CM received: >LOG:1660105304,F,All TAP-Windows adapters on this system are currently in use. >FATAL:All TAP-Windows adapters on this system are currently in use. 2022-08-10 13:21:44.521 +09:00 [DBG] CM processsing: >LOG:1660105304,F,All TAP-Windows adapters on this system are currently in use. 2022-08-10 13:21:44.521 +09:00 [DBG] CM processsing: >FATAL:All TAP-Windows adapters on this system are currently in use. ``` I reinstalled the VPN Client but the error occurs continuously. Raptop brand is Lenovo and OS is Windows. How should I correct this error?
1
answers
0
votes
112
views
asked 4 months ago