Questions tagged with AWS Virtual Private Network (VPN)

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Cannot reach EC2 Instance over client to site VPN

I am somewhat new to AWS admin, but have built several EC2 Instances for customers with both site to site VPNs as well as client to site, using OpenVPN for the latter. I am successfully connected to the VPN, but cannot ping or RDP to my instance's internal IP address. I have created firewall rules in Windows allowing ICMPv4 in/out, and even disable the Windows Defender Firewall. I have applied a security group on the instance allowing all traffic from the subnet range of my VPN (10.0.0.0/16) as source , my VPN client has an IP of 10.0.1.34 currently while connected. On the Route Table under VPC, i have the local route showing 172.31.0.0/16 (server's IP is 172.31.14.231) as a destination, as well as 0.0.0.0/16 as a destination. Both are showing as propagated as No. ( i have no site to site for this customer), not sure if the propagation is an issue here? Subnet association under route tables has all the subnets listed, including the 172.31.16.0/20 which i checked does include my server's IP of 172.31.14.231 Under VPN > Client VPN Endpoint>Associations, i have the network ID associated status with the network ID of the subnet 172.31.16.0/20, security group is the allow all traffic to VPC that i listed above. Authorization tab has access all is true, destination CIDR is 172.31.0.0/16 and state is Active. Route table tab has Destination CIDR of 172.31.0.0/16, target subnet is the one that includes my server ( 172.31.0.0/20) .Connections shows the status of active with IP of 10.0.1.34 I am running a continuous ping from the server to my VPN client IP of 10.0.1.34, as well as a ping from my workstation connected via VPN, both timing out. RDP cannot find the server. I know this is a lot of information, but i really could use some help here. I would think it is a routing or firewall issue, but cannot seem to find the issue. Thank you in advance.
2
answers
0
votes
259
views
asked 8 months ago

Clientvpn, error on linux client when adding route number 63

Hi, we have a very rare problem with aws clientvpn, we have 62 routes/authorizations and the service works fine, we have windows clients with clientvpn software and linux clients with openvpn software. But, when we add the route number 63, windows clients go fine, but linux clients (all of them) fails with messages like this: ... ``` 55.0,route 10.53.4.0 255.255.255.0,route 10.1.124.0 255.255.255.0,route 10.105.0.0 255.255.0.0,route 172.25.246.0 255.255.255.0,route 172.24.191.0 255.255.255.0,route 172.25.182.0 255.255.255.0,route 10.55.36.0 255.255.255.0,route 10.53.132.0 255.255.255.0,route 172.25.196.0 255.255.255.0,route 172.25.76.0 255.255.255.0,route-gateway 10.200.0.129,topology subnet,ping 1,ping-restart 20,ifconfig' 2022-03-24 09:14:12 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:68: ifconfig (2.5.6) 2022-03-24 09:14:12 OPTIONS IMPORT: timers and/or timeouts modified 2022-03-24 09:14:12 OPTIONS IMPORT: --ifconfig/up options modified 2022-03-24 09:14:12 OPTIONS IMPORT: route options modified 2022-03-24 09:14:12 OPTIONS IMPORT: route-related options modified 2022-03-24 09:14:12 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified 2022-03-24 09:14:12 Using peer cipher 'AES-256-GCM' 2022-03-24 09:14:12 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2022-03-24 09:14:12 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2022-03-24 09:14:12 net_route_v4_best_gw query: dst 0.0.0.0 2022-03-24 09:14:12 net_route_v4_best_gw result: via 192.168.0.1 dev enx000ec675f0d5 2022-03-24 09:14:12 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=enx000ec675f0d5 HWADDR=00:0e:c6:75:f0:d5 2022-03-24 09:14:12 TUN/TAP device tun0 opened 2022-03-24 09:14:12 WARNING: OpenVPN was configured to add an IPv4 route. However, no IPv4 has been configured for tun0, therefore the route installation may fail or may not work as expected. 2022-03-24 09:14:12 net_route_v4_add: 10.203.0.0/16 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed 2022-03-24 09:14:12 net_route_v4_add: 10.204.0.0/16 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed 2022-03-24 09:14:12 net_route_v4_add: 10.202.0.0/16 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed 2022-03-24 09:14:12 net_route_v4_add: 10.52.12.0/24 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed 2022-03-24 09:14:12 net_route_v4_add: 10.24.0.0/24 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed 2022-03-24 09:14:12 net_route_v4_add: 10.201.0.0/16 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed 2022-03-24 09:14:12 net_route_v4_add: 10.53.8.0/24 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed 2022-03-24 09:14:12 net_route_v4_add: 172.24.224.0/24 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed 2022-03-24 09:14:12 net_route_v4_add: 10.1.28.0/24 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed 2022-03-24 09:14:12 net_route_v4_add: 172.24.0.0/24 via 10.200.0.129 dev [NULL] table 0 metric -1 2022-03-24 09:14:12 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-03-24 09:14:12 ERROR: Linux route add command failed ``` ... Any help is welcome, thanks in advance! Bye,
1
answers
0
votes
61
views
asked 8 months ago

Client VPN on Linux : Connection failed - sql lite error ?

The only clue is in /var/log/syslog which says > Mar 23 11:55:17 lego AWS VPN Client: SQLite error (5): database is locked in "PRAGMA max_page_count = 5000" The AWS client logs says ``` 2022-03-23 12:03:03.870 +00:00 [DBG] Inserted event UI_APP_VPN_CONNECT_GENERAL_ERROR 0 to MetricsTable 2022-03-23 12:03:03.870 +00:00 [DBG] Starting OpenVpn process 2022-03-23 12:03:04.150 +00:00 [DBG] Inserted event UI_APP_VPN_CONNECT_ATTEMPT 1 to AnalyticsTable 2022-03-23 12:03:04.151 +00:00 [DBG] Shutting down metrics agent 2022-03-23 12:03:04.151 +00:00 [DBG] Metrics agent shut down 2022-03-23 12:03:04.157 +00:00 [DBG] OvpnGtkServiceClient connected. Calling StartVpnAsync 2022-03-23 12:03:04.178 +00:00 [DBG] OvpnGtkServiceClient received OpenVPN process PID: -1 2022-03-23 12:03:04.178 +00:00 [DBG] DeDupeProcessDiedSignals: Unknown error caused OpenVPN process to not start: -1 2022-03-23 12:03:04.178 +00:00 [WRN] Acs did not stop correctly! 2022-03-23 12:03:04.178 +00:00 [ERR] Process died signal sent ACVC.Core.OpenVpn.OvpnProcessFailedToStartException: Unknown error caused OpenVPN process to not start: -1 at ACVC.Core.OpenVpn.OvpnGtkProcessManager.Start(String openVpnConfigPath, String managementPortPasswordFile, Int32 timeoutMilliseconds) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnProcessManager.cs:line 696 at ACVC.Core.OpenVpn.OvpnConnectionManager.Connect(OvpnConnectionProfile configProfile, GetCredentialsCallback getCredentialsCallback, Int32 timeout) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnConnectionManager.cs:line 861 2022-03-23 12:03:04.180 +00:00 [DBG] Received exception for connection state Disconnected. Show error message to user 2022-03-23 12:03:04.180 +00:00 [ERR] Exception received by connect window view model ACVC.Core.OpenVpn.OvpnProcessDiedException: The VPN process has stopped unexpectedly. 2022-03-23 12:03:04.539 +00:00 [DBG] Inserted event UI_APP_VPN_CONNECT_GENERAL_ERROR 1 to MetricsTable 2022-03-23 12:03:04.856 +00:00 [DBG] Inserted event UI_APP_VPN_CONNECT_GENERAL_ERROR 1 to AnalyticsTable 2022-03-23 12:03:05.212 +00:00 [DBG] Inserted event UI_APP_VPN_CONNECT_ATTEMPT_FAIL_VPN_PROCESS_DIED 1 to MetricsTable 2022-03-23 12:03:05.497 +00:00 [DBG] Inserted event UI_APP_VPN_CONNECT_ATTEMPT_FAIL_VPN_PROCESS_DIED 1 to AnalyticsTable 2022-03-23 12:03:05.497 +00:00 [DBG] Clean up connections. Connection state: Connecting 2022-03-23 12:03:05.498 +00:00 [INF] Validating schema for OpenVPN config: /home/falken/.config/AWSVPNClient/OpenVpnConfigs/AWS JumpCloud 2022-03-23 12:03:05.801 +00:00 [DBG] Inserted event CONNECTION_PROFILE_TYPE 1 to AnalyticsTable 2022-03-23 12:03:06.500 +00:00 [DBG] Caught exception when getting connection status. Exception information: System.TimeoutException: The message did not respond within the expected timeframe or was cancelled at ACVC.Core.OpenVpn.OvpnConnectionManager.SendMessage(String message, Int32 timeout, CancellationToken cancellationToken) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnConnectionManager.cs:line 1140 at ACVC.Core.OpenVpn.OvpnConnectionManager.GetConnectionStatus() in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnConnectionManager.cs:line 1228 at ACVC.Core.Metrics.MetricsClient.RecordBytesMetricsAndAnalytics(IConnectionManager connectionManager) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/Metrics/MetricsClient.cs:line 136 ``` /var/log/aws-vpn-client/falken/gtk_service_aws_client_vpn_connect_20220301.log ``` 2022-03-23 12:19:36.142 +00:00 [DBG] [TI=9] Start method called: OpenVPN validation file: /home/falken/.config/AWSVPNClient/OpenVpnConfigs/current_connection.txt, management password file: /home/falken/.config/AWSVPNClient/acvc-8096.txt 2022-03-23 12:19:36.146 +00:00 [ERR] Drive type Network not supported. 2022-03-23 12:19:36.146 +00:00 [ERR] [TI=9] Unhandled exception ACVC.Core.OpenVpn.ReferencedFilePathInvalidException: File: /home/falken/.config/AWSVPNClient/OpenVpnConfigs/current_connection.txt may be a path to an unsupported drive type, which is not allowed for security reasons at ACVC.Core.OpenVpn.OvpnConfigParser.CheckSupportedDriveType(String path) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnConfigParser.cs:line 795 at ACVC.Core.OpenVpn.OvpnConfigParser.ValidateReferencedFilePath(String path, String flag) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.Core/OpenVpn/OvpnConfigParser.cs:line 689 at ACVC.GTK.Service.DBus.OvpnGtkService.StartVpnAsync(String ovpnConfigValidationFile, String managementPortPasswordFile) in /home/ubuntu/Jenkins/workspace/GtkBuild/SecureConnectClient/ACVC.GTK.Service/DBus/OvpnGtkService.cs:line 46 ``` How can I find out what's up or what DB this is ? v2 seemed to work fine. I've purged and reinstalled the package, and renamed ~/.config/AWSVPNClient to no avail. Ubutn 20.04 LTS, all updated.
1
answers
0
votes
278
views
Tom
asked 8 months ago
2
answers
0
votes
176
views
asked 8 months ago