Home Explore Help
Register Sign In
AFS
/
infrastructure-notes
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 883a468866
Branches Tags
infrastructure-...
/
AWS VPN Notes.md

AWS VPN Notes.md 2.6 KB
History Raw

AWS VPN Notes

The AWS VPN is a hosted VPN in the AWS cloud.

Download the client

To download the client, use the Okta Chicklet.

Add Additional Profiles

File > Manage Profiles

Saved Configuration Location

~/.config/AWSVPNClient/OpenVpnConfigs

Tweak for Infrastructure

Replace 192.168.1.0 with your home network and add to the .ovpn file and import.
route 192.168.1.0 255.255.255.0 net_gateway

(Fred's note: this shouldn't be necessary, but is also a good way to force certain networks out locally)

Troubleshooting

Issue: DNS resolution doesn't work on Ubuntu 20

By default DNS resolution doesn't work on Ubuntu. Try this command to see if it resolves the issue temporarily: `resolvectl domain tun0 "~pvt.xdrtest.accenturefederalcyber.com"

FIX: add dhcp-option DOMAIN pvt.xdrtest.accenturefederalcyber.com to your config file.

Issue: DNS resolution doesn't work, but ping works, as does direct lookups with host

Rick Page experienced this. He could connect. He could ping both public and private IP addresses. But his machine wouldn't resolve any hostnames.

Here's his fix:

I got it working. TL;DR: OS X Network stack is a jerk, refuses to update DNS servers - but destroying and recreating “Wifi service” in sys pref more than once seemed to do the trick

I think “Wifi Service” in OS X was refusing to let AWS VPN client update DNS servers. First I decided to try and manually update my DNS from comcast to opendns and noticed it always reverted back to comcast; I fought the UI to create a new Wifi service that uses Manual IP + OpenDNS – this let me ping yahoo.com but not XDR sites ofc; After recreating Wifi service with DHCP + comcast DNS (to show you my “progress” by comparing), I noticed nslookup showed me 10.40.2.X finally – so now it works! Until this point I think the client was not able to change the DNS setting, or perhaps it was even being changed back somehow

Takeaways

  1. Using DHCP wont let “me” set DNS server, they revert back automatically (but see 4)
  2. Using OpenDNS and not comcast let me ping yahoo.com but not XDR server, ofc. Thinking comcast DNS is wonky, which happens frequently.
  3. Using manual IP seemed to let me control DNS but not let AWS VPN update DNS either (but again see 4)
  4. After destroying and recreating Wifi Service (iirc, 3rd time), using DHCP + comcast DNS let me connect to the AWS VPN – critically, it updated this DNS this time, so I can access XDR network now. (Don’t update, don’t have multiple, destroy all of them completely or else OS X hangs on to old DNS setting even after VPN)