aws-vpn-client
aws-vpn-client copied to clipboard
samm-git
Added Golang wrapper code in replacement of bash script.
This is a WIP client that will definitely need help in the setup command department. The serve command should work as expected. Please take your time reviewing the code. :)
Changes:
- One binary to serve the SAML HTTP server and to handle openvpn.
- Improved configuration support and ability to execute the binary outside of the repo by simply storing the config inside
~/.config/awsvpnclient/awsvpnclient.yml. - Improved logging.
- Setup support (WIP) that helps build the openvpn binary.
Todo atm:
- Cleanup any typos.
- Add binary validation for
servecommand before attempting to start. - General code cleanup.
- Make setup command do what it's supposed to. (I don't know ruby :upside_down_face: )
Looks great, thank you! let me play with it in the meantime...
Thanks np! I was kinda hopping you would give me the command that would run the ruby scripts so I could drop it in or anyone else for that matter. I am not a ruby dev by a small stretch. :upside_down_face: Or if you or anyone else knows of a quick/easy way of replicating your Ruby code into Go. That would work too!
Hey @samm-git! Just following up since it's been a while. Just checking in if you still would like these code changes or not or if you prefer I host the changes in their own repo? Totally understand if you have bigger things to take care of. I still use the code daily to connect for work and still would love to improve the project when I get time now and then.
Thank you for your time, @samm-git!
I'm using this PR as a daily driver for a month and it works perfectly, however I don't want to add pressure, just saying - it works 😉 Thanks to both of you for the good work!
@ajm113 and @ymatsiuk
Where should I specify my remote address i.e. cvpn-endpoint-xxxxxxxxxxxxxxx.prod.clientvpn.us-west-2.amazonaws.com?
Thanks in advance.
Thanks for the feedback @ymatsiuk and you are good, btw! Glad to hear it's working perfectly fine for you! :smiley: I would personally love to make the SAML response stuff a little more seamless like closing the browser tab after the redirect.
Hey @houneie That would actually live inside the openvpn config file per normal.
remote cvpn-endpoint-xxxxxxxxxxxxxxx.prod.clientvpn.us-west-2.amazonaws.com 443
The new Go code parses and corrects anything needed before it sends it off to openvpn.
Thanks, @ajm113. I have been using your PR since yesterday and I haven't faced any issues so far.
Just a small suggestion. I think: 1. serve CLI command should start the connection in the background 2. And there should be another stop CLI command to disconnect from the VPN I would have loved to add these capabilities myself but I am very new to go lang.
Also another thing about closing the browser tab after the redirect. I was also annoyed by this behavior and did a little digging. I don't think it will be possible, because 127.0.0.1:35001 is called by AWS SSO and we do not have any way of knowing the process ID. what are your thoughts?
Just a small suggestion. I think: 1. serve CLI command should start the connection in the background 2. And there should be another stop CLI command to disconnect from the VPN I would have loved to add these capabilities myself but I am very new to go lang.
You can try to wrap it with systemd/launchd exporting your DISPLAY variable. This way you just make systemd/launchd responsible for handling the process instead of over-complicating the tool.
Also another thing about closing the browser tab after the redirect. I was also annoyed by this behavior and did a little digging. I don't think it will be possible, because 127.0.0.1:35001 is called by AWS SSO and we do not have any way of knowing the process ID. what are your thoughts?
Closing browser tabs is NOT the goal of the tool 😄
Thanks for the input @houneie! Like @ymatsiuk mentioned, the CLI is supposed to be very simplistic, but just enough to get anyone going. So it's a little out of scope, speaking of. Not exactly sure the best method tackling the setup command or if that should be it's own project/script completely still, but I'm open to ideas.
As far as the closing the tab is concerned. After you authenticate from the third party and route to 127.0.0.1:35001. That endpoint is hosted from the cli. so in theory injecting a tiny bit of JavaScript can close the browser, but some browsers treat JavaScript code that automatically closes tabs differently. So it can easily become a headache for some or turn into one down the road. Maybe simpler just adding a link you can click that closes it. I don't think many browsers have a issue with that, but I'll need to double check.