AWS VPN to multiple accounts with saml authentication
CASE aws vpn client on mac:
CASE aws vpn client on fedora linux (copr vorona/aws-rpm-packages) && client machine is connected to generic network:
CASE aws vpn client on fedora linux (copr vorona/aws-rpm-packages) && client machine is connected to mobile hostspot:
anybody has any idea whay this might happen?
when on fedora linux I can connect to private resources regardless of which wifi/cabled connection my client machine is connected to
found the solution in the official documentation
Cause
The client interacts with systemd-resolved, a service available on Linux systems, which serves as a central piece of DNS management. It is used to configure DNS servers that are pushed from the ClientVPN endpoint. The problem occurs because systemd-resolved doesn't set the highest priority to DNS servers that are provided by the ClientVPN endpoint. Instead, it appends the servers to the existing list of DNS servers that are configured on the local system. As a result, the original DNS servers might still have the highest priority, and therefore be used to resolve DNS queries.
Solution
Add the following directive on the first line of the OpenVPN config file, to make sure that all DNS queries are sent to the VPN tunnel.
dhcp-option DOMAIN-ROUTE .
I find it weird that the behaviour changes depending on which access point i am connected to, but I won't complain ;). If anybody has an Idea as to why this might happen I am very curious.