Since 6th Feb, our AWS Clients have been generating errors such as
2023-02-06 10:33:48.752 +00:00 [DBG] >LOG:1675679628,N,RESOLVE: Cannot resolve host address: xxxxxxxxxxxx.cvpn-endpoint-xxxxxxxxxxxx.prod.clientvpn.eu-west-1.amazonaws.com:443 (No such host is known. )
We have upgraded the AWS Client installs but get the same error. I also get cannot resolve errors in CloudShell.
Our AWS accounts do not have any support, is there a way I can raise this with AWS?
New client endpoints also have the same error
This self-resolved. Possibly an issue at Amazon's end with DNS
Related
I'm trying to create a AWS Client VPN endpoint. I followed this AWS tutorial and I always get a timeout error like this:
DNS resolution error: 30 times.
I'm not sure what to do, I saw some videos on this topic and it seems I did everything correctly, does anyone know how to debug this? (or what could be the cause)?
This is really stupid. I tried to check IPs for my endpoint
host *.cvpn-endpoint-XXXX.prod.clientvpn.[region].amazonaws.com
and
host cvpn-endpoint-02aa72c3aa8d442d6.prod.clientvpn.eu-west-1.amazonaws.com
and both failed. As described in this response, you need to add a random subdomain. By adding this on the .ovpn file (on the remote parameter), it works!
I'm having an issue configuring a site to site vpn from GCP to Fortigate.
I'm configuring a 1 tunnel HA VPN as a test before building in production.
My fortigate is behind an external fireawll, IPSEC vpn is configure with NAT.
According to debugs on the Fortigate, Phase 1 and Phase 2 are negotiated and established, Fortigate sends AUTH_RESPONSE and gets reply from the GCP side saying AUTHENTICATION_FAILED.
The status on GCP side is showing:
First Handshake. Allocating resources. VPN tunnel will start soon.
Has anyone any ideas why im getting AUTHENTICATION_FAILED on GCP side?
Thanks
Gerard
Not knowing exactly what the issue may be I would suggest looking at these two Google Public documents. This link describes how to use HA VPN with Fortigate, and this link is a setup guide. Within these two documents you should be able to configure your authentication to work with GCP.
Yes, this has been a known issue for quite some time. FortiOS 6.4.6 did add a field called "Local ID" to override the default IP address, but unfortunately it incorrectly sets the identity type as FQDN and Google will reject the VPN session for that reason. I reported this to FortiGate over a year ago and they were unwilling to accept it as a bug, instead saying I needed to sign a large contract and then make a feature request.
Currently, the only workaround is to give the FortiGate a public IP address. Or, use AWS as they'll accept the private IP.
I am a developer trying to help a customer who has lost their root access information. I have full access except for root access. I have developed a webhook that communicates between a catalog sales site and their CRM site.
It was working fine, until suddenly it started getting 500 error codes. I tracked down that it was because the SSL certificate has expired. How do I find out what SSL certificates exist and how to fix this problem.
One difficulty is that in order to request technical help, I must upgrade the support plan, which I am willing to do, but can only do this from the root access account. In addition, I can't ask a question about how to reset the root account access unless I have the support plan.
We have the account number, BTW. We are running an EC2 instance on an AWS Linux server. Pointers to how to either get paid help or reset root access would be appreciated.
SSL certificates will be in one of 2 places:
ACM for either CloudFront Distributions or Elastic Load Balancers.
Locally on an EC2 Server if you connect directly to server.
If you need to connect to the EC2 server you will need to be able to connect via SSH or RDP depending on OS.
Regarding getting root access, you will need to attempt account recovery via AWS support. You'll be expected to provide proof that you own the account before they can reset these credentials for you.
Found out destination needed to purchase a new certificate and all was well. I thought the problem was on the sending end, but it was actually on the receiving.
I set AWS Client VPN Endpoint, and downloaded opvn file, configured it to refer to cert/key files and connected to AWS RDS.
It used to success connecting yesterday, but today, after re-installing ESET security app
It shows the following error when I trying connecting with MySQL client app:
ERROR 2005 (HY000): Unknown MySQL server host 'myrds.something.ap-northeast-1.rds.amazonaws.com' (0)
I am not sure how to detect the cause of the error. If I configured RDS settings to pubilc, the error above not shown and just waiting for minutes...
(maybe I guess some DNS settings overriden by ESET? )
You can easily debug the problem:
AWS Client VPN Endpoint, You can see the active connection. See if you are connected to it or not.
Do you restarted or reinstall RDS also, Because it will change the URL to connect.
Is username/password of DB is changed.
If RDS is in public setting you don't even need a VPN connection.
Also as suggested above check VPN to RDS VPC Route.
Thanks,
AB
here are some troubleshooting steps.
When you connect your VPN:
Check if it's pushing the DNS server address via DHCP configuration
Check if new routes are added to your route table. you can do "route print" in the windows command line
Hope this helps.
New to AWS and AWS CLI, I have installed and configured the AWS CLI, and I am simply trying to list the buckets in S3, but I am behind a proxy.
How do I troubleshoot and resolve and the following error?
C:\Users\MyUserName\Desktop >aws s3 ls
HTTPSConnectionPool(host='s3.us-east-2.amazonaws.com', port=443): Max retries exceeded with url: / (Caused by ProxyError('Cannot connect to proxy.', error(10060, 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond')))
The only troubleshooting step I have attempted is to Set the HTTP_PROXY and HTTPS_PROXY variables to my IP on port 80.
The key to using the AWS CLI behind a proxy is to configure two environment variables.
The IP address is the address of your proxy server, which is probably not your local IP. Consult with your network administrator to get the correct IP address and basic authentication parameters.
Chrome, IE, etc. support proxy servers, so you may already have these parameters setup in your browser. For Chrome go to settings and search for Open proxy settings. Similar technique for other browsers.
For Windows:
set HTTP_PROXY=http://a.b.c.d:n
set HTTPS_PROXY=http://w.x.y.z:m
Or for basic authentication:
set HTTP_PROXY=http://username:password#a.b.c.d:n
set HTTPS_PROXY=http://username:password#w.x.y.z:m
For Linux, macOS, or Unix:
export HTTP_PROXY=http://a.b.c.d:n
export HTTPS_PROXY=http://w.x.y.z:m
Or for basic authentication:
export HTTP_PROXY=http://username:password#a.b.c.d:n
export HTTPS_PROXY=http://username:password#w.x.y.z:m
Using an HTTP Proxy