Open Elshirak opened 4 hours ago
Everything looks good at openvpn-auth-oauth2 side.
Just OpenVPN3 has issues to open a browser.
How you start OpenVPN3? Via Command Line? Could you also try to run this command on you command like?
python -m webbrowser "https://example.com"
Please mention that the issue must be somewhere at OpenVPN3 and I would recommend to use the official OpenVPN Connect client rather than the open source CLI client.
Howhever, in OpenVPN-server logs there is different URL, simular to base URL in plugin config.
The openvpn-auth-oauth2 will always generate a URL to openvpn-auth-oauth2 itself for some pre-flight checks. Additional, openvpn-auth-oauth2 initiate the session login flow and will redirect to keycloak. But openvpn-auth-oauth2 must be reachable outside of the VPN.
Problem Statement
Now I'm facing a another issue: OpenVPN-client doesn't open browser for auth and URL generated by plugin(correct) is differ to URL I see in server's logs. Howhever, the logs of a client contain:
The link to Keycloak is being created on a
penvpn-auth-oauth2
side, I can see it in logs, it's correct. Howhever, in OpenVPN-server logs there is different URL, simular to base URL in plugin config. Maybe I need to specifyclient-pending-auth
in server config? Can you give an example of using thise parameter, please? I don't understand from documentation which variables I should use.Another reason - misconfigured openvpn-auth-oauth2 plugin. Have a look at my configs:
cat /etc/openvpn/server/server.conf
cat /etc/openvpn-auth-oauth2/config.yaml
cat /etc/openvpn/client.conf
openvpn-auth-oauth2 logs
Environment
openvpn-auth-oauth2.x86_64 1.22.1-1
Amazon Linux release 2023.5.20241001 (Amazon Linux)
openvpn2 --config /etc/openvpn/client.conf
to start session