WSS Agent running on Windows, along with an AWS VPN client
AWS VPN server domain bypassed from WSS using AWS VPN domain bypass
Users have no problems connecting but cannot stay connected for more than 60 minutes
Users seeing VPN client disconnects to AWS VPN server after between 30 to 60 minutes
VPN logs reported the following errors:
(T1112)Info (1042): 04/12/21 21:27:05:502 --Too many outstanding keepalive and no response from GP gateway, disconnect tunnel
(T1112)Info ( 534): 04/12/21 21:27:05:502 VPN timeout due to keepalive, get out of ProcMonitor
(T9904)Info (4653): 04/04/21 20:27:06:956 ConnectSSL: Failed to connect to '208.127.214.103:443'
(T9904)Info (4689): 04/04/21 20:27:06:957 ConnectSSL(FALSE) failed
WSS Agent on Windows
AWS VPN client on same host connecting to AWS VPN server
DNS TTL for bypassed domain expired and traffic sent into WSS tunnel by agent
Add WSS Application level bypass for AWS VPN client (available in WSS Agent 7.3.x)
Should have used IP address bypass but the range of AWS VPN server IP addresses is enormous. Used DNS bypass instead but had issues.
- Confirmed from PCAP that traffic bypassed WSS
- Identified the VPN server IP address
- Filtering traffic on this IP address, we can see an OpenVPn tunnel to the destination, whose SSL cert matches the customer
- We can clearly see data exchanged in both directions up to a certain point, where we only see requests from the VPN server to the client, but no response at all from the client side … as shown below.
- From the WSS Agent logs support has access to, we can see a change in the DNS status at the time. By removing the IP address from the bypass list, the inbound traffic from VPN was rejected and the outbound traffic was sent into the tunnel causing the disconnect.
krn dns.cpp 830 IsBypassed 00002F2C 000058FC 2 01/14/2022-18:40:19.8625806 Debug Found bypassed IP 54.80.x.x
krn app-driver_win.cpp 3146 OutboundIPPacketClassify 00002F2C 000058FC 2 01/14/2022-18:40:19.8625808 Debug passthru 54.80.x.x due to domain bypass
krn dns.cpp 1271 IsExpired 00002F2C 000058FC 8 01/14/2022-18:40:20.1253883 Debug Deleting expired DNS Bypass IP 54.80.x.x
krn dns.cpp 1271 IsExpired 00002F2C 000058FC 8 01/14/2022-18:40:20.1253886 Debug Deleting expired DNS Bypass IP 54.80.x.x
krn app-driver_win.cpp 3239 OutboundIPPacketClassify 00002F2C 000058FC 8 01/14/2022-18:40:20.1253901 Debug Found UDP packet, route = 192.168.86.26:57821 -> 54.80.x.x:443
krn app-driver_win.cpp 3239 OutboundIPPacketClassify 00002F2C 000058FC 8 01/14/2022-18:40:20.1569829 Debug Found UDP packet, route = 192.168.86.26:57821 -> 54.80.x.x:443