Issue connecting to OpenVPN server for certificate request

[erictompkins]

We had to rebuild our OpenVPN server and we're now having timeout issues connecting to the server to set up a connection.

r:terraform-aws-openvpn

Below is the connection attempt.

aws-vault exec dev -- openvpn-admin request --aws-region us-east-1 --username [email protected] 
[openvpn-admin] INFO[2024-10-09T14:15:57-04:00] Looking up AWS username                      
[openvpn-admin] INFO[2024-10-09T14:15:57-04:00] Looking up SQS queue                         
[] INFO[2024-10-09T14:15:58-04:00] Running command: ping -D -v -s 1400 -t 2 -c 1 1.1.1.1 
PING 1.1.1.1 (1.1.1.1): 1400 data bytes
1408 bytes from 1.1.1.1: icmp_seq=0 ttl=54 time=16.473 ms

--- 1.1.1.1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 16.473/16.473/16.473/nan ms
[] INFO[2024-10-09T14:15:58-04:00] Running command: ping -D -v -s 1500 -t 2 -c 1 1.1.1.1 
PING 1.1.1.1 (1.1.1.1): 1500 data bytes
ping: sendto: Message too long

--- 1.1.1.1 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
[] INFO[2024-10-09T14:16:00-04:00] Running command: ping -D -v -s 1450 -t 2 -c 1 1.1.1.1 
PING 1.1.1.1 (1.1.1.1): 1450 data bytes
1458 bytes from 1.1.1.1: icmp_seq=0 ttl=54 time=16.862 ms

--- 1.1.1.1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 16.862/16.862/16.862/0.000 ms
[] INFO[2024-10-09T14:16:00-04:00] Running command: ping -D -v -s 1470 -t 2 -c 1 1.1.1.1 
PING 1.1.1.1 (1.1.1.1): 1470 data bytes
1478 bytes from 1.1.1.1: icmp_seq=0 ttl=54 time=19.388 ms

--- 1.1.1.1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 19.388/19.388/19.388/nan ms
[] INFO[2024-10-09T14:16:00-04:00] Running command: ping -D -v -s 1480 -t 2 -c 1 1.1.1.1 
PING 1.1.1.1 (1.1.1.1): 1480 data bytes
ping: sendto: Message too long

--- 1.1.1.1 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
[openvpn-admin] INFO[2024-10-09T14:16:02-04:00] Submitting request for new certificate to https://sqs.us-east-1.amazonaws.com/xxxxxxxxxx/openvpn-response-8aa1ce0a-866a-11ef-a8e4-faa922a1daff 
[openvpn-admin] INFO[2024-10-09T14:16:02-04:00] Waiting for response from OpenVPN server     
ERROR: Failed to receive messages on https://sqs.us-east-1.amazonaws.com/xxxxxxxxx/openvpn-response-8aa1ce0a-866a-11ef-a8e4-faa922a1daff within 300 seconds

I checked the system log for the instance through the AWS console under Actions -> Monitor & Troubleshoot -> Get system log and I noticed that there was an issue with setting up the cloudwatch logs.

ip-10-10-6-160 login: [   17.154357] cloud-init[792]: Cloud-init v. 22.2-0ubuntu1~20.04.3 running 'modules:config' at Wed, 09 Oct 2024 18:11:54 +0000. Up 16.67 seconds.

<13>Oct  9 18:11:55 user-data: Starting CloudWatch Logs Agent in VPC mgmt

<13>Oct  9 18:11:55 user-data: /var/lib/cloud/instance/scripts/part-001: line 19: /etc/user-data/cloudwatch-log-aggregation/run-cloudwatch-logs-agent.sh: No such file or directory

I also noticed this in the log:

[   17.714899] cloud-init[813]: Cloud-init v. 22.2-0ubuntu1~20.04.3 running 'modules:final' at Wed, 09 Oct 2024 18:11:55 +0000. Up 17.49 seconds.

[   17.716443] cloud-init[813]: 2024-10-09 18:11:55,395 - cc_scripts_user.py[WARNING]: Failed to run module scripts-user (scripts in /var/lib/cloud/instance/scripts)

[   17.718651] cloud-init[813]: 2024-10-09 18:11:55,395 - util.py[WARNING]: Running module scripts-user (<module 'cloudinit.config.cc_scripts_user' from '/usr/lib/python3/dist-packages/cloudinit/config/cc_scripts_user.py'>) failed

Could that be the cause? If so, any suggestions on how to fix this?

The instance is t2.medium

[gruntwork-discussion-labeler[bot]]

Please add at least one of the following repositories in your initial post (URL or plain text). Our bot will pick it up and add the corresponding label.

• r:terraform-aws-service-catalog
• r:terraform-aws-architecture-catalog
• r:terraform-aws-asg
• r:terraform-aws-vpc
• r:terraform-aws-beanstalk
• r:terraform-aws-cache
• r:terraform-aws-ci
• r:terraform-aws-ci-pipeline-example
• r:terraform-aws-cis-service-catalog
• r:terraform-aws-data-storage
• r:terraform-aws-ecs
• r:terraform-aws-eks
• r:terraform-aws-elk
• r:terraform-aws-kafka
• r:terraform-aws-lambda
• r:terraform-aws-load-balancer
• r:terraform-aws-messaging
• r:terraform-aws-mongodb
• r:terraform-aws-monitoring
• r:terraform-aws-openvpn
• r:terraform-aws-sam
• r:terraform-aws-security
• r:terraform-aws-server
• r:terraform-aws-static-assets
• r:terraform-aws-zookeeper
• r:terragrunt
• r:terratest
• r:repo-copier
• r:aperture
• r:terraform-aws-utilities
• r:kubergrunt
• r:helm-kubernetes-services
• r:patcher
• r:gruntwork

Community Guidelines
Getting help
Gruntwork documentation

[erictompkins]

The issue was that our Openvpn module was old and needed updating. We updated to use the Service Catalog OpenVPN module and that solved our issue.