VPN Connectivity IssueJune 02, 2020 10:40 a.m.
05/30/2020 11:12 am
New VPN logins could not be established.
Connection attempts using the VPN client would fail with an error message.
05/30/2020 8:16 am - 05/30/2020 11:12 am
Impact to Mason:
All users on all 3 campuses were affected by the intermittent VPN issues. New VPN logins could not be established.
Virtual Private Network (VPN)
Other Affected Services:
All services requiring VPN to allow access.
ROOT CAUSE ANALYSIS
The DuoProxy talks to mesa-ldap.gmu.edu which is a VIP on the F5 that talks to the AD domain controllers. An InCommon certificate is used, and the DuoProxy was using an intermediate chain that had expired.
Updated the chain file in/opt/duoauthproxy/conf/incommon-ssl.ca-bundle, also patched and rebooted the proxy servers. This resolved that issue.
Update certificate prior to expiration date.