VPN Connectivity Issue

Outage category: 
VPN
Location: 
All Campuses
Status: 
Open
Resolved alert: 
05/30/2020 11:12 am

New VPN logins could not be established.

Initial symptoms: 

Connection attempts using the VPN client would fail with an error message.

Duration: 
05/30/2020 8:16 am - 05/30/2020 11:12 am
Impact to Mason: 

All users on all 3 campuses were affected by the intermittent VPN issues. New VPN logins could not be established.

Affected Services: 
Virtual Private Network (VPN)
Other Affected Services: 
All services requiring VPN to allow access.
ROOT CAUSE ANALYSIS
Cause: 

The DuoProxy talks to mesa-ldap.gmu.edu which is a VIP on the F5 that talks to the AD domain controllers. An InCommon certificate is used, and the DuoProxy was using an intermediate chain that had expired.

Resolution: 

Updated the chain file in/opt/duoauthproxy/conf/incommon-ssl.ca-bundle, also patched and rebooted the proxy servers.  This resolved that issue.

Prevention: 

Update certificate prior to expiration date.

STATISTICS
Service Team: 
NSENG