VPN Connectivity Issue
June 02, 2020 10:40 a.m.Outage category:
VPN
Location:
All Campuses
Status:
Open
Resolved alert:
05/30/2020 11:12 am
New VPN logins could not be established.
Initial symptoms:
Connection attempts using the VPN client would fail with an error message.
Duration:
05/30/2020 8:16 am - 05/30/2020 11:12 am
Impact to Mason:
All users on all 3 campuses were affected by the intermittent VPN issues. New VPN logins could not be established.
Affected Services:
Virtual Private Network (VPN)
Other Affected Services:
All services requiring VPN to allow access.
ROOT CAUSE ANALYSIS
Cause:
The DuoProxy talks to mesa-ldap.gmu.edu which is a VIP on the F5 that talks to the AD domain controllers. An InCommon certificate is used, and the DuoProxy was using an intermediate chain that had expired.
Resolution:
Updated the chain file in/opt/duoauthproxy/conf/incommon-ssl.ca-bundle, also patched and rebooted the proxy servers. This resolved that issue.
Prevention:
Update certificate prior to expiration date.
STATISTICS
Service Team:
NSENG