Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

AWS VPN Client cannot handle some OpenVPN options.

0

I have tested AWS VPN Client app with two versions of OpenVPN config:

  • config-a.ovpn: The ca, cert, key payloads are specified as file paths (These files definitely exist!) 
    client
dev tun
proto udp
remote cvpn-endpoint-XXXX.prod.clientvpn.us-west-2.amazonaws.com 443
remote-random-hostname
resolv-retry infinite
nobind
remote-cert-tls server
cipher AES-256-GCM
verb 3

ca /foo/bar/ca.crt
cert /foo/bar/client.crt
key /foo/bar/client.key

reneg-sec 0
  • config-b.ovpn: The ca, cert key payloads are inlined in the config file. (using xml-like tags) 
    client
dev tun
proto udp
remote cvpn-endpoint-XXXX.prod.clientvpn.us-west-2.amazonaws.com 443
remote-random-hostname
resolv-retry infinite
nobind
remote-cert-tls server
cipher AES-256-GCM
verb 3

<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>

reneg-sec 0

While the config-b.ovpn doesn't have any issue establishing connections, the config-a.ovpn causes an error message popup saying, "VPN process quit unexpectedly".

I have confirmed that config-a.ovpn itself is valid: openvpn --config config-a.ovpn has no issue.

[edit]

More infomration:

  • VPN Client app: AWS VPN Client 3.1.0
  • Operation System: macOS 12.6 (M1 max)
Themen
Vernetzung & Bereitstellung von Inhalten
Tags
AWS Virtuelles Privates Netzwerk (VPN)
Sprache
English
jinux
gefragt vor 2 Jahren968 Aufrufe
1 Antwort
0

[Hi,

I tested with the exact same configuration and it works perfectly fine. I tested in windows and pls find the snippet of the client logs.

2022-10-21 18:14:58.020 +08:00 [INF] Validating ca path: c:\Temp\ca.crt

2022-10-21 18:14:58.200 +08:00 [DBG] Validating file path: c:\Temp\ca.crt

2022-10-21 18:14:58.276 +08:00 [DBG] Backslash count: 4

2022-10-21 18:14:58.276 +08:00 [DBG] Double backslash count: 2

2022-10-21 18:14:58.277 +08:00 [INF] Validating cert path: c:\Temp\svr.crt

2022-10-21 18:14:58.277 +08:00 [DBG] Validating file path: c:\Temp\svr.crt

2022-10-21 18:14:58.333 +08:00 [DBG] Backslash count: 4

2022-10-21 18:14:58.333 +08:00 [DBG] Double backslash count: 2

2022-10-21 18:14:58.334 +08:00 [INF] Validating key path: c:\Temp\svr.key

2022-10-21 18:14:58.334 +08:00 [DBG] Validating file path: c:\Temp\svr.key>

2022-10-21 18:14:59.700 +08:00 [DBG] CM received: >LOG:1666347299,,VERIFY OK: depth=1, CN=abcservera

LOG:1666347299,,VERIFY KU OK

LOG:1666347299,,Validating certificate extended key usage

LOG:1666347299,,++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

LOG:1666347299,,VERIFY EKU OK

LOG:1666347299,,VERIFY OK: depth=0, CN=serversfsdfsf

LOG:1666347299,,Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

LOG:1666347299,I,[server] Peer Connection Initiated with [AF_INET]X.X.X.X:443

I dont see you have any issues with open vpn configuration file. since you have place the correct certificate and keys in place.

I would suggest you to look for openvpn client logs which gives you more information.

Log file location:- https://openvpn.net/vpn-server-resources/troubleshooting-client-vpn-tunnel-connectivity/]()

AWS
AWS-User-7653869
beantwortet vor 2 Jahren
  • jinux
    vor 2 Jahren

    I forgot to mention that I am using AWS VPN Client 3.1.0 as a VPN client on macOS. The link you refer to me is for OpenVPN Connect client. "/Library/Application Support/OpenVPN" directory does not exist on my machine.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt