With the recent update to the AWS VPN Client to version 3.2, it has, "Added support for 'verify-x509-name' OpenVPN flag". We had setup a VPN endpoint a few months ago and it worked fine on AWS VPN Client version 3.1. We tried testing again about a week ago and we were getting TLS handshake failures. I first updated my AWS VPN client from 3.1 to 3.2 with no changes in outcome. We went down that rabbit hole of troubleshooting the TLS handshake failures to no avail. I found that new line for 'verify-x509-name' in the downloaded ovpn config. Removing that line from the config solved the connectivity issue.