How do I configure multiple users to use the same Client VPN endpoint?

2 minute read

I want to configure multiple users to use the same AWS Client VPN endpoint. I need to identify the user that's connected to the endpoint so that I can make access changes to the correct user.

Resolution

To configure multiple users to use the same Client VPN endpoint, complete the following steps:

Create a Client VPN endpoint.

To generate a unique client-side certificate for each user, run the following commands:

./easyrsa build-client-full user1.example.com nopass 
./easyrsa build-client-full user2.example.com nopass

Note: Replace user1 and user2 with your user information. Run the command for every user that you want to access the endpoint.

To retrieve the contents of the certificate (.crt) files for your users, run the following commands:

sudo cat user1.example.com.crt            
sudo cat user2.example.com.crt

To retrieve the contents of the key files for your users, run the following commands:

sudo cat user1.example.com.key            
sudo cat user2.example.com.key

Add the raw content of the .crt and .key files to each of the users in the Client VPN configuration files. Users store this file locally. Use the <cert></cert> and <key></key> identifiers directly following the </ca> line within the Client VPN configuration file. Or, specify the .crt and .key file paths, as shown in the following example:
```
cert /Users/username/Downloads/*.crt    
key /Users/username/Downloads/*.key
```
Note: Replace username with your client's username. If the .crt and .key file isn't located in /Users/username/Downloads, then update the path.
Save the configuration files. Then, provide the files to each user to use to connect to the Client VPN endpoint.

After you connect to the Client VPN endpoint, complete the following steps:

Open the Amazon Virtual Private Cloud (Amazon VPC) console.
In the navigation pane, under Virtual private network (VPN), choose Client VPN endpoints.
Select the Client VPN endpoint.
Choose the Connections tab, and then choose Common name. You can see the TLS certificates on the tab. The certificates begin with each user's name.
(Optional) Configure client certificate revocation lists (CRLs) to block or revoke access to specific client certificates. If you add a client's certificate to a CRL, then Client VPN revokes the client's access to the endpoint.

Related information

Mutual authentication in AWS Client VPN

Topics: Networking & Content Delivery
Tags: AWS Client VPN AWS Virtual Private Network (VPN)
Language: English

Relevant content

How can I configure multiple users to use the same Client VPN endpoint?
Accepted Answer
Ashutosh Pandey
asked 2 years ago
Prevent Multiple Device Connections Using the Same Profile for AWS Client VPN
saini
asked a year ago
Why Can't I Associate Multiple Client VPN Endpoints in the Same Availability Zone?
Accepted Answer
rePost-User-4132807
asked 3 years ago
How to configure AWS Client VPN users to have outbound Elastic (fixed) IP when connecting to resources outside of the Client VPN associated VPC?
Accepted Answer
AWS-User-0672544
asked 5 years ago
Using client vpn with Okta, session re-authenticates multiple times throughout the day
niv-the-dev
asked 4 years ago
How do I resolve resource records in my private hosted zone using Client VPN?
AWS OFFICIALUpdated 3 years ago
How does DNS work with my AWS Client VPN endpoint?
AWS OFFICIALUpdated 6 months ago
How do I provide my Client VPN users with access to AWS resources?
AWS OFFICIALUpdated a year ago
How do I use the AWS CLI to configure a Client VPN?
AWS OFFICIALUpdated 2 years ago
Usage of Security Group associated with AWS Client VPN
EXPERT
Karthikiran Ilango
published 2 years ago

How do I configure multiple users to use the same Client VPN endpoint?

Resolution

Related information

Related videos

Relevant content