Unable to connect VPN client

Question

We’ve been using AWS Client VPN (cvpn-endpoint-0002a30d2ab17f02b) successfully for months, but recently, all team members are getting disconnected immediately upon connecting.

Error: connection-reset

Affected across multiple locations and ISPs

Certificates are valid, and no changes were made to the .ovpn file

Here's the full JSON config of our endpoint:
{
    "ClientVpnEndpoints": [
        {
            "ClientVpnEndpointId": "cvpn-endpoint-0002a30d2ab17f02b",
            "Description": "",
            "Status": {
                "Code": "available"
            },
            "CreationTime": "2023-10-04T17:44:06",
            "DnsName": "*.cvpn-endpoint-0002a30d2ab17f02b.prod.clientvpn.us-east-2.amazonaws.com",
            "ClientCidrBlock": "10.10.0.0/22",
            "DnsServers": [
                "8.8.8.8"
            ],
            "SplitTunnel": true,
            "VpnProtocol": "openvpn",
            "TransportProtocol": "udp",
            "VpnPort": 443,
            "ServerCertificateArn": "arn:aws:acm:us-east-2:318044290348:certificate/692b331a-2e83-4a9c-acbe-22f15c7b7675",
            "AuthenticationOptions": [
                {
                    "Type": "certificate-authentication",
                    "MutualAuthentication": {
                        "ClientRootCertificateChain": "arn:aws:acm:us-east-2:318044290348:certificate/692b331a-2e83-4a9c-acbe-22f15c7b7675"
                    }
                }
            ],
            "ConnectionLogOptions": {
                "Enabled": true,
                "CloudwatchLogGroup": "vpn",
                "CloudwatchLogStream": "vpn"
            },
            "Tags": [
                {
                    "Key": "Name",
                    "Value": "livable-vpn2"
                }
            ],
            "SecurityGroupIds": [
                "sg-06868d73eb328c52e"
            ],
            "VpcId": "vpc-0c165611c7af24c09",
            "ClientConnectOptions": {
                "Enabled": false,
                "Status": {
                    "Code": "applied"
                }
            },
            "SessionTimeoutHours": 24,
            "ClientLoginBannerOptions": {
                "Enabled": false
            },
            "ClientRouteEnforcementOptions": {
                "Enforced": false
            },
            "DisconnectOnSessionTimeout": false,
            "EndpointIpAddressType": "ipv4",
            "TrafficIpAddressType": "ipv4"
        }
    ]
}
Please help me to resolve this issue. Thanks!

Best regards,
Waheed

Ejibode Ibraheem A · Answer

I have not come across this issue before..I will be waiting for the solution .

Ejibode Ibraheem A · Answer

Hi Waheed, I just saw similar question has been asked in the past...here is the link to the solutions suggested....  https://repost.aws/questions/QU9JeGhO3pQ5GzOA9reP1sjA/aws-client-vpn-frequent-disconnect-troubleshooting

re:Post Agent · Answer

Based on the information provided, there are several potential causes for your AWS Client VPN connection issues where all team members are getting disconnected immediately with a "connection-reset" error.

Here are some troubleshooting steps to help resolve this issue:

1. **Check DNS Resolution**: 
Verify that the DNS name of your VPN endpoint (*.cvpn-endpoint-0002a30d2ab17f02b.prod.clientvpn.us-east-2.amazonaws.com) is resolving correctly. DNS resolution issues can cause connection failures.

2. **IP Address Discrepancy**: 
The error might be related to a mismatch between the IP address of the connected server and the expected VPN server IP. This can happen if the public IP address of your AWS VPN endpoint has changed, especially after a restart or re-provisioning.

3. **Client Software Version**: 
Check if all team members are using the latest version of the AWS VPN Client. If some users recently upgraded to a newer version (like v5.0.0 on Mac), there might be compatibility issues with the new client version.

4. **Security Group Configuration**: 
Verify that the security group (sg-06868d73eb328c52e) associated with your VPN endpoint allows the necessary traffic. Make sure it permits UDP traffic on port 443 (as specified in your configuration).

5. **Network Changes**: 
Since the issue is affecting all team members across multiple locations and ISPs, check if there have been any recent changes to your AWS network configuration, route tables, or authorization rules.

6. **VPN Endpoint Status**: 
Although your configuration shows the endpoint status as "available," verify in the AWS console that the endpoint is truly operational and that there are no issues with the associated subnets.

7. **Certificate Validation**: 
While you mentioned certificates are valid, double-check that the server certificate and client root certificate chain (both using the same ARN in your config) haven't expired or been revoked.

8. **Clear Client Cache**: 
Have your team members try clearing any cached data related to the AWS VPN Client and recreate their connection profiles.

If these steps don't resolve the issue, you may need to contact AWS Support for further assistance, as there could be an underlying issue with the VPN endpoint itself.  
**Sources**  
[AWS VPN Client connection error | AWS re:Post](https://repost.aws/questions/QUkTm5r6RfSEmuk8sl6U2Q7A/aws-vpn-client-connection-error)  
[Troubleshooting AWS Client VPN connections with Linux-based clients - AWS Client VPN](https://docs.aws.amazon.com/vpn/latest/clientvpn-user/linux-troubleshooting.html)  
[Troubleshooting AWS Client VPN connections with Windows-based clients - AWS Client VPN](https://docs.aws.amazon.com/vpn/latest/clientvpn-user/windows-troubleshooting.html)

Unable to connect VPN client

답변 추가

관련 콘텐츠