Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

AWS VPN Client wont open browser for SSO on MacOS

0

Our AWS VPN profile requires SSO (JumpCloud), set via auth-federate in the ovpn profile. Almost all the time when I try to connect the app will just sit there saying "Connecting...", but never opening a browser. I tried all different browsers as default one, makes no difference. About 1 in 3 attempts logoff/logon helps. The other times a full reboot is required to unstuck the app. I have tried force closing the app, browser, killing helpers. Nothing works.

Does anyone have any ideas? Latest MacOS, latest App version, M3 Macbook

The logfile below doesnt give any insights:

Platform: MacOS
App version: 5.2.1
OS version: Unix 24.5.0.0
OS description: Unix 24.5.0.0
2025-06-25 18:16:45.159 -04:00 [INF][TI=][] Logger initialized
2025-06-25 18:16:45.546 -04:00 [DBG][TI=1][] Calling helper command /Applications/AWS VPN Client/AWS VPN Client.app/Contents/Resources/AWS VPN Client/Contents/MacOS/ACVCHelperTool --killAll 
2025-06-25 18:16:45.743 -04:00 [DBG][TI=1][] /Applications/AWS VPN Client/AWS VPN Client.app/Contents/Resources/AWS VPN Client/Contents/MacOS/ACVCHelperTool stdout: Kill all success.

2025-06-25 18:16:45.744 -04:00 [DBG][TI=1][] /Applications/AWS VPN Client/AWS VPN Client.app/Contents/Resources/AWS VPN Client/Contents/MacOS/ACVCHelperTool stderr: 2025-06-25 18:16:45.717 ACVCHelperTool[13152:186314608] Kill all executed. Exit code 0
2025-06-25 18:16:45.718 ACVCHelperTool[13152:186314612] XPC connection invalid.

2025-06-25 18:16:45.747 -04:00 [DBG][TI=1][] /Applications/AWS VPN Client/AWS VPN Client.app/Contents/Resources/AWS VPN Client/Contents/MacOS/ACVCHelperTool exit code: 0
2025-06-25 18:16:46.098 -04:00 [INF][TI=1][] Loading attributes file from /Users/aaa/.config/AWSVPNClient/MetricsAttributes
2025-06-25 18:16:46.233 -04:00 [DBG][TI=1][] Metrics attributes saved to file: /Users/aaa/.config/AWSVPNClient/MetricsAttributes
2025-06-25 18:16:46.234 -04:00 [DBG][TI=1][] Database path: /Users/aaa/.config/AWSVPNClient/awsvpnclientmetrics.db
2025-06-25 18:16:46.235 -04:00 [INF][TI=1][] Loading profile store from /Users/aaa/.config/AWSVPNClient/ConnectionProfiles
2025-06-25 18:16:46.275 -04:00 [INF][TI=1][] Saving profile store to /Users/aaa/.config/AWSVPNClient/ConnectionProfiles
2025-06-25 18:16:46.298 -04:00 [DBG][TI=1][] Auto culture: en-US Auto UI culture: en-US
2025-06-25 18:16:46.300 -04:00 [DBG][TI=1][] Can successfully read and write app data folder.
2025-06-25 18:16:46.479 -04:00 [DBG][TI=1][] macOS viewDidLoad
2025-06-25 18:16:46.656 -04:00 [INF][TI=1][] Loading preferences file from /Users/aaa/.config/AWSVPNClient/Preferences
2025-06-25 18:16:46.663 -04:00 [DBG][TI=1][] Current preferences schema version is 1, which is less or equal to current supported version: 1. 
2025-06-25 18:16:46.821 -04:00 [DBG][TI=1][] Metric agent started
2025-06-25 18:16:46.914 -04:00 [DBG][TI=1][] Current metadata schema version is 1, which is less or equal to current supported version: 1. 
2025-06-25 18:16:47.072 -04:00 [DBG][TI=1][] Updater checks started
2025-06-25 18:16:52.362 -04:00 [DBG][TI=1][prod] Received adding connection manager request. Profile: prod
2025-06-25 18:16:52.364 -04:00 [INF][TI=1][prod] Connecting /Users/aaa/.config/AWSVPNClient/OpenVpnConfigs/prod
2025-06-25 18:16:52.366 -04:00 [DBG][TI=1][prod] Starting Mac network change monitoring thread
2025-06-25 18:16:52.368 -04:00 [DBG][TI=1][prod] Resetting connection metadata
2025-06-25 18:16:52.368 -04:00 [DBG][TI=1][prod] Resetting localNetworkCidrsStringForCurrentConnection
2025-06-25 18:16:52.368 -04:00 [DBG][TI=14][prod] Launching 'scutil' process
2025-06-25 18:16:52.395 -04:00 [DBG][TI=14][prod] Turning on scutil notifications
2025-06-25 18:16:52.403 -04:00 [DBG][TI=1][prod] Getting LAN CIDR and network interface mapping
2025-06-25 18:16:52.404 -04:00 [DBG][TI=1][prod] Getting all active LAN network interfaces
2025-06-25 18:16:52.413 -04:00 [DBG][TI=7][prod] Received message from scutil: <dictionary> {
2025-06-25 18:16:52.416 -04:00 [DBG][TI=7][prod] Received message from scutil:   PrimaryInterface : en9
2025-06-25 18:16:52.417 -04:00 [DBG][TI=7][prod] Received message from scutil:   PrimaryService : 782B0261-6CEE-439E-9D19-FBB42C4EC195
2025-06-25 18:16:52.418 -04:00 [DBG][TI=7][prod] Received message from scutil:   Router : 192.168.2.1
2025-06-25 18:16:52.418 -04:00 [DBG][TI=7][prod] Received message from scutil: }
2025-06-25 18:16:52.427 -04:00 [DBG][TI=1][prod] Adding Network interface name: en0 to active LAN interface list
2025-06-25 18:16:52.427 -04:00 [DBG][TI=1][prod] Adding Network interface name: en9 to active LAN interface list
2025-06-25 18:16:52.430 -04:00 [DBG][TI=1][prod] Initial localNetworkCidrsStringForCurrentConnection before connection 192.168.0.0/22
2025-06-25 18:16:52.430 -04:00 [DBG][TI=1][prod] Resetting tentative and true server IPs
2025-06-25 18:16:52.432 -04:00 [DBG][TI=1][prod] Connection state changed for CVPN endpoint id: cvpn-endpoint-0bbdeadcb37075bee
2025-06-25 18:16:52.444 -04:00 [DBG][TI=1][prod] validationString: /Users/aaa/.config/AWSVPNClient/OpenVpnConfigs/prod
1750889822
2025-06-25 18:16:52.445 -04:00 [INF][TI=1][prod] Starting OpenVpn process
2025-06-25 18:16:52.447 -04:00 [DBG][TI=1][prod] Calling helper command /Applications/AWS VPN Client/AWS VPN Client.app/Contents/Resources/AWS VPN Client/Contents/MacOS/ACVCHelperTool --init 
2025-06-25 18:16:52.449 -04:00 [DBG][TI=1][prod] Starting process
2025-06-25 18:16:52.468 -04:00 [DBG][TI=15][prod] Start to read process output
2025-06-25 18:16:52.594 -04:00 [DBG][TI=15][prod] End reading process output
2025-06-25 18:16:52.689 -04:00 [DBG][TI=1][prod] Calling helper command /Applications/AWS VPN Client/AWS VPN Client.app/Contents/Resources/AWS VPN Client/Contents/MacOS/ACVCHelperTool --start "/Users/aaa/.config/AWSVPNClient/ovpn-mgmt-prod" "/Users/aaa/.config/AWSVPNClient/OpenVpnConfigs/validation-prod" "False"
2025-06-25 18:16:52.689 -04:00 [DBG][TI=1][prod] Starting process
2025-06-25 18:16:52.716 -04:00 [DBG][TI=16][prod] Start to read process output
Topics
Networking & Content Delivery
Tags
AWS Client VPNAWS Virtual Private Network (VPN)
Language
English
asked a year ago780 views
3 Answers
0
Accepted Answer

The core problem often stems from background processes interfering with the Client VPN's ability to launch browser pop-ups.

Troubleshooting Steps:

  1. Check for Conflicting Software:

    • Look for and disable any other VPN clients running in background
    • Temporarily disable antivirus/security software, or add AWS VPN Client to exceptions
    • Check and disable any configured proxy settings

  2. Reinstallation Process:

    • Completely uninstall AWS VPN client
    • Restart your Mac
    • Install latest version to a non-default location
    • Test connection

  3. Additional Verification:

    • Test the connection from a different device to isolate if it's machine-specific
    • Check system logs for any blocking events

If these steps don't resolve the issue, it would be worth logging a case with AWS Support for further insights and in-depth troubleshooting assistance.

AWS
SUPPORT ENGINEER
answered a year ago
  • Juergen
    a year ago

    I think I'll have to talk IT if they can disable some of their "security" software, but this is not a problem isolated to just my computer, but since I can't find others with this problem it might have to-do with our computer setup.

    Thanks everyone for giving me a few new ideas. I'll post a reply here if I ever figure it out.

0

Based on the information provided, you're experiencing an issue with the AWS VPN Client not opening a browser window for SSO authentication on your M3 MacBook. This is a known issue with the AWS Client VPN when using federated authentication (SAML-based SSO).

Here are some potential solutions:

  1. Make sure your client configuration file contains the auth-federate flag. From your description, it seems it does, but it's worth double-checking.

  2. Try exporting the latest configuration file from the AWS Client VPN service and reimporting it into the AWS VPN Client application.

  3. If you're using Google Chrome as your default browser, there might be compatibility issues with recent Chrome versions and AWS Client VPN SAML authentication. Try disabling the Chrome flag "Reduce waiting time for Private Network Access preflights response" by going to chrome://flags/ in your browser.

  4. It's worth noting that the AWS VPN Client for macOS is not yet natively optimized for Apple Silicon (M-series) processors and runs through Rosetta 2 emulation, which might contribute to some instability.

  5. If the issue persists, try clearing any cached credentials or browser cookies related to your SSO provider (JumpCloud).

The intermittent nature of the issue (working after logoff/logon or reboot) suggests there might be a session or state management issue between the VPN client and the authentication process.
Sources
Troubleshooting AWS Client VPN: Client does not open browser for an endpoint — federated authentication - AWS Client VPN
Latest Google Chrome breaks AWS Client VPN SAML Auth | AWS re:Post
Native AWS VPN Client for Apple Silicon (arm64) | AWS re:Post

answered a year ago
0

1+2 was tried, and since it works after a fresh restart I doubt the profile is the problem. 3. That flag does not exists, or is hidden. I'm using Chrome v138. But this also happens when not using Chrome as default browser. 4. could be...? 5. The problem is, the VPN app doesn't even attempt to open a browser. I can make sure there is no Chrome (or Firefox or Safari or MS Edge) running, and the app will not open one for the SSO login as it should.

The original log ended where the app hangs... if the app doesn't hang it continues with:

2025-06-26 10:08:15.559 -04:00 [DBG][TI=1][prod] Calling helper command /Applications/AWS VPN Client/AWS VPN Client.app/Contents/Resources/AWS VPN Client/Contents/MacOS/ACVCHelperTool --start "/Users/aaa/.config/AWSVPNClient/ovpn-mgmt-prod" "/Users/aaa/.config/AWSVPNClient/OpenVpnConfigs/validation-prod" "False"
2025-06-26 10:08:15.559 -04:00 [DBG][TI=1][prod] Starting process
2025-06-26 10:08:15.585 -04:00 [DBG][TI=18][prod] Start to read process output
2025-06-26 10:08:16.715 -04:00 [DBG][TI=18][prod] End reading process output
2025-06-26 10:08:16.913 -04:00 [DBG][TI=1][prod] Calling helper command /Applications/AWS VPN Client/AWS VPN Client.app/Contents/Resources/AWS VPN Client/Contents/MacOS/ACVCHelperTool --isAlive "2431" "8096"
2025-06-26 10:08:16.931 -04:00 [DBG][TI=1][prod] Called isAliveProcess
2025-06-26 10:08:16.932 -04:00 [DBG][TI=1][prod] Connecting to management port: 8096
2025-06-26 10:08:16.937 -04:00 [INF][TI=1][prod] Connecting to management interface... host 127.0.0.1, port 8096
2025-06-26 10:08:16.948 -04:00 [DBG][TI=1][prod] Socket connected
2025-06-26 10:08:16.948 -04:00 [DBG][TI=1][prod] Starting to listen to management port
2025-06-26 10:08:16.951 -04:00 [DBG][TI=1][prod] Setting localNetworkCidrsStringForCurrentConnection to 192.168.0.0/22,192.168.0.0/22
2025-06-26 10:08:16.952 -04:00 [INF][TI=11][prod] Received bytes: 15
2025-06-26 10:08:16.953 -04:00 [DBG][TI=11][prod] Message marshalling complete
2025-06-26 10:08:16.954 -04:00 [DBG][TI=11][prod] CM received: ENTER PASSWORD:
2025-06-26 10:08:16.963 -04:00 [DBG][TI=11][prod] CM processsing: ENTER PASSWORD:
...

So the app clearly never tries to call the helper tool. But I checked with ps that it is running. If I kill it and restart the VPN app, it restarts it, but doesn't log the line, and of course doesn't work.

I assume there are no alternative tools that can be used?

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content