Client VPN DNS stopped responding.

Question

In two separate aws accounts I work with over the last week, two client VPN connections in two separate aws accounts stopped resolving dns suddenly. Other client vpn connections are still working.

Broken Client VPN nslookups have the form:
     nslookup x.cvpn-endpoint-00XXXXXXXXXXXXX.prod.clientvpn.us-east-1.amazonaws.com
    Server:         10.0.0.2
    Address:        10.0.0.2#53

server can't find x.cvpn-endpoint-00XXXXXXXXXXXXX.prod.clientvpn.us-east-1.amazonaws.com: NXDOMAIN

Working client vpn endpoint nslookups are exactly the same:

nslookup x.cvpn-endpoint-0aYYYYYYYYYYYYY.prod.clientvpn.us-east-1.amazonaws.com
    Server:         10.0.0.2
    Address:        10.0.0.2#53
    
    Non-authoritative answer:
    Name:   x.cvpn-endpoint-0aYYYYYYYYYYYYY.prod.clientvpn.us-east-1.amazonaws.com
    Address: 3.231.196.67
    Name:   x.cvpn-endpoint-0aYYYYYYYYYYYYY.prod.clientvpn.us-east-1.amazonaws.com
    Address: 50.19.162.194
    Name:   x.cvpn-endpoint-0aYYYYYYYYYYYYY.prod.clientvpn.us-east-1.amazonaws.com
    Address: 44.195.4.192

Using other DNS servers does not work.

Answer

Check if the Status of the Client VPN Endpoint is Pending Associate. If there is no Target network associated you can see that error.

Answer

Hello,

Here are some issues related to different OS- https://docs.aws.amazon.com/vpn/latest/clientvpn-user/troubleshooting.html

Refer them for accurate troubleshooting. Also, to know in detail, your VPN client logs might help. If possible, please provide those or raise a case with AWS support and get those checked.

Also, check if certificate for AWS client VPN endpoint is not expired (reason that we need to check this is because, when cert is expired on cvpn, it will not be able to refresh the endpoint and give error)

Client VPN DNS stopped responding.

Relevant content