AWS Client VPN User Inactivity Timeout


Hi All,

Is there an option to set inactivity timeout for clients connected via AWS Client VPN for a specific duration (say 45 minutes). To keep the billing costs low, its very essential.

I found an older thread with similar question but there are no answers in it -

I tried some options to configure it in the client ovpn file. I tried setting below property

inactive 120

It didn't work but when I used a very small value for it (4 seconds instead of 120 seconds) it was working.
Does anyone knows a way in which it could be set on the AWS side so that inactive clients get disconnected

asked 4 years ago2365 views
6 Answers

I am also looking for a solution for this. I tried inactive in the opvn file in aws clientvpn software but it doesn't allow me to have this option.
What software do you use?
did you add inactive option in the opvn file or somewhere else?

Thank you:)

answered 3 years ago

I'll add my plea to enable custom time-out settings. The additional cost is prohibitive.


answered 3 years ago

latest version of the vpn client supports inactive per the release notes

Seems i still had traffic on the connection so i set the bytes to something high
inactive 120 1000000000 and tested. this worked

I'm also curious if this can be controlled with the Session duration in AWS SSO or some other IDP

answered 3 years ago
  • I see the maximum timeout feature, but no idle timeout feature for Client VPN Endpoints.


Hello and thanks for writing in.

The AWS Client VPN servers default timeout is 24 hours and does not support custom configuration as yet but this is in the works. The only way to do this for the moment is via the .ovpn file and the configuration and results may vary depending on the OS and the actual client in use and the recommended approach is to set the value in the .ovpn file and test it to see if it works.

answered 3 years ago
0 there any chance you could send me the actual syntax you are using please?
Obviously redact the majority of it...I'd just like to see the text that references the timeout specifically and where it appears in the OVPN file. I'd really appreciate it

answered 3 years ago

I find the AWS response ... atrocious. The default inactive setting means $525/year/user for any user that mostly leaves their computer on (5¢/hour for a year).

On macOS I find this format works:

inactive 600 [128]

Where [128] means 128 bytes or less coming in over 600 seconds will cause the system to disconnect.

(I'd love to figure out a similar setting that would have the VPN to reconnect if the user tries to access the VPN's networks, but so far, have not.)

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions