By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS VPN Client cannot handle some OpenVPN options.

0

I have tested AWS VPN Client app with two versions of OpenVPN config:

  • config-a.ovpn: The ca, cert, key payloads are specified as file paths (These files definitely exist!) 
    client
dev tun
proto udp
remote cvpn-endpoint-XXXX.prod.clientvpn.us-west-2.amazonaws.com 443
remote-random-hostname
resolv-retry infinite
nobind
remote-cert-tls server
cipher AES-256-GCM
verb 3

ca /foo/bar/ca.crt
cert /foo/bar/client.crt
key /foo/bar/client.key

reneg-sec 0
  • config-b.ovpn: The ca, cert key payloads are inlined in the config file. (using xml-like tags) 
    client
dev tun
proto udp
remote cvpn-endpoint-XXXX.prod.clientvpn.us-west-2.amazonaws.com 443
remote-random-hostname
resolv-retry infinite
nobind
remote-cert-tls server
cipher AES-256-GCM
verb 3

<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>

reneg-sec 0

While the config-b.ovpn doesn't have any issue establishing connections, the config-a.ovpn causes an error message popup saying, "VPN process quit unexpectedly".

I have confirmed that config-a.ovpn itself is valid: openvpn --config config-a.ovpn has no issue.

[edit]

More infomration:

  • VPN Client app: AWS VPN Client 3.1.0
  • Operation System: macOS 12.6 (M1 max)
Topics
Networking & Content Delivery
Tags
AWS Virtual Private Network (VPN)
Language
English
jinux
asked 2 years ago956 views
1 Answer
0

[Hi,

I tested with the exact same configuration and it works perfectly fine. I tested in windows and pls find the snippet of the client logs.

2022-10-21 18:14:58.020 +08:00 [INF] Validating ca path: c:\Temp\ca.crt

2022-10-21 18:14:58.200 +08:00 [DBG] Validating file path: c:\Temp\ca.crt

2022-10-21 18:14:58.276 +08:00 [DBG] Backslash count: 4

2022-10-21 18:14:58.276 +08:00 [DBG] Double backslash count: 2

2022-10-21 18:14:58.277 +08:00 [INF] Validating cert path: c:\Temp\svr.crt

2022-10-21 18:14:58.277 +08:00 [DBG] Validating file path: c:\Temp\svr.crt

2022-10-21 18:14:58.333 +08:00 [DBG] Backslash count: 4

2022-10-21 18:14:58.333 +08:00 [DBG] Double backslash count: 2

2022-10-21 18:14:58.334 +08:00 [INF] Validating key path: c:\Temp\svr.key

2022-10-21 18:14:58.334 +08:00 [DBG] Validating file path: c:\Temp\svr.key>

2022-10-21 18:14:59.700 +08:00 [DBG] CM received: >LOG:1666347299,,VERIFY OK: depth=1, CN=abcservera

LOG:1666347299,,VERIFY KU OK

LOG:1666347299,,Validating certificate extended key usage

LOG:1666347299,,++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

LOG:1666347299,,VERIFY EKU OK

LOG:1666347299,,VERIFY OK: depth=0, CN=serversfsdfsf

LOG:1666347299,,Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

LOG:1666347299,I,[server] Peer Connection Initiated with [AF_INET]X.X.X.X:443

I dont see you have any issues with open vpn configuration file. since you have place the correct certificate and keys in place.

I would suggest you to look for openvpn client logs which gives you more information.

Log file location:- https://openvpn.net/vpn-server-resources/troubleshooting-client-vpn-tunnel-connectivity/]()

AWS
AWS-User-7653869
answered 2 years ago
  • jinux
    2 years ago

    I forgot to mention that I am using AWS VPN Client 3.1.0 as a VPN client on macOS. The link you refer to me is for OpenVPN Connect client. "/Library/Application Support/OpenVPN" directory does not exist on my machine.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content