Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Client VPN connection error after upgrading to AWS VPN Client v5.0.0 on Mac

0

We have a Client VPN configuration which has been working just fine. Upgrading to the Mac client v5.0.0 generates an "unknown error" when trying to connect. Rolling back to v4.1.0 works fine with the same configuration file. The logs on a failed connection with the v5.0.0 client say:

2025-01-22 11:00:41.861 +00:00 [DBG][TI=1][ProfileName] Received adding connection manager request. Profile: ProfileName
2025-01-22 11:00:41.862 +00:00 [INF][TI=1][ProfileName] Connecting /Users/username/.config/AWSVPNClient/OpenVpnConfigs/ProfileName
2025-01-22 11:00:41.887 +00:00 [DBG][TI=1][ProfileName] validationString: /Users/username/.config/AWSVPNClient/OpenVpnConfigs/ProfileName
1737543651
2025-01-22 11:00:41.888 +00:00 [DBG][TI=1][ProfileName] Starting Mac network change monitoring thread
2025-01-22 11:00:41.889 +00:00 [DBG][TI=1][ProfileName] Resetting connection metadata
2025-01-22 11:00:41.889 +00:00 [DBG][TI=1][ProfileName] Resetting localNetworkCidrsStringForCurrentConnection
2025-01-22 11:00:41.889 +00:00 [DBG][TI=1][ProfileName] Getting LAN CIDR and network interface mapping
2025-01-22 11:00:41.889 +00:00 [DBG][TI=1][ProfileName] Getting all active LAN network interfaces
2025-01-22 11:00:41.890 +00:00 [DBG][TI=173][ProfileName] Launching 'scutil' process
2025-01-22 11:00:41.891 +00:00 [DBG][TI=1][ProfileName] Adding Network interface name: en0 to active LAN interface list
2025-01-22 11:00:41.891 +00:00 [DBG][TI=1][ProfileName] Initial localNetworkCidrsStringForCurrentConnection before connection 192.168.0.0/24
2025-01-22 11:00:41.891 +00:00 [DBG][TI=1][ProfileName] Resetting tentative and true server IPs
2025-01-22 11:00:41.891 +00:00 [DBG][TI=1][ProfileName] Connection state changed for CVPN endpoint id: cvpn-endpoint-id
2025-01-22 11:00:41.893 +00:00 [INF][TI=1][ProfileName] Starting OpenVpn process
2025-01-22 11:00:41.893 +00:00 [DBG][TI=1][ProfileName] Calling helper command /Applications/AWS VPN Client/AWS VPN Client.app/Contents/Resources/AWS VPN Client/Contents/MacOS/ACVCHelperTool --init
2025-01-22 11:00:41.893 +00:00 [DBG][TI=1][ProfileName] Starting process
2025-01-22 11:00:41.973 +00:00 [DBG][TI=174][ProfileName] Start to read process output
2025-01-22 11:00:41.973 +00:00 [DBG][TI=173][ProfileName] Turning on scutil notifications
2025-01-22 11:00:42.116 +00:00 [DBG][TI=174][ProfileName] End reading process output
2025-01-22 11:00:42.177 +00:00 [DBG][TI=1][ProfileName] Calling helper command /Applications/AWS VPN Client/AWS VPN Client.app/Contents/Resources/AWS VPN Client/Contents/MacOS/ACVCHelperTool --start /Users/username/.config/AWSVPNClient/ovpn-mgmt-ProfileName /Users/username/.config/AWSVPNClient/OpenVpnConfigs/validation-ProfileName False
2025-01-22 11:00:42.177 +00:00 [DBG][TI=1][ProfileName] Starting process
2025-01-22 11:00:42.205 +00:00 [DBG][TI=178][ProfileName] Start to read process output
2025-01-22 11:00:42.223 +00:00 [DBG][TI=178][ProfileName] End reading process output
2025-01-22 11:00:42.308 +00:00 [ERR][TI=1][ProfileName] Unhandled exception on attempt to connect.
Newtonsoft.Json.JsonReaderException: Unexpected character encountered while parsing value: T. Path '', line 0, position 0.
  at Newtonsoft.Json.JsonTextReader.ParseValue () [0x002b3] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at Newtonsoft.Json.JsonTextReader.Read () [0x0004c] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at Newtonsoft.Json.JsonReader.ReadAndMoveToContent () [0x00000] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at Newtonsoft.Json.JsonReader.ReadForType (Newtonsoft.Json.Serialization.JsonContract contract, System.Boolean hasConverter) [0x0004a] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize (Newtonsoft.Json.JsonReader reader, System.Type objectType, System.Boolean checkAdditionalContent) [0x000db] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at Newtonsoft.Json.JsonSerializer.DeserializeInternal (Newtonsoft.Json.JsonReader reader, System.Type objectType) [0x00054] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at Newtonsoft.Json.JsonSerializer.Deserialize (Newtonsoft.Json.JsonReader reader, System.Type objectType) [0x00000] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at Newtonsoft.Json.JsonConvert.DeserializeObject (System.String value, System.Type type, Newtonsoft.Json.JsonSerializerSettings settings) [0x0002d] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at Newtonsoft.Json.JsonConvert.DeserializeObject[T] (System.String value, Newtonsoft.Json.JsonSerializerSettings settings) [0x00000] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at Newtonsoft.Json.JsonConvert.DeserializeObject[T] (System.String value) [0x00000] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at ACVC.Core.DataModels.MacHelperDaemonStartResult.Deserialize (System.String resultString) [0x00000] in <4d0357af26a041f9a1bf350782073f2c>:0
  at ACVC.Core.Client.Osx.MacHelperAppResponseParser.ParseStartCommandOutput (System.String startStdout) [0x00018] in <4d0357af26a041f9a1bf350782073f2c>:0
  at ACVC.Core.Client.Osx.HelperToolUtil.StartOpenVpnAsync (System.String ovpnMgmtPortPasswordFilePath, System.String validationFilePath, System.Boolean shouldSkipDns) [0x0008c] in <4d0357af26a041f9a1bf350782073f2c>:0
  at ACVC.Core.OpenVpn.OvpnOsxProcessManager.Start (System.String validationFilePath, System.String ovpnMgmtPortPasswordFilePath, System.Boolean shouldSkipDns, System.Int32 timeoutMilliseconds) [0x0019d] in <4d0357af26a041f9a1bf350782073f2c>:0
  at ACVC.Core.OpenVpn.OvpnConnectionManager.ConnectWithLockAsync (ACVC.Core.GetCredentialsCallback getCredentialsCallback, System.String clientConfigPath) [0x00278] in <4d0357af26a041f9a1bf350782073f2c>:0
  at ACVC.Core.OpenVpn.OvpnConnectionManager.Connect (ACVC.Core.GetCredentialsCallback getCredentialsCallback, System.Int32 timeout) [0x00152] in <4d0357af26a041f9a1bf350782073f2c>:0
2025-01-22 11:00:42.309 +00:00 [DBG][TI=1][ProfileName] Received remove connection manager request. Profile: ProfileName
2025-01-22 11:00:42.309 +00:00 [DBG][TI=1][ProfileName] Stopping DNS monitoring thread
2025-01-22 11:00:42.309 +00:00 [DBG][TI=1][ProfileName] Releasing DNS monitoring lock
2025-01-22 11:00:42.309 +00:00 [DBG][TI=1][ProfileName] Stopping network change monitoring thread
2025-01-22 11:00:42.309 +00:00 [DBG][TI=1][ProfileName] Releasing network change monitoring lock
2025-01-22 11:00:42.309 +00:00 [DBG][TI=173][ProfileName] Turning off scutil notifications
2025-01-22 11:00:42.309 +00:00 [DBG][TI=1][ProfileName] Connection state changed for CVPN endpoint id: cvpn-endpoint-id
2025-01-22 11:00:42.310 +00:00 [DBG][TI=1][ProfileName] Received exception for connection state Disconnected. Show error message to user
2025-01-22 11:00:42.310 +00:00 [ERR][TI=1][ProfileName] Exception received by connection view controller
Newtonsoft.Json.JsonReaderException: Unexpected character encountered while parsing value: T. Path '', line 0, position 0.
  at Newtonsoft.Json.JsonTextReader.ParseValue () [0x002b3] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at Newtonsoft.Json.JsonTextReader.Read () [0x0004c] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at Newtonsoft.Json.JsonReader.ReadAndMoveToContent () [0x00000] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at Newtonsoft.Json.JsonReader.ReadForType (Newtonsoft.Json.Serialization.JsonContract contract, System.Boolean hasConverter) [0x0004a] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize (Newtonsoft.Json.JsonReader reader, System.Type objectType, System.Boolean checkAdditionalContent) [0x000db] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at Newtonsoft.Json.JsonSerializer.DeserializeInternal (Newtonsoft.Json.JsonReader reader, System.Type objectType) [0x00054] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at Newtonsoft.Json.JsonSerializer.Deserialize (Newtonsoft.Json.JsonReader reader, System.Type objectType) [0x00000] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at Newtonsoft.Json.JsonConvert.DeserializeObject (System.String value, System.Type type, Newtonsoft.Json.JsonSerializerSettings settings) [0x0002d] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at Newtonsoft.Json.JsonConvert.DeserializeObject[T] (System.String value, Newtonsoft.Json.JsonSerializerSettings settings) [0x00000] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at Newtonsoft.Json.JsonConvert.DeserializeObject[T] (System.String value) [0x00000] in <7ca8898b690a4181a32a9cf767cedb1e>:0
  at ACVC.Core.DataModels.MacHelperDaemonStartResult.Deserialize (System.String resultString) [0x00000] in <4d0357af26a041f9a1bf350782073f2c>:0
  at ACVC.Core.Client.Osx.MacHelperAppResponseParser.ParseStartCommandOutput (System.String startStdout) [0x00018] in <4d0357af26a041f9a1bf350782073f2c>:0
  at ACVC.Core.Client.Osx.HelperToolUtil.StartOpenVpnAsync (System.String ovpnMgmtPortPasswordFilePath, System.String validationFilePath, System.Boolean shouldSkipDns) [0x0008c] in <4d0357af26a041f9a1bf350782073f2c>:0
  at ACVC.Core.OpenVpn.OvpnOsxProcessManager.Start (System.String validationFilePath, System.String ovpnMgmtPortPasswordFilePath, System.Boolean shouldSkipDns, System.Int32 timeoutMilliseconds) [0x0019d] in <4d0357af26a041f9a1bf350782073f2c>:0
  at ACVC.Core.OpenVpn.OvpnConnectionManager.ConnectWithLockAsync (ACVC.Core.GetCredentialsCallback getCredentialsCallback, System.String clientConfigPath) [0x00278] in <4d0357af26a041f9a1bf350782073f2c>:0
  at ACVC.Core.OpenVpn.OvpnConnectionManager.Connect (ACVC.Core.GetCredentialsCallback getCredentialsCallback, System.Int32 timeout) [0x00152] in <4d0357af26a041f9a1bf350782073f2c>:0
2025-01-22 11:00:42.312 +00:00 [DBG][TI=173][ProfileName] scutil quitted
2025-01-22 11:00:42.312 +00:00 [INF][TI=1][] Validating schema for OpenVPN config: /Users/username/.config/AWSVPNClient/OpenVpnConfigs/ProfileName

The fact that the same config file works with v4.1.0 would indicate that the file isn't broken, and newly downloaded copies of the config from both the self service portal and the AWS VPN console have no effect. My Mac is running Sonoma 14.7 (23H124).

The Client VPN is configured to use SSO with MFA from our Entra tenant.

Any ideas on what's going wrong and how I might fix it?

Topics
Networking & Content Delivery
Tags
AWS Client VPN
Language
English
asked 10 months ago478 views
2 Answers
1
Accepted Answer

The issue you're experiencing with AWS VPN Client v5.0.0 on Mac appears to be related to a JSON parsing error when the client attempts to start the OpenVPN process. This is evident from the error message in the logs:

"Unexpected character encountered while parsing value: T. Path '', line 0, position 0."

This suggests that the client is expecting a JSON response from the helper tool, but is receiving something else instead. The fact that v4.1.0 works with the same configuration indicates that this is likely a bug in the new version of the AWS VPN Client rather than an issue with your configuration or the Client VPN endpoint itself.

To address this issue, you could try the following steps:

  1. Ensure that you have the latest version of the AWS VPN Client installed. Sometimes, issues like this are quickly identified and fixed in subsequent releases.

  2. Clear any cached data or settings related to the AWS VPN Client. You might try removing the ~/.config/AWSVPNClient directory (after backing it up) and reinstalling the client.

  3. Check if there are any known issues or recent updates for the AWS VPN Client v5.0.0 on the AWS forums or documentation.

  4. If the issue persists, you may need to temporarily roll back to v4.1.0 until a fix is available.

  5. Report this issue to AWS support, providing them with the logs and details about your setup. They may be able to provide a specific fix or workaround for this version.

Given that the configuration works with the older version and the error is related to JSON parsing, it's likely that this is a bug in the new client version rather than an issue with your setup or the Client VPN endpoint configuration.
Sources
Can not connect to AWS VPN Client "Unknown error occurred. Try again" | AWS re:Post
Troubleshooting AWS Client VPN connections with macOS clients - AWS Client VPN

answered 10 months ago
AWS
EXPERT
reviewed 8 months ago
0

Thanks. In response to your points:

  1. The latest version is v5.0.0 and this is the broken one.
  2. I deleted the directories in ~/.config as part of my troubleshooting and it didn't help.
  3. I have searched, but didn't find any other reports of problems with v5.0.0 of the client.
  4. That's the route I'm going to take.
  5. I'll take a look at doing this.
answered 10 months ago
  • borche
    9 months ago

    For us, version 5.0.1 does not work on Windows 11 with all latest updates installed. However if we use version 4.1 all works fine again.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content