AWS VPN client is not connecting


Hello Everyone,

recently I have setup Client VPN endpoint. I have used SAML based authentication and Server certificate ARN (imported a wild card public SSL certificate from Comodo in ACM). Downloaded the configuration and my actual CA chain (CAbundle.cer) matches with chain given in VPN configuration file. <ca> CA chain </ca>

After importing the config in my VPN client when I try to connect I am getting error connection failed because of TLS handshake error.

Could you please advise what wrong I am doing . Thanks in advance.

asked 10 months ago760 views
2 Answers

Hi Arun,

This error usually indicates a problem during the initial negotiation between the VPN client and the VPN server.

  • Ensure the certificate and the private key were imported correctly into ACM.
  • Ensure that the certificate is still valid (not expired).
  • Confirm that the wildcard certificate is appropriate for the domain you're connecting to.
  • Recheck the CA chain. Even if it matches, there might be an order issue.
  • Verify that the SAML-based authentication is set up correctly.
  • Check if the SAML provider is accessible and correctly integrated with the Client VPN endpoint.
profile picture
answered 10 months ago

Hello Victor,

thanks your reply and sorry for my late response. Confirm that the wildcard certificate is appropriate for the domain you're connecting to. Not sure how should I confirm this but it looks like a single certificate is not enough for this task.

we generated two self signed certificates (client and server) uploaded in ACM used the server certificate for SAML based VPN endpoint and it worked however we never wanted to use self signed certificate. May be there is no other way around.

answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions