AWS VPN client is not connecting

Question

Hello Everyone,

recently I have setup Client VPN endpoint. I have used SAML based authentication and Server certificate ARN (imported a wild card public SSL certificate from Comodo in ACM). 
Downloaded the configuration and my actual CA chain (CAbundle.cer) matches with chain given in VPN configuration file.

CA chain

After importing the config in my VPN client when I try to connect I am getting error connection failed because of TLS handshake error.

Could you please advise what wrong I am doing . Thanks in advance.

Answer

Hi Arun,

This error usually indicates a problem during the initial negotiation between the VPN client and the VPN server.

* Ensure the **certificate** and the **private key** were **imported correctly into ACM**.
* Ensure that the **certificate is still valid** (not expired).
* Confirm that the **wildcard certificate is appropriate for the domain** you're connecting to.
* **Recheck the CA chain**. Even if it matches, there might be an order issue.
* **Verify that the SAML-based authentication is set up correctly**.
* **Check if the SAML provider is accessible and correctly integrated with the Client VPN endpoint**.

Answer

Hello Victor,

thanks your reply and sorry for my late response.
Confirm that the wildcard certificate is appropriate for the domain you're connecting to.
Not sure how should I confirm this but it looks like a single certificate is not enough for this task.

we generated two self signed certificates (client and server) 
uploaded in ACM
used the server certificate for SAML based VPN endpoint and it worked
however we never wanted to use self signed certificate. May be there is no other way around.

AWS VPN client is not connecting

Relevant content