By using AWS re:Post, you agree to the Terms of Use

AWS Client VPN Self Service Page intermittently returns a 400


I have an AWS VPN Client integrated with Azure AD using SAML. The VPN works fine but the self service page is often inaccessible to anyone in the organisation typically returning a 400. This is extremely annoying. Is there any reason why this would be happening?

1 Answer


I understand that you've been having problems accessing the Client VPN self-service portal and have been receiving 400 error codes even though the VPN seems to be working correctly.

Check to ensure that your endpoint ID is correct and that the self-service portal is enabled for your Client VPN endpoint, as not enabling the portal will make it inaccessible to your users [1].

For example, when you create a Client VPN endpoint, you can specify whether to enable the self-service portal for your Client VPN by setting the SelfServicePortal parameter to enabled [2].

When using the Client VPN self-service portal, the following rules apply [1]:

  • The self-service portal is not available for clients that authenticate using mutual authentication.
  • The configuration file that's available in the self-service portal is the same configuration file that you export using the Amazon VPC console or AWS CLI. If you need to customize the configuration file before distributing it to clients, you must distribute the customized file to clients yourself.
  • You must enable the self-service portal option for your Client VPN endpoint, or clients cannot access the portal. If this option is not enabled, you can modify your Client VPN endpoint to enable it.

Please let me know if this response has helped resolve the issue or if you have any questions.

Link to documentation:



answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions