A client VPN certificate expired. I created a new endpoint. I downloaded the file.
CONTENTS:
client
dev tun
proto udp
remote ENDPOINT-URL.clientvpn.us-east-1.amazonaws.com 443
remote-random-hostname
resolv-retry infinite
nobind
remote-cert-tls server
cipher AES-256-GCM
verb 3
<ca>
-----BEGIN CERTIFICATE-----
CERT-VALUE
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
CERT-VALUE
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
CERT-VALUE
-----END CERTIFICATE-----
</ca>
reneg-sec 0
verify-x509-name PRIVATE-URL name
This format is NOT the same as the previous certificate.
It has no <cert /> or <key /> sections and it has the odd line at the end.
Tried as is, it fails to create the profile in ClientVPN.
The config should have either cert and key, auth-user-pass or auth-federate specified.
I modified Line 4 to have the random value asdf. to the beginning.
It still fails to create the profile with the same error.
I modified the file further to surround the first CERT-VALUE with <ca />, the second with <cert />, and the last with <key />.
I also removed the last line of the file.
I could now create the profile.
Upon connection, I get: The VPN process failed to start. The port is already in use by another process.. Which it is not as this is a documented mis-identification that points at the config file for errors.
I am not sure where to go from here.
EDIT:
My OS: Mac
My VPN: AWS ClientVPN
Other user that gets same errors:
OS: Windows
VPN: OpenVPN
Also, I've verified the file encoding is UTF-8
AWS 官方已更新 9 個月前