AWS VPN Client cannot handle some OpenVPN options.


I have tested AWS VPN Client app with two versions of OpenVPN config:

  • config-a.ovpn: The ca, cert, key payloads are specified as file paths (These files definitely exist!)
    dev tun
    proto udp
    remote 443
    resolv-retry infinite
    remote-cert-tls server
    cipher AES-256-GCM
    verb 3
    ca /foo/bar/ca.crt
    cert /foo/bar/client.crt
    key /foo/bar/client.key
    reneg-sec 0
  • config-b.ovpn: The ca, cert key payloads are inlined in the config file. (using xml-like tags)
    dev tun
    proto udp
    remote 443
    resolv-retry infinite
    remote-cert-tls server
    cipher AES-256-GCM
    verb 3
    reneg-sec 0

While the config-b.ovpn doesn't have any issue establishing connections, the config-a.ovpn causes an error message popup saying, "VPN process quit unexpectedly".

I have confirmed that config-a.ovpn itself is valid: openvpn --config config-a.ovpn has no issue.


More infomration:

  • VPN Client app: AWS VPN Client 3.1.0
  • Operation System: macOS 12.6 (M1 max)
已提问 2 年前1013 查看次数
1 回答


I tested with the exact same configuration and it works perfectly fine. I tested in windows and pls find the snippet of the client logs.

2022-10-21 18:14:58.020 +08:00 [INF] Validating ca path: c:\Temp\ca.crt

2022-10-21 18:14:58.200 +08:00 [DBG] Validating file path: c:\Temp\ca.crt

2022-10-21 18:14:58.276 +08:00 [DBG] Backslash count: 4

2022-10-21 18:14:58.276 +08:00 [DBG] Double backslash count: 2

2022-10-21 18:14:58.277 +08:00 [INF] Validating cert path: c:\Temp\svr.crt

2022-10-21 18:14:58.277 +08:00 [DBG] Validating file path: c:\Temp\svr.crt

2022-10-21 18:14:58.333 +08:00 [DBG] Backslash count: 4

2022-10-21 18:14:58.333 +08:00 [DBG] Double backslash count: 2

2022-10-21 18:14:58.334 +08:00 [INF] Validating key path: c:\Temp\svr.key

2022-10-21 18:14:58.334 +08:00 [DBG] Validating file path: c:\Temp\svr.key>

2022-10-21 18:14:59.700 +08:00 [DBG] CM received: >LOG:1666347299,,VERIFY OK: depth=1, CN=abcservera

LOG:1666347299,,VERIFY KU OK

LOG:1666347299,,Validating certificate extended key usage

LOG:1666347299,,++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

LOG:1666347299,,VERIFY EKU OK

LOG:1666347299,,VERIFY OK: depth=0, CN=serversfsdfsf

LOG:1666347299,,Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

LOG:1666347299,I,[server] Peer Connection Initiated with [AF_INET]X.X.X.X:443

I dont see you have any issues with open vpn configuration file. since you have place the correct certificate and keys in place.

I would suggest you to look for openvpn client logs which gives you more information.

Log file location:-]()

已回答 2 年前
  • I forgot to mention that I am using AWS VPN Client 3.1.0 as a VPN client on macOS. The link you refer to me is for OpenVPN Connect client. "/Library/Application Support/OpenVPN" directory does not exist on my machine.

您未登录。 登录 发布回答。

