Common problems

The following are common problems that you might have when using a client to connect to a Client VPN endpoint.

TLS key negotiation failed

Problem

The TLS negotiation fails with the following error.


TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed

Cause

The cause of this problem might be one of the following:

Firewall rules are blocking UDP or TCP traffic.
You're using the incorrect client key and certificate in your configuration (.ovpn) file.
The client certificate revocation list (CRL) has expired.

Solution

Check to see if the firewall rules on your computer are blocking inbound or outbound TCP or UDP traffic on ports 443 or 1194. Ask your Client VPN administrator to verify the following information:

That the firewall rules for the Client VPN endpoint do not block TCP or UDP traffic on ports 443 or 1194.
That the configuration file contains the correct client key and certificate. For more information, see Export Client Configuration in the AWS Client VPN Administrator Guide.
That the CRL is still valid. For more information, see Clients Unable to Connect to a Client VPN Endpoint in the AWS Client VPN Administrator Guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Linux troubleshooting

Document history