Prerequisites Step 1: Get a VPN client application Step 2: Get the Client VPN endpoint configuration file Step 3: Connect to the VPN

Getting started with Client VPN

Before you can establish a VPN session, your Client VPN administrator must create and configure a Client VPN endpoint. Your administrator controls which networks and resources you can access when you establish a VPN session. You then use a VPN client application to connect to a Client VPN endpoint and establish a secure VPN connection.

If you're an administrator who needs to create a Client VPN endpoint, see the AWS Client VPN Administrator Guide.

Topics

Prerequisites
Step 1: Get a VPN client application
Step 2: Get the Client VPN endpoint configuration file
Step 3: Connect to the VPN
Use the self-service portal

Prerequisites

To establish a VPN connection, you must have the following:

Access to the internet
A supported device
For Client VPN endpoints that use SAML-based federated authentication (single sign-on), one of the following browsers:
- Apple Safari
- Google Chrome
- Microsoft Edge
- Mozilla Firefox

Step 1: Get a VPN client application

You can connect to a Client VPN endpoint and establish a VPN connection using the AWS provided client or another OpenVPN-based client application.

The AWS provided client is a supported on Windows, macOS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. You can download the client at AWS Client VPN download.

Alternatively, download and install an OpenVPN client application on the device from which you intend to establish the VPN connection.

Step 2: Get the Client VPN endpoint configuration file

You must get the Client VPN endpoint configuration file from your administrator. The configuration file includes the information about the Client VPN endpoint and the certificates that are required to establish a VPN connection.

Alternatively, if your Client VPN administrator has configured a self-service portal for the Client VPN endpoint, you can download the latest version of the AWS provided client and the latest version of the Client VPN endpoint configuration file yourself. For more information, see Use the self-service portal.

Step 3: Connect to the VPN

Import the Client VPN endpoint configuration file to the AWS provided client or to your OpenVPN client application and connect to the VPN. For steps to connect to a VPN, see the following topics:

For Client VPN endpoints that use Active Directory authentication, you will be prompted to enter your user name and password. If multi-factor authentication (MFA) has been enabled for the directory, you will also be prompted to enter your MFA code.

For Client VPN endpoints that use SAML-based federated authentication (single sign-on), the AWS provided client opens a browser window on your computer. You'll be prompted to enter your corporate credentials before you can connect to the Client VPN endpoint.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

What is AWS Client VPN?

Self-service portal