Connect using a Windows client application - AWS Client VPN
OpenVPN using a certificate from the Windows Certificate System StoreOpenVPN GUIOpenVPN Connect Client

Connect using a Windows client application

The following procedures show how to establish a VPN connection using Windows-based VPN clients.

Before you begin, ensure that your Client VPN administrator has created a Client VPN endpoint and provided you with the Client VPN endpoint configuration file.

For troubleshooting information, see Windows troubleshooting.

Important

If the Client VPN endpoint has been configured to use SAML-based federated authentication, you cannot use the OpenVPN-based VPN client to connect to a Client VPN endpoint.

OpenVPN using a certificate from the Windows Certificate System Store

You can configure the OpenVPN client to use a certificate and private key from the Windows Certificate System Store. This option is useful when you use a smart card as part of your Client VPN connection. For information about the OpenVPN client cryptoapicert option, see Reference Manual for OpenVPN on the OpenVPN website.

Note

The certificate must be stored on the local computer.

To use the cryptoapicert option with OpenVPN

  1. Create a .pfx file that contains the client certificate and the private key.

  2. Import the .pfx file to your personal certificate store, on your local computer. For more information, see How to: View certificates with the MMC snap-in on the Microsoft website.

  3. Verify that your account has permissions to read the local computer certificate. You can use the Microsoft Management Console to modify the permissions. For more information, see Rights to see the local computer certificates store on the Microsoft Technet website.

  4. Update the OpenVPN configuration file and specify the certificate by using either the certificate subject, or the certificate thumbprint.

    The following is an example of specifying the certificate by using a subject.

    cryptoapicert “SUBJ:Jane Doe”

    The following is an example of specifying the certificate by using a thumbprint. You can find the thumbprint by using the Microsoft Management Console. For more information, see How to: Retrieve the Thumbprint of a Certificate on the Microsoft Technet website.

    cryptoapicert “THUMB:a5 42 00 42 01"

After you complete the configuration, you use OpenVPN to establish a connection.

OpenVPN GUI

The following procedure shows how to establish a VPN connection using the OpenVPN GUI client application on a Windows computer.

Note

For information about the OpenVPN client application, see Community Downloads on the OpenVPN website.

To establish a VPN connection

  1. Start the OpenVPN client application.

  2. On the Windows taskbar, choose Show/Hide icons, right-click OpenVPN GUI, and choose Import file.

    Windows step 2

  3. In the Open dialog box, select the configuration file that you received from your Client VPN administrator and choose Open.

  4. On the Windows taskbar, choose Show/Hide icons, right-click OpenVPN GUI, and choose Connect.

    Windows step 4

OpenVPN Connect Client

The following procedure shows how to establish a VPN connection using the OpenVPN Connect Client application on a Windows computer.

Note

For more information, see Connecting to Access Server with Windows on the OpenVPN website.

To establish a VPN connection

  1. Start the OpenVPN Connect Client application.

  2. On the Windows taskbar, choose Show/Hide icons, right-click OpenVPN, and choose Import profile.

  3. Choose Import from File and select the configuration file that you received from your Client VPN administrator.

  4. To begin the connection, choose the connection profile.