How to connect to AWS Client VPN from ubuntu box?

Question

I have used this guide to create aws vpn client endpoint. Now i want connect to this vpn endpoint from my ubuntu box.

For that i have downloaded the client certificates and using this guide for connecting to vpn using TLS authentication method.

But when i tried to connect to VPN from my Network Manager, I'm getting timed out.

Note: I have already open all UDP traffic for my system.

Below is the output of syslog. Please let me know what is going wrong.

~$ org.gtk.vfs.Daemon[2480]: message repeated 3 times: [ ** (process:17599): WARNING **: Couldn't create directory monitor on smb://x-gnome-default-workgroup/. Error: The specified location is not mounted]
~$ NetworkManager[30373]: <info>  [1552886812.2980] audit: op="connection-activate" uuid="705a6afa-a5b0-420b-858e-4feae6244a63" name="Client-VPC" pid=2697 uid=1001 result="success"
~$ NetworkManager[30373]: <info>  [1552886812.3117] vpn-connection[0x2501430,705a6afa-a5b0-420b-858e-4feae6244a63,"Client-VPC",0]: Started the VPN service, PID 9091
~$ NetworkManager[30373]: <info>  [1552886812.3297] vpn-connection[0x2501430,705a6afa-a5b0-420b-858e-4feae6244a63,"Client-VPC",0]: Saw the service appear; activating connection
~$ NetworkManager[30373]: nm-openvpn-Message: openvpn[9094] started
~$ NetworkManager[30373]: <info>  [1552886812.3394] vpn-connection[0x2501430,705a6afa-a5b0-420b-858e-4feae6244a63,"Client-VPC",0]: VPN plugin: state changed: starting (3)
~$ NetworkManager[30373]: <info>  [1552886812.3394] vpn-connection[0x2501430,705a6afa-a5b0-420b-858e-4feae6244a63,"Client-VPC",0]: VPN connection: (ConnectInteractive) reply received
~$ nm-openvpn[9094]: OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
~$ nm-openvpn[9094]: library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
~$ nm-openvpn[9094]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
~$ nm-openvpn[9094]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
~$ nm-openvpn[9094]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
~$ nm-openvpn[9094]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
~$ nm-openvpn[9094]: UDPv4 link local: [undef]
~$ nm-openvpn[9094]: UDPv4 link remote: [AF_INET] **.**.**.**:1194
~$ nm-openvpn[9094]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
~$ nm-openvpn[9094]: TLS Error: TLS handshake failed
~$ nm-openvpn[9094]: SIGUSR1[soft,tls-error] received, process restarting
~$ NetworkManager[30373]: <warn>  [1552886872.9227] vpn-connection[0x2501430,705a6afa-a5b0-420b-858e-4feae6244a63,"Client-VPC",0]: VPN connection: connect timeout exceeded.
~$ NetworkManager[30373]: libnm-Message: Connect timer expired, disconnecting.
~$ NetworkManager[30373]: nm-openvpn-Message: openvpn[9094]: send SIGTERM
~$ nm-openvpn[9094]: SIGTERM[hard,init_instance] received, process exiting
~$ NetworkManager[30373]: <warn>  [1552886872.9266] vpn-connection[0x2501430,705a6afa-a5b0-420b-858e-4feae6244a63,"Client-VPC",0]: VPN plugin: failed: connect-failed (1)
~$ NetworkManager[30373]: nm-openvpn-Message: openvpn[9094] exited with success
~$ NetworkManager[30373]: <info>  [1552886872.9273] vpn-connection[0x2501430,705a6afa-a5b0-420b-858e-4feae6244a63,"Client-VPC",0]: VPN plugin: state changed: stopping (5)
~$ NetworkManager[30373]: <info>  [1552886872.9277] vpn-connection[0x2501430,705a6afa-a5b0-420b-858e-4feae6244a63,"Client-VPC",0]: VPN plugin: state changed: stopped (6)
~$ org.freedesktop.Notifications[2480]: ** (notify-osd:2694): WARNING **: dnd_is_idle_inhibited(): got error "The name org.gnome.SessionManager was not provided by any .service files"

Any help on this will be greatly appreciated.

Thanks in Advance.

Answer 1

Follow this guide

Sometimes there are extra steps missing in the web docs like:

After you create the client vpn endpoint, the console displays the DNS name, for example, " cvpn-endpoint-0102bc4c2e49f1e44.prod.clientvpn.us-west-2.amazonaws.com". When you need to specify the DNS name, you must specify a random string in front of the displayed name so that the format is “[random string].displayed DNS name, for example, “asdfa.cvpnendpoint-0102bc4c2e49f1e44.prod.clientvpn.us-west-2.amazonaws.com".