Troubleshooting AWS Client VPN: Client returns no available ports error — federated authentication

Problem

I use federated authentication for my Client VPN endpoint. When clients try to connect to the endpoint, the client software returns the following error:


The authentication flow could not be initiated. There are no available ports.

Cause

The AWS provided client requires the use of TCP port 35001 to complete authentication. For more information, see Requirements and considerations for SAML-based federated authentication.

Solution

Verify that the client's device is not blocking TCP port 35001 or is using it for a different process.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Client does not open browser — federated authentication

VPN connection terminated due to IP mismatch