Requirements for creating Client VPN endpoints Endpoint modification

AWS Client VPN endpoints

All AWS Client VPN sessions establish communication with a Client VPN endpoint. You can manage the Client VPN endpoint to create, modify, view, and delete client VPN sessions with that endpoint. Endpoints can be created and modified using either the Amazon VPC Console or by using the AWS CLI.

Requirements for creating Client VPN endpoints

Important

A Client VPN endpoint must be created in the same AWS account in which the intended target network is provisioned. You'll also need to generate a server certificate, and if required, a client certificate. For more information, see Client authentication in AWS Client VPN.

Before you begin, ensure that you do the following:

Review the rules and limitations in Rules and best practices for using AWS Client VPN.
Generate the server certificate, and if required, the client certificate. For more information, see Client authentication in AWS Client VPN.

Endpoint modification

After a Client VPN has been created, you can modify any of the following settings:

The description
The server certificate
The client connection logging options
The client connect handler option
The DNS servers
The split-tunnel option
Routes (when using the split-tunnel option)
Certificate Revocation List (CRL)
Authorization rules
The VPC and security group associations
The VPN port number
The self-service portal option
The maximum VPN session duration
Enable or disable automatic reconnection on session timeout
Enable or disable client login banner text
Client login banner text

Note

Modifications to Client VPN endpoints, including Certificate Revocation List (CRL) changes, will take effect up to 4 hours after a request is accepted by the Client VPN service.

You cannot modify the client IPv4 CIDR range, authentication options, client certificate or transport protocol after the Client VPN endpoint has been created.

When you modify any of the following parameters on a Client VPN endpoint, the connection resets:

The server certificate
The DNS servers
The split-tunnel option (turning support on or off)
Routes (when you use the split-tunnel option)
Certificate Revocation List (CRL)
Authorization rules
The VPN port number

Tasks

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

View a currently configured login banner

Create an endpoint