Question

Can't connect to AWS VPN starting this year

  • 26 February 2024
  • 6 replies
  • 529 views

Badge

I use AWS VPN to connect to my work. There are times when I’m on the road and need to connect to work. I used to be able to just use my T-mobile hotspot from my Mac and work anywhere I had T-mobile connection. Since about the beginning of the year, I no longer can connect via AWS VPN.

In the last couple of months I’ve been working with our IT department to figure out if anything is blocked on their end. They have made sure that I’m not blocked when connecting via my phone hotspot. There appear to be issues with IPv6 connections, but there’s nothing that I can change on my T-mobile connection from my iPhone to change any of that.

Anybody can connect using AWS VPN over t-mobile hotspot? 


6 replies

Couldn’t have said it better myself. I have to travel a lot for my spouse’s complex medical condition and need my hotspot to work with AWS VPN that my company uses and since this year I have not been able to do so.

I’ve read that T-Mobile is not ipv6-exclusive.  Prior to this year, I had to turn off ipv6 to get AWS VPN to work without an IP address mismatch error. Now when I turn off ipv6 on my computer’s wifi settings I just lose internet signal connection on my hotspot.

Same here. I seem to be connected to AWS VPN and have internet connection (AWS VPN status is connected and I can access websites not behind AWS VPN) when on T-mobile hotspot, but I cannot access anything (AWS Redshift, API endpoints, etc.) that can only be accessed via AWS VPN. AWS VPN connection works fine over WiFi though.

Related to connecting to AWS EC2 Boxes? 

I’ve been trying to ssh into my EC2 boxes.  I can get to the machines when I’m on on my work’s VPN, but when I’m NOT on the work VPN, it times out!

I haven’t messed much at all with my T-Mobile Hotspot.  It just sits there on top of my bookshelf happily routing packets (better than Frontier ever did).  

I’m using:

ssh -vvv ...

and it times out.  No evidence of anything but that it’s trying to connect.  I’ve tried on multiple machines.

I feel like maybe it’s related.  Anybody have any ideas?    

 

I’m able to work around this (or a similar) issue by tethering via USB from my Pixel while connecting with the AWS VPN client. I would get this error:

The VPN connection is being terminated due to a discrepancy between the IP address of the connected server and the expected VPN server IP. Please contact your network administrator for assistance in resolving this issue.

Presumably from this requirement which is relatively new:

The Client VPN service requires that the IP address the client is connected to matches the IP that the Client VPN endpoint's DNS name resolves to. In other words, if you set a custom DNS record for the Client VPN endpoint, then forward the traffic to the actual IP address the endpoint's DNS name resolves to, this setup will not work using recent AWS-provided clients. This rule was added to mitigate a server IP attack as described here: TunnelCrack.

 

Source: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is-best-practices.html

HTH!

If your organization allows, you can install the last aws vpn client prior to the tunnelcrack fix, which is 3.4.0. thats what i did.

richhanbidge’s solution worked for me as well on iPhone.  Choosing tethered iPhone USB from the Network settings and then restarting the VPN worked.

 

 

Reply