# AWS VPN Notes The AWS VPN is a hosted VPN in the AWS cloud. ## Download the client To download the client, use the Okta Chicklet. ## Add Additional Profiles File > Manage Profiles ## Saved Configuration Location `~/.config/AWSVPNClient/OpenVpnConfigs` ## Tweak for Infrastructure Replace 192.168.1.0 with your home network and add to the .ovpn file and import. `route 192.168.1.0 255.255.255.0 net_gateway` (Fred's note: this shouldn't be necessary, but is also a good way to force certain networks out locally) ## Troubleshooting ### Issue: DNS resolution doesn't work on Ubuntu 20 By default DNS resolution doesn't work on Ubuntu. Try this command to see if it resolves the issue temporarily: `resolvectl domain tun0 "~pvt.xdrtest.accenturefederalcyber.com" FIX: add `dhcp-option DOMAIN pvt.xdrtest.accenturefederalcyber.com` to your config file. ### Issue: DNS resolution doesn't work, but ping works, as does direct lookups with `host` Rick Page experienced this. He could connect. He could ping both public and private IP addresses. But his machine wouldn't resolve any hostnames. Here's his fix: > I got it working. TL;DR: OS X Network stack is a jerk, refuses to update DNS servers - but destroying and recreating “Wifi service” in sys pref more than once seemed to do the trick > > I think “Wifi Service” in OS X was refusing to let AWS VPN client update DNS servers. First I decided to try and manually update my DNS from comcast to opendns and noticed it always reverted back to comcast; I fought the UI to create a new Wifi service that uses Manual IP + OpenDNS – this let me ping yahoo.com but not XDR sites ofc; After recreating Wifi service with DHCP + comcast DNS (to show you my “progress” by comparing), I noticed nslookup showed me 10.40.2.X finally – so now it works! Until this point I think the client was not able to change the DNS setting, or perhaps it was even being changed back somehow > > Takeaways > 1. Using DHCP wont let “me” set DNS server, they revert back automatically (but see 4) > 2. Using OpenDNS and not comcast let me ping yahoo.com but not XDR server, ofc. Thinking comcast DNS is wonky, which happens frequently. > 3. Using manual IP *seemed* to let me control DNS but *not* let AWS VPN update DNS either (but again see 4) > 4. After destroying and recreating Wifi Service (iirc, 3rd time), using DHCP + comcast DNS let me connect to the AWS VPN – critically, it updated this DNS this time, so I can access XDR network now. (Don’t update, don’t have multiple, destroy all of them completely or else OS X hangs on to old DNS setting even after VPN)