# Get started with AWS Client VPN Get started with Client VPN Before you can establish a VPN session, your Client VPN administrator must create and configure a Client VPN endpoint. Your administrator controls which networks and resources you can access when you establish a VPN session. You then use a VPN client application to connect to a Client VPN endpoint and establish a secure VPN connection. If you're an administrator who needs to create a Client VPN endpoint, see the [AWS Client VPN Administrator Guide](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/). **Topics** + [ ## Prerequisites for using Client VPN ](#install-prereq) + [ ## Step 1: Get a VPN client application ](#install-client) + [ ## Step 2: Get the Client VPN endpoint configuration file ](#get-config-file) + [ ## Step 3: Connect to the VPN ](#import-connect) + [Download Client VPN](self-service-portal.md) ## Prerequisites for using Client VPN To establish a VPN connection, you must have the following: + Access to the internet + A supported device + A supported version of [Windows](client-vpn-connect-windows.md), [macOS](client-vpn-connect-macos.md), or [Linux](client-vpn-connect-linux.md). + For Client VPN endpoints that use SAML-based federated authentication (single sign-on), one of the following browsers: + Apple Safari + Google Chrome + Microsoft Edge + Mozilla Firefox ## Step 1: Get a VPN client application You can connect to a Client VPN endpoint and establish a VPN connection using the AWS provided client or another OpenVPN-based client application. You can download the Client VPN application through one of two methods, depending on whether the administrator created the endpoint configuration file for the application: + If your administrator did not set up endpoint configuration files, download and install the client from [AWS Client VPN download](https://aws.amazon.com/vpn/client-vpn-download/). After downloading and installing the application, proceed to [Step 2: Get the Client VPN endpoint configuration file](#get-config-file) to get the endpoint configuration file from your administrator. If you're connecting to multiple profiles, you'll need a configuration file for each profile. + If your administrator has already preconfigured the endpoint configuration file, you can download the Client VPN application, along with the configuration file, from the self-service portal. For the steps to download the client and configuration file from the self-service portal, see [Download the AWS Client VPN from the self-service portal](self-service-portal.md). After downloading and installing the application and file, go to [Step 3: Connect to the VPN](#import-connect). Alternatively, download and install an OpenVPN client application on the device from which you intend to establish the VPN connection. ## Step 2: Get the Client VPN endpoint configuration file You get the Client VPN endpoint configuration file from your administrator. The configuration file includes the information about the Client VPN endpoint and the certificates that are required to establish a VPN connection. Alternatively, if your Client VPN administrator has configured a self-service portal for the Client VPN endpoint, you can download the latest version of the AWS provided client and the latest version of the Client VPN endpoint configuration file yourself. For more information, see [Download the AWS Client VPN from the self-service portal](self-service-portal.md). ## Step 3: Connect to the VPN Import the Client VPN endpoint configuration file to the AWS provided client or to your OpenVPN client application and connect to the VPN. For steps to connect to a VPN, including importing one or more endpoint configuration files for an AWS provided client, see the following topics: + [Connect to an AWS Client VPN endpoint using an AWS provided client](connect-aws-client-vpn-connect.md) + [Connect to an AWS Client VPN endpoint using an OpenVPN client](connect.md) For Client VPN endpoints that use Active Directory authentication, you will be prompted to enter your user name and password. If multi-factor authentication (MFA) has been enabled for the directory, you will also be prompted to enter your MFA code. For Client VPN endpoints that use SAML-based federated authentication (single sign-on), the AWS provided client opens a browser window on your computer. You'll be prompted to enter your corporate credentials before you can connect to the Client VPN endpoint. # Download the AWS Client VPN from the self-service portal Download Client VPN The self-service portal is a web page that enables you to download the latest version of the AWS provided client and the latest versions of Client VPN endpoint configuration files. If your Client VPN endpoint administrator has preconfigured one or more configuration files for the Client VPN client, you can download and install that Client VPN application along with those configuration files, from this portal. **Note** If you're an administrator and want to configure the self-service portal, see [Client VPN endpoints](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-endpoints.html) in the *AWS Client VPN Administrator Guide*. Before you begin, you must have the ID of each Client VPN endpoint you want to download Your Client VPN endpoint administrator can provide you with the ID, or can give you a self-service portal URL that includes the ID. For multiple endpoint connections you'll need the endpoint ID for each profile you want to connect to. **To access the self-service portal** 1. Go to the self-service portal at [https://self-service.clientvpn.amazonaws.com/](https://self-service.clientvpn.amazonaws.com/), or use the URL that was provided to you by your administrator. 1. If required, enter the ID of the Client VPN endpoint, for example, `cvpn-endpoint-0123456abcd123456`. Choose **Next**. 1. Enter your user name and password and choose **Sign In**. This is the same user name and password that you use to connect to the Client VPN endpoint. 1. In the self-service portal, you can do the following: + Download the latest version of the client configuration file for the Client VPN endpoint. If you want to connect to multiple endpoints, you'll need to download the configuration file for each endpoint. + Download the latest version of the AWS provided client for your platform. 1. Repeat these steps for each endpoint configuration file you want to create a connection profile for.