Help

AWS VPN Client Helper Tool is required to establish the connection.

user-JqAgeiEivA
New Contributor II

Posted on ‎02-26-2024 11:52 AM

I am attempting to deploy the AWS VPN Client app to computers logged into Standard user accounts. After opening the application and then selecting the Connect button, MacOS 14.3.1 requires the user to authenticate using administrator credentials. Canceling the credentials prompt generates a dialog window, “AWS VPN Client Helper Tool is required to establish the connection”

 

When testing, I can connect the VPN to the host when entering the admin credentials. Once the admin credentials are entered, a new item named “AMZN Moble LLC” appears in System Settings > General > Allow in the Background. 

 

I need the VPN to connect without the Standard user entering the admin credentials.

 

The policy configuration:

userJqAgeiEivA_0-1708977057121.png

 

 

An installer script runs after the package is deployed:

#!/bin/sh

 

for i in `ls /Users |grep -v Shared`; do

perl -pi -e s/REPLACE_ME/$i/ /Users/$i/.config/AWSVPNClient/ConnectionProfiles

Done

 

userJqAgeiEivA_1-1708977057130.png

 

 

0 Kudos
Reply
3 REPLIES 3

BookerE1
New Contributor

Posted on ‎02-28-2024 12:33 AM

Hello,

I can try to give you some possible solutions for your problem, based on the web search results that I found. Here are some suggestions:

One solution is to use a different VPN client application that does not require admin credentials to connect to the AWS Client VPN endpoint. For example, you can use Tunnelblick or OpenVPN Connect Client, which are both free and open source VPN clients for macOS.

Another solution is to grant the AWS VPN Client Helper Tool permission to run without admin credentials. The AWS VPN Client Helper Tool is a component of the AWS provided client that is responsible for establishing the VPN connection. To do this, you need to use the Terminal app and run the following commands.

# Find the path of the AWS VPN Client Helper Tool
sudo find / -name "AWS VPN Client Helper Tool"

# Grant the tool permission to run without admin credentials
sudo chmod u+s <path-of-the-tool>

A third solution is to create a separate admin account on your macOS computer and use it to connect to the AWS Client VPN endpoint. You can then switch back to your standard user account and use the VPN connection.

I hope this helps you to connect to the AWS Client VPN endpoint without entering the admin credentials. If you have any other questions or requests, please let me know. 

0 Kudos
Reply

user-JqAgeiEivA
New Contributor II
In response to BookerE1

Posted on ‎03-13-2024 08:43 AM

Unfortunately, these suggested solutions did not work for my situation.

0 Kudos
Reply

user-JqAgeiEivA
New Contributor II

Posted on ‎03-13-2024 08:42 AM

The following procedure worked for me. I hope this helps anyone else in the same situation.

Start with a wiped computer

Download the installer from Amazon
Copy two files from to your Downloads folder on your own computer
cp /Users/YOUR USER/.config/AWSVPNClient/ConnectionProfiles ~/Downloads/

cp /Users/YOUR USER/.config/AWSVPNClient/OpenVpnConfigs/MyVPC ~/Downloads/

Edit the ConnectionsProfiles file and replace your computer name with the user logged into the remote computer.
ConnectionProfiles File:

{"Version":"1","LastSelectedProfileIndex":0,"ConnectionProfiles":[{"ProfileName":"MeyerVPC","OvpnConfigFilePath":"/Users/<REMOTE USER NAME>/.config/AWSVPNClient/OpenVpnConfigs/MyVPC","CvpnEndpointId":"cvpn-endpoint-05eaa8d57bc585b5e","CvpnEndpointRegion":"us-west-2","CompatibilityVersion":"1","FederatedAuthType":0}]}

 

Pause AV scan
Create a Jamf Composer Normal Snapshot before the installation process
Run the installer
Open the application (to create the folders within ~/.config/)
Allow update if original installer is not current
Quit application
Replace the two files in your Downloads folder into the .config directory using file sharing to transfer the files to the respective locations:
/Users/YOUR USER/.config/AWSVPNClient/ConnectionProfiles

/Users/YOUR USER/.config/AWSVPNClient/OpenVpnConfigs/MyVPC

Connect the VPN (it may fail the first time and that’s okay, friend. Just let it time out)
Complete Snapshot
Build as PKG
Upload to Jamf > Settings > Packages
Update the package top point to the new AWS VPN Client policy


Jamf Policy configuration

userJqAgeiEivA_2-1710344553490.png

userJqAgeiEivA_3-1710344568109.png

 

 

 

 

 

 

AWS VPN Post Install Configuration contents:

#!/bin/sh

for i in `ls /Users |grep -v Shared`; do

perl -pi -e s/REPLACE_ME/$i/ /Users/$i/.config/AWSVPNClient/ConnectionProfiles

done

0 Kudos
Reply