AWS Security ChangesHomeSearch

AWS vpn medium security documentation change

Service: vpn · 2025-06-22 · Security-related medium

File: vpn/latest/clientvpn-user/linux.md

Summary

Added requirement to use AWS-provided client instead of OpenVPN for ARM devices with SAML auth

Security assessment

Mitigates potential security risks by restricting OpenVPN client usage on ARM architectures where compatibility/security might be compromised.

Diff

diff --git a/vpn/latest/clientvpn-user/linux.md b/vpn/latest/clientvpn-user/linux.md
index 6afb97fdb..b40021e61 100644
--- a//vpn/latest/clientvpn-user/linux.md
+++ b//vpn/latest/clientvpn-user/linux.md
@@ -15 +15 @@ For troubleshooting information, see [Troubleshooting AWS Client VPN connections
-If the Client VPN endpoint has been configured to use [SAML-based federated authentication](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html#federated-authentication), you cannot use the OpenVPN-based VPN client to connect to a Client VPN endpoint.
+If the Client VPN endpoint has been configured to use [SAML-based federated authentication](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html#federated-authentication), you cannot use the OpenVPN-based VPN client to connect to a Client VPN endpoint. This includes any ARM-based architectures. If you are using a device with an ARM processor (such as Apple Silicon Macs or ARM-based Windows devices), you must use SAML-based VPN endpoints with the AWS provided client instead of OpenVPN clients.