ClientVpnEndpoint

The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. Changing the address range will replace the Client VPN endpoint. The CIDR block should be /22 or greater.

The ARN of the server certificate.

Whether to authorize all users to the VPC CIDR. This automatically creates an authorization rule. Set this to `false` and use `addAuthorizationRule()` to create your own rules instead.

Default: true

The ARN of the client certificate for mutual authentication. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM).

Default: - use user-based authentication

The AWS Lambda function used for connection authorization. The name of the Lambda function must begin with the `AWSClientVPN-` prefix

Default: - no connection handler

Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.

Default: - no banner is presented to the client

Options for Client Route Enforcement. Client Route Enforcement is a feature of Client VPN that helps enforce administrator defined routes on devices connected through the VPN. This feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel.

Default: undefined - AWS Client VPN default setting is disable client route enforcement

A brief description of the Client VPN endpoint.

Default: - no description

Indicates whether the client VPN session is disconnected after the maximum `sessionTimeout` is reached. If `true`, users are prompted to reconnect client VPN. If `false`, client VPN attempts to reconnect automatically.

Default: undefined - AWS Client VPN default is true

Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers.

Default: - use the DNS address configured on the device

Whether to enable connections logging.

Default: true

A CloudWatch Logs log group for connection logging.

Default: - a new group is created

A CloudWatch Logs log stream for connection logging.

Default: - a new stream is created

The port number to assign to the Client VPN endpoint for TCP and UDP traffic.

Default: VpnPort.HTTPS

The security groups to apply to the target network.

Default: - a new security group is created

Specify whether to enable the self-service portal for the Client VPN endpoint.

Default: true

The maximum VPN session duration time.

Default: ClientVpnSessionTimeout.TWENTY_FOUR_HOURS

Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.

Default: false

The transport protocol to be used by the VPN session.

Default: TransportProtocol.UDP

The type of user-based authentication to use.

Default: - use mutual authentication

Subnets to associate to the client VPN endpoint.

Default: - the VPC default strategy