Related Topics
Configure Android Devices for Mobile VPN with IKEv2
To configure a VPN connection between your Android device and a Firebox, we recommend the free strongSwan app. Recent Android versions do not include native support for IKEv2 VPNs.
To add the VPN connection on your device, you can use the WatchGuard automatic configuration script or manually configure settings on the device.
Mobile VPN with IKEv2 is supported on Fireboxes with Fireware v12.1 and higher.
WatchGuard provides interoperability instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about configuring a non-WatchGuard product, see the documentation and support resources for that product.
Automatically Configure VPN Settings
To configure a VPN connection with the WatchGuard automatic configuration script, you must download a compressed .TGZ file from your Firebox. This file contains instructions and configurations scripts for various operating systems. For information about how to download this file, see Configure Client Devices for Mobile VPN with IKEv2.
The automatic configuration script creates a new IKEv2 VPN profile in the strongSwan app on your Android device. It also installs the required CA certificate for the VPN connection.
- Download and install the strongSwan VPN client from the Google Play store.
- Download or copy the WG IKEv2.sswan file to the local storage on your Android device.
- Open the strongSwan VPN client and select the three vertical dots at the top right next to the Add VPN Profile option.
- Select Import VPN profile.
- Browse to the WG IKEv2.sswan file.
- To import the WG IKEv2.sswan file, select it.
- (Optional) Type your user name and password.
- Select the Import option at the top right.
- To initiate an IKEv2 PN connection to the Firebox, select the new IKEv2 profile that you added.
Manually Configure VPN Settings
- Download or copy the rootca.crt or rootca.pem certificate file to the local storage on your Android device.
- Browse to the rootca.crt or rootca.pem certificate file.
- To install the certificate, tap the rootca.crt or rootca.pemfile.
- Type a name. For example, type WG IKEv2 CA.
- Click OK.
- To verify that the certificate was installed, select Settings > Security > Trusted Credentials > User.
- Download and install the strongSwan VPN client from the Google Play store.
- Open the strongSwan VPN client and select the Add VPN Profile option.
- To configure the VPN, specify this information:
- Server — Host name or IP address of the server
- VPN Type — Firebox IKEv2 EAP (Username/Password)
- Username — Your Firebox username
- Password — Your Firebox password
- CA Certificate — Select automatically
- Profile Name — A name for the VPN
- Click Save.
- To start a VPN connection to the Firebox, select the new IKEv2 profile that you added.
See Also
Configure Client Devices for Mobile VPN with IKEv2
Configure iOS and Mac OS Devices for Mobile VPN with IKEv2
Configure Windows Devices for Mobile VPN with IKEv2