Contents

Related Topics

Configure Client Devices for Mobile VPN with IKEv2

Before you can use computers or mobile devices as Mobile VPN with IKEv2 remote clients, you must configure and establish the IKEv2 connection on each client device. Many client operating systems include a native IKEv2 client. For Android devices, you must download the third-party strongSwan app.

The steps to configure an IKEv2 connection are different for each client operating system. We provide instructions and scripts to help you configure an IKEv2 VPN connection on devices with these operating systems:

  • Windows 8.1 and 10
  • macOS
  • iOS
  • Android (strongSwan app)

Instructions and scripts for all operating systems are included in a single file that you can download from your Firebox. You can run the scripts on your devices to automatically configure the IKEv2 VPN client. Or, you can follow the instructions to manually configure the IKEv2 VPN client. If you manually configure a client, you must add the rootca.crt or rootca.pem certificate to your device and follow the instructions in the README file.

WatchGuard provides interoperability instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about configuring a non-WatchGuard product, see the documentation and support resources for that product.

To download the instructions and scripts, from Fireware Web UI:Closed
  1. Select VPN > Mobile VPN with IKEv2.
  2. In the Client Profiles and Instructions section, click Download. A compressed .TGZ file downloads to your computer.
  3. Extract the files from the .TGZ file. Folders with instructions and scripts, certificates, and a README.txt file appear.

  1. For an overview of the client configuration process, open the README.txt file in the root folder.
  2. For instructions and a configuration script specific to your operating system, open the folder for your operating system.

To download the instructions and scripts, from Policy Manager:Closed
  1. Select VPN > Mobile VPN > IKEv2.
  2. Select Client Instructions.
    The Mobile VPN with IKEv2 Client Instructions dialog box appears.

  1. In the VPN Connection Name text box, type a name that describes this VPN connection.
  2. Click Download.
  3. On your computer, select a location to save the .TGZ file.
    A dialog box that requests connection information and credentials for your Firebox appears.


  1. Type the IP address of your Firebox.
  2. Type the administrator user name and password for your Firebox.
  3. From the Authentication Server drop-down list, select the authentication server for your Firebox.
  4. Click OK.
    The Fireware Policy Manager dialog box appears.

Screen shot of the Fireware Policy Manager dialog box

  1. Extract the files from the .TGZ file. Folders with instructions and scripts, certificates, and a README.txt file appear.

  1. For an overview of the client configuration process, open the README.txt file in the root folder.
  2. For instructions and a configuration script specific to your operating system, open the folder for your operating system.

For online versions of the instructions included in the .TGZ file, see:

See Also

Mobile VPN with IKEv2

Use the WatchGuard IKEv2 Setup Wizard

Give Us Feedback     Get Support     All Product Documentation     Technical Search

© 2018 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, WatchGuard Dimension, Firebox, Core, Fireware, and LiveSecurity are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.