Configure Client Devices for Mobile VPN with IKEv2

Many client operating systems include a native IKEv2 client. For Android devices, you must download the third-party strongSwan app. In Fireware v12.11.1 or higher, you can use the WatchGuard IPSec Mobile VPN Client for Windows.

The steps to configure an IKEv2 connection are different for each client. We provide instructions and files to help you configure an IKEv2 VPN connection on these types of devices and clients:

  • Windows
  • macOS
  • iOS
  • Android (strongSwan app)
  • WatchGuard IPSec Mobile VPN client for Windows

For information about supported operating system versions, go to the Fireware Release Notes.

Instructions, profiles for macOS, Android, and WatchGuard IPSec Mobile VPN client, and scripts for Windows and the Mobile VPN client are included in a single file that you can download from your Firebox. You can use the profiles and scripts on your devices to automatically configure the IKEv2 VPN client. Or, you can follow the instructions to manually configure the IKEv2 VPN client. If you manually configure a client, you must add the .CRT or .PEM certificate to your device. For more information, go to the Configure Devices and Clients for Mobile VPN with IKEv2 section of this topic or the instructions in the README files.

To configure pre-logon VPN connections for Windows users, go to How can I create and deploy custom IKEv2 and L2TP VPN profiles for Windows computers? in the WatchGuard Knowledge Base.

WatchGuard provides interoperability instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about configuring a non-WatchGuard product, see the documentation and support resources for that product.

  1. (Fireware v12.3 or higher) Select VPN > Mobile VPN > IKEv2 > Client Profile.
    The Client Profile page opens.

Screen shot of the Client Profile page

  1. (Fireware v12.2.1 or lower) Select VPN > Mobile VPN with IKEv2 .
  2. Click Download. A compressed .TGZ file downloads to your computer.
  3. Extract the .TAR file from the .TGZ file.
  4. Extract the files from the .TAR file. Folders with instructions and scripts, certificates, and a README.txt file show.

Screenshot of extracted files and folders

  1. For an overview of the client configuration process, open the README.txt file in the root folder.
  2. For instructions and a configuration script specific to your operating system, open the folder for your operating system.

The WatchGuard Mobile VPN directory is only available in Fireware v12.11.1 and higher.

Screenshot of folders for different operating systems.

  1. (Fireware v12.3 or higher) Select VPN > Mobile VPN > Get Started > IKEv2 > Client Profile.
  2. (Fireware v12.2.1 or lower) Select VPN > Mobile VPN > IKEv2 > Client Instructions.
    The Mobile VPN with IKEv2 Client Instructions dialog box opens.

Screenshot of MVPN with IKEv2 client instructions VPN connection name dialog box

  1. In the VPN Connection Name text box, type a name that describes this VPN connection.
  2. Click Download.
  3. On your computer, select a location to save the .TGZ file.
    A dialog box that requests connection information and credentials for your Firebox opens.

Screenshot of mvpn with IKEv2 client instructions dialog box

  1. Type the IP address of your Firebox.
  2. Type the administrator user name and password for your Firebox.
  3. From the Authentication Server drop-down list, select the authentication server for your Firebox.
  4. Click OK.
    The Fireware Policy Manager dialog box opens.

Screen shot of the Fireware Policy Manager dialog box

  1. Extract the .TAR file from the .TGZ file.
  2. Extract the files from the .TAR file. Folders with instructions and scripts, certificates, and a README.txt file show.

Screenshot of folder that contains instructions, scripts, certificates, and a README.txt file.

  1. For an overview of the client configuration process, open the README.txt file in the root folder.
  2. For instructions and a configuration script specific to your operating system, open the folder for your operating system.

The WatchGuard IPSec Mobile VPN directory is available in Fireware v12.11.1 and higher.

 

If you manage your Firebox in WatchGuard Cloud, go to Download the Mobile VPN with IKEv2 Client Profile for download instructions.

Configure Devices and Clients for Mobile VPN with IKEv2

For Help Center versions of the instructions included in the .TGZ file, go to:

Related Topics

Mobile VPN with IKEv2

Use the WatchGuard IKEv2 Setup Wizard

Troubleshoot Mobile VPN with IKEv2