Configure Client Devices for Mobile VPN with IKEv2
Many client operating systems include a native IKEv2 client. For Android devices, you must download the third-party strongSwan app.
The steps to configure an IKEv2 connection are different for each client operating system. We provide instructions and files to help you configure an IKEv2 VPN connection on devices with these operating systems:
- Windows
- macOS
- iOS
- Android (strongSwan app)
For information on supported operating system versions, go to the Fireware Release Notes.
Instructions, profiles for macOS and Android, and scripts for Windows are included in a single file that you can download from your Firebox. You can use the profiles and scripts on your devices to automatically configure the IKEv2 VPN client. Or, you can follow the instructions to manually configure the IKEv2 VPN client. If you manually configure a client, you must add the rootca.crt or rootca.pem certificate to your device and follow the instructions in the README file.
To configure pre-logon VPN connections for Windows users, go to How can I create and deploy custom IKEv2 and L2TP VPN profiles for Windows computers? in the WatchGuard Knowledge Base.
WatchGuard provides interoperability instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about configuring a non-WatchGuard product, see the documentation and support resources for that product.
- (Fireware v12.3 or higher) Select VPN > Mobile VPN > IKEv2 > Client Profile.
The Client Profile page opens.
- (Fireware v12.2.1 or lower) Select VPN > Mobile VPN with IKEv2 .
- Click Download. A compressed .TGZ file downloads to your computer.
- Extract the .TAR file from the .TGZ file.
- Extract the files from the .TAR file. Folders with instructions and scripts, certificates, and a README.txt file show.
- For an overview of the client configuration process, open the README.txt file in the root folder.
- For instructions and a configuration script specific to your operating system, open the folder for your operating system.
- (Fireware v12.3 or higher) Select VPN > Mobile VPN > Get Started > IKEv2 > Client Profile.
- (Fireware v12.2.1 or lower) Select VPN > Mobile VPN > IKEv2 > Client Instructions.
The Mobile VPN with IKEv2 Client Instructions dialog box opens.
- In the VPN Connection Name text box, type a name that describes this VPN connection.
- Click Download.
- On your computer, select a location to save the .TGZ file.
A dialog box that requests connection information and credentials for your Firebox opens.
- Type the IP address of your Firebox.
- Type the administrator user name and password for your Firebox.
- From the Authentication Server drop-down list, select the authentication server for your Firebox.
- Click OK.
The Fireware Policy Manager dialog box opens.
- Extract the .TAR file from the .TGZ file.
- Extract the files from the .TAR file. Folders with instructions and scripts, certificates, and a README.txt file show.
- For an overview of the client configuration process, open the README.txt file in the root folder.
- For instructions and a configuration script specific to your operating system, open the folder for your operating system.
If you manage your Firebox in WatchGuard Cloud, go to Download the Mobile VPN with IKEv2 Client Profile for download instructions.
For online versions of the instructions included in the .TGZ file, go to:
- Configure iOS and macOS Devices for Mobile VPN with IKEv2
- Configure Windows Devices for Mobile VPN with IKEv2
- Configure Android Devices for Mobile VPN with IKEv2