Use Mobile VPN with SSL with an OpenVPN Client

Your users can make an SSL VPN connection to the Firebox with an OpenVPN client. For example, users can install OpenVPN Connect for Android or iOS, which is available from openvpn.net, the Google Play app store, or the Apple app store.

To configure the OpenVPN app, users can download a Mobile VPN with SSL client profile from the Firebox. Users can then import the profile into the OpenVPN app.

In Fireware v12.3 or higher, Mobile VPN with SSL supports two-factor, challenge-response authentication for native OpenVPN clients.

Requirements

Before you download the Mobile VPN with SSL client profile, make sure your Firebox is configured to route VPN traffic. Make sure that Routed VPN traffic is selected in the Mobile VPN with SSL configuration. For more information, go to Manually Configure the Firebox for Mobile VPN with SSL.

Download the Mobile VPN with SSL Client Profile

After you configure Mobile VPN with SSL on the Firebox, your users can download the client.ovpn file from the Firebox and send it to the device where the OpenVPN client is installed.

Because web browsers on some mobile devices do not support file downloads, these procedures describe how to download the file to another device and email it to the mobile device as a file attachment.

In Fireware v12.11 or higher, the Mobile VPN with SSL client download page is removed from the Firebox. You can use Fireware Web UI or Policy Manager to download the .ovpn client profile from the Firebox.

To download the .ovpn client profile, from Fireware Web UI:

  1. Select VPN > Mobile VPN.
    The Mobile VPN page opens.
  2. From the SSL section, click Download Profile. The file you download is called client.ovpn.

  1. Save the file to a location on your computer.
  2. Send the file as an email file attachment to the mobile VPN user.

To download the .ovpn client profile, from Policy Manager:

  1. Select VPN > Mobile VPN > Get Started.
    The Configure Mobile VPN page opens.
  2. From the SSL section, click Download Profile. The file you download is called client.ovpn.

  1. Save the file to a location on your computer.
  2. Send the file as an email file attachment to the mobile VPN user.
  1. Connect to the Firebox with a web browser over port 443, unless you configured a custom port number:

https://<IP address of a Firebox interface or host name>/sslvpn.html

or

https://<IP address of a Firebox interface or host name>:<custom port number>/sslvpn.html

  1. Type your user name and password to authenticate to the Firebox.
    The Mobile VPN with SSL download page opens.

Screen shot of the SSL VPN client download page

  1. Click the Download button for the Mobile VPN with SSL client profile. The file you download is called client.ovpn.
  2. Save the file to a location on your computer.
  3. Send the file as an email file attachment to the mobile VPN user.

Import the Client Profile

To import a client profile to an Android or iOS device:

  1. Install the OpenVPN Connect app.
  2. Open the email message that contains the .ovpn email attachment.
  3. Tap the attachment to open the file in the OpenVPN Connect app.
  4. Import the .ovpn file to the VPN client to create a new connection profile.
  5. In the profile, type the Username and Password you use to authenticate to the Firebox.
  6. To start the VPN tunnel, select or enable on the VPN profile in OpenVPN Connect.

For more information about the OpenVPN client, go to the documentation provided by OpenVPN:

Related Topics

Configure the Firebox for Mobile VPN with SSL

Choose the Port and Protocol for Mobile VPN with SSL