Generate Mobile VPN with IPSec Configuration Files

To configure the WatchGuard IPSec Mobile VPN Client, you import a configuration file. The configuration file is also called the end user profile. When you first configure a Mobile VPN with IPSec group, or if you make a change to the settings for a group, you must regenerate the configuration file for the group and provide it to mobile users.

To generate an end-user profile file for a group, from Fireware Web UI:

1. Select VPN > Mobile VPN with IPSec.
2. In the Groups list, select the Mobile VPN group.
3. From the Client drop-down list, select the type of VPN client you use.
   • Select WatchGuard Mobile VPN to generate a .ini file for the WatchGuard Mobile VPN client.
   • Select Shrew Soft VPN to generate a .vpn file for the Shrew Soft VPN client.
4. Click Generate.
5. Select a file name and location to save the configuration file. The correct file extension is automatically added when the file is saved. Do not specify a different file extension.

To generate an end user profile file for a group, from Policy Manager:

1. Select VPN > Mobile VPN > IPSec.
2. Select the Mobile VPN group.
3. Click Generate.
   Policy Manager generates the configuration files and shows the location where you can find the generated files.

You can now distribute the configuration file to the end users.

There are three types of configuration files.

.wgx

The .wgx file is used by the WatchGuard IPSec Mobile VPN Client. A .wgx file cannot set the Line Management settings in the client software. If you set Line Management to anything other than Manual, you must use the .ini configuration file. The .wgx file is encrypted with the passphrase specified in the Mobile VPN with IPSec configuration. You must use Policy Manager to generate the encrypted .wgx file.

.ini

The .ini file is used by the WatchGuard IPSec Mobile VPN Client. Use this file format only if you did not set Line Management to Manual. The .ini file is not encrypted.

For more information, see Line Management on the Advanced tab in Modify an Existing Mobile VPN with IPSec Group Profile.

.vpn

The .vpn file is used by the Shrew Soft VPN client. The .vpn configuration file is not encrypted. The Shrew Soft VPN client does not support some Mobile VPN with IPSec configuration settings and features.

For more information, see About the Shrew Soft VPN Client.

The .ini file for the WatchGuard IPSec Mobile VPN Client can be generated as read-only so that the end users cannot change settings in the client.

For more information, see Lock Down an End User Profile.

If you use certificates for VPN authentication, copies of the CA and client certificates from your Management Server are also exported when you generate the end-user profile. For more information about these certificates, see Configure the Certificate Authority on the Management Server.

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Technical Search

© 2018 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, WatchGuard Dimension, Firebox, Core, Fireware, and LiveSecurity are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.