Configure iOS and macOS Devices for Mobile VPN with IKEv2
You can configure the native IKEv2 VPN client on iOS and macOS devices for a VPN connection to your Firebox.
To automatically add a VPN profile to your device, you can use .mobileconfig profile that you download from the Firebox. Or, you can manually configure the settings. This topic includes instructions for both automatic and manual configuration.
WatchGuard provides interoperability instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about configuring a non-WatchGuard product, see the documentation and support resources for that product.
Automatically Configure VPN Settings
To automatically configure a VPN connection with a profile provided by WatchGuard, you must download a .TGZ file from your Firebox and extract the contents. This file contains instructions and profiles for different operating systems. For information about how to download this file, see Configure Client Devices for Mobile VPN with IKEv2.
The profile creates a new IKEv2 VPN connection. It also installs the required CA certificate for the VPN connection.
On iOS devices, you must type the user name and password when prompted. If you do not specify a user name and password, the VPN profile is created but does not work.
- From the .TGZ file you downloaded from the Firebox, find the WG IKEv2.mobileconfig file.
- Send the WG IKEv2.mobileconfig file to your macOS or iOS device.
- To import the WG IKEv2.mobileconfig file, click the file.
- Follow the instructions that appear during the import process.
- Type your user name and password.
Manually Configure VPN Settings
You can manually add a new VPN connection rather than use the profile provided by WatchGuard.
- From the .TGZ file you downloaded from the Firebox, find the rootca.crt or rootca.pem certificate file.
- Send the rootca.crt or rootca.pemcertificate file to your macOS device.
- To install the certificate, click the rootca.crt or rootca.pem file.
The Keychain Access application opens. - Add the certificate to the existing list.
- Find the certificate in the list and double-click it.
- Expand the Trust menu. Change When using this certificate to Always Trust.
- Select System Preferences > Network.
- To add a new service, click the + symbol.
- To configure the VPN, specify these settings:
- Interface — VPN
- VPN Type— IKEv2
- Service Name— VPN connection name (For example, WG IKEv2 VPN)
- Click Create.
- On the next screen, specify this information:
- Server Address— Host name or IP address of the server
- Remote ID— Host name or IP address of the server
- Click Authentication Settings and specify the user information:
- Authentication Settings— User name
- User Authentication— User name
- Username — Your Firebox user name
- Password— Your Firebox password
- Click OK and then click Apply.
- To start a VPN connection to the Firebox, select the new IKEv2 connection that you added.
On iOS devices, you must type the user name and password when prompted. If you do not specify a user name and password, the VPN profile is created but does not work.
- From the .TGZ file you downloaded from the Firebox, find the rootca.crt or rootca.pem file.
- Send the rootca.crt or rootca.pem file to your iOS device.
- To install the certificate, click the rootca.crt or rootca.pem file.
- Select Settings > General > VPN.
- Click Add VPN Configuration.
- To configure the VPN, specify these settings:
- Type— IKEv2
- Description— VPN connection description
- Server— Host name or IP address of the server
- Remote ID— Host name or IP address of the server
- (Required) Username— Your Firebox user name
- (Required) Password— Your Firebox password
- Click Done at the top right.
- To start a VPN connection to the Firebox, select the new IKEv2 connection that you added.
See Also
Configure Client Devices for Mobile VPN with IKEv2
Configure Android Devices for Mobile VPN with IKEv2