In Fireware XTM v11.7.4 and later, the XTM device creates a Mobile VPN with SSL client profile that users can import to an OpenVPN client to create a profile for connections to the XTM device. This enables you to configure an OpenVPN client, such as the OpenVPN Connect app for Android and iOS, to make an SSL VPN connection to the XTM device.
Fireware XTM v11.7.3 also supports connections from OpenVPN Connect, but does not generate the .ovpn file. For information about how to create this file manually for connections to a device that uses Fireware XTM v11.7.3, see the article Create an SSL VPN Profile for OpenVPN Connect for Android/iOS in the WatchGuard Knowledge Base.
OpenVPN Connect is available from www.openvpn.net, the Google Play app store, or the Apple app store.
Before you download the Mobile VPN with SSL client profile, make sure your XTM device configuration meets these requirements:
To generate new SSLVPN certificates, you must delete the SSLVPN certificates from the XTM device and reboot the XTM device. When the XTM device restarts, it creates new SSLVPN certificates.
The three SSLVPN certificates have these common name (cn) attributes:
You must use Firebox System Manager (FSM) to delete certificates. For more information, see the WatchGuard System Manager Help.
After the XTM device generates new SSLVPN certificates, existing WatchGuard Mobile VPN with SSL clients automatically download the new certificates the next time your users connect. The WatchGuard Mobile VPN with SSL client prompts the user to accept the new certificate if the user does not have the CA certificate for the XTM device.
After Mobile VPN with SSL is configured, you can download the client.ovpn file from the XTM device, and send it to the device where the OpenVPN client is installed.
Because the web browser on some mobile devices do not support file downloads, this procedure describes how to download the file to another device, and then email it to the mobile device as a file attachment.
To download the .ovpn profile from the XTM device:
https://<IP address of an XTM device interface>/sslvpn.html
https://<Host name of the XTM device>/sslvpn.html
To import a client profile to an Android or iOS device:
See the documentation for your OpenVPN client for more information about how to import a .ovpn file.