Use Mobile VPN with SSL with an OpenVPN Client

In Fireware XTM v11.7.4 and later, the XTM device creates a Mobile VPN with SSL client profile that users can import to an OpenVPN client to create a profile for connections to the XTM device. This enables you to configure an OpenVPN client, such as the OpenVPN Connect app for Android and iOS, to make an SSL VPN connection to the XTM device.

Fireware XTM v11.7.3 also supports connections from OpenVPN Connect, but does not generate the .ovpn file. For information about how to create this file manually for connections to a device that uses Fireware XTM v11.7.3, see the article Create an SSL VPN Profile for OpenVPN Connect for Android/iOS in the WatchGuard Knowledge Base.

OpenVPN Connect is available from, the Google Play app store, or the Apple app store.


Before you download the Mobile VPN with SSL client profile, make sure your XTM device configuration meets these requirements:

To generate new SSLVPN certificates, you must delete the SSLVPN certificates from the XTM device and reboot the XTM device. When the XTM device restarts, it creates new SSLVPN certificates.

The three SSLVPN certificates have these common name (cn) attributes:

You must use Firebox System Manager (FSM) to delete certificates. For more information, see the WatchGuard System Manager Help.

After the XTM device generates new SSLVPN certificates, existing WatchGuard Mobile VPN with SSL clients automatically download the new certificates the next time your users connect. The WatchGuard Mobile VPN with SSL client prompts the user to accept the new certificate if the user does not have the CA certificate for the XTM device.

Download the Mobile VPN with SSL Client Profile

After Mobile VPN with SSL is configured, you can download the client.ovpn file from the XTM device, and send it to the device where the OpenVPN client is installed.

Because the web browser on some mobile devices do not support file downloads, this procedure describes how to download the file to another device, and then email it to the mobile device as a file attachment.

To download the .ovpn profile from the XTM device:

  1. Connect to this address with a web browser:
https://<IP address of an XTM device interface>/sslvpn.html


https://<Host name of the XTM device>/sslvpn.html
  1. Type your user name and password to authenticate to the XTM device.
    The Mobile VPN with SSL download page appears.

Screen shot of the SSL VPN client download page

  1. Click the Download button for the Mobile VPN with SSL client profile. The file you download is called client.ovpn.
  2. Save the file to a location on your computer.
  3. Send the file as an email file attachment to the mobile user.

Import the Client Profile

To import a client profile to an Android or iOS device:

  1. Install the OpenVPN Connect app.
  2. Open the email message that contains the .ovpn email attachment.
  3. Tap the attachment to open the file in the OpenVPN Connect app.
  4. Import the .ovpn file to the VPN client to create a new connection profile.
  5. In the profile, type the Username and Password you use to authenticate to the XTM device.
  6. To start the VPN tunnel, select or turn on the VPN profile in OpenVPN Connect.

See the documentation for your OpenVPN client for more information about how to import a .ovpn file.

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base