Galaxy A42 5G VPN to M470 (12.8)

Can't figure out how to get a VPN going between the two, nothing from the old instructions by WG seems to work.

I have IPSec, IKEv2, SSL, and L2TP configured on the 470
L2TP doesn't appear on A42 as an option
and neither IPSec nor IKEv2 seem to connect after being configured
IKEv2 to be specific does something funny with the certificate (only imports CA portion)
While in theory, an SSL should be possible, every 3rd party client requires a profile and i can't figure out how to get it out of the 470 (the web link is dead)

Any suggestions are appreciated!
thanks!
tony

Comments

  • For the record, what Fireware version is on your M470?

    re.: the SSLVPN profile - exactly what web link is dead ?
    What is being seen at the client?

    Are you using the OpenVPN client for Android?
    Looks to me that you should.

    Use Mobile VPN with SSL with an OpenVPN Client
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/mvpn_ssl_ovpn_profile_c.html

    Troubleshoot Mobile VPN with SSL
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/mvpn_ssl_tshoot_c.html

  • TVMTVM
    edited July 2022

    Thank you for your response!
    version 12.8 B659436

    the dead link is from the article you've referenced (with my proper FB IP)
    "To download the .ovpn profile from the Firebox:

    Connect to the Firebox with a web browser over port 443, unless you configured a custom port number:
    https:///sslvpn.html

    or

    https://:/sslvpn.html"

    ERR_CONNECTION_TIMED_OUT

    Manually extracting the SSL profile as described in the second article yields a file that appears to be incompatible with OpenVPN

  • FYI - the Markdown "feature" of this forum messes up things, including HTTPS URLs... It really should be turned off, IMHO.

    Access to my firewall via sslvpn.html works for me.

    Is SSLVPN activated in your config?
    Are you using the default port of TCP port 443 for SSLVPN?

    From where are you trying this access? Behind the firewall of from the Internet?
    Does the WatchGuard SSLVPN policy allow access from the access location?

    The "client" in the 2nd link is the WG SSLVPN client.
    To get the OpenVPN client for Android - go to the Google Play store.

  • If you are still having issues accessing the .ovpn file, consider opening a support case.

  • Bingo! the policy was the culprit. I was connecting internally, while the default only lists external!
    Thanks a bunch!

  • Agh ... always something ... now the RDP is failing the syn check
    Oh well, i do have a case open, we'll see if WG can help

  • edited July 2022

    Where is the RDP client and RDP server located?

    Internet -> server behind the firewall ??
    If so, is the RDP policy restricted to specific users or public IP addrs ?

    syn check can be disabled, if needed. Global Settings -> Networking

  • the server is behind the same 470, the client is outside on 5g
    i have a auto generated policy for Auth users to Any
    and a manual specifically for RDP from authorized users to internal
    it all works fine for other VPN types

Sign In to comment.