Mobile VPN with SSL 12.7.2 for macOS Ventura

I just upgraded to Mac OS Ventura and can't get it to connect, it immediately gives me an error message that it can't connect to the ip address. How anyone found a work around for this. Would greatly appreciate any help

Comments

  • Ventura is not supported yet.

    The WG SSLVPN client is based on the OpenVPN SSL client.
    The OpenVPN SSL client does not currently support Ventura.
    https://openvpn.net/client-connect-vpn-for-mac-os/

    Welcome the the bleeding edge of recently released software.
    Many of us wait for a while until the product is more mature and other vendors have time to deal with the changes that Apple makes to their OS.

  • there is absolutely no work around? would using openvpn solve the problem if my company can approve it?

  • its such a pain to factory reset and go back to the old OS now

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @AOAS

    A workaround would be to use the built-in VPN client in MacOS with any of the other VPN types:

    (Configure iOS and macOS Devices for Mobile VPN with IKEv2)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ikev2/mvpn_ikev2_mac_client.html

    (Use the macOS or iOS Native IPSec VPN Client)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ipsec/mvpn_ipsec_ios_vpn_c.html

    (Configure and Use L2TP on macOS)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/l2tp/l2tp_vpn_client_macosx_c.html

    -James Carson
    WatchGuard Customer Support

  • @james.carson said:
    Hi @AOAS

    A workaround would be to use the built-in VPN client in MacOS with any of the other VPN types:

    (Configure iOS and macOS Devices for Mobile VPN with IKEv2)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ikev2/mvpn_ikev2_mac_client.html

    (Use the macOS or iOS Native IPSec VPN Client)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ipsec/mvpn_ipsec_ios_vpn_c.html

    (Configure and Use L2TP on macOS)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/l2tp/l2tp_vpn_client_macosx_c.html

    Is there an update to Watchguard vpn coming to support Mac OS Ventura?

  • No.

    The WG SSLVPN client is based on the OpenVPN SSL client.
    The OpenVPN SSL client STILL does not currently support Ventura.
    https://openvpn.net/client-connect-vpn-for-mac-os/

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @AOAS Bruce is correct, there is not currently a version that outright supports it. We are working on an updated version, but don't have an ETA asto a release.

    The article here gives a good overview of what's going on:
    https://tunnelblick.net/cTunTapConnections.html
    (SSLVPN uses a TAP type adapter)

    The direction that apple appears to be going suggests that eventually you'll need to use one of the built in VPN drivers.

    Since OpenVPN (what SSLVPN is based off of, and is compatible with) can't be changed to a great extent without breaking compatibility with OpenVPN, SSLVPN updates will generally lag a bit behind Apple's releases.

    -James Carson
    WatchGuard Customer Support

  • I just upgraded to Ventura myself and realized that Watchguard Mobile VPN with SSL would no longer work. I am not 100% sure how I did it, but here is a close list that fixed it for me.

    1 - ran the Mobile VPN with SSL installer again(not sure if this is necessary)
    2 - launched and attempted to connect to my VPN.
    3 - opened MacOS System Settings and then went into the new Privacy & Security section. In there toward the bottom or in there and in extensions it showed that there was a Watchguard Extension being blocked. I selected to allow it and put in my OS password when prompted to update settings. At that point I rebooted. Then I got a certificate dialog when attempting to connect to the VPN that allowed me to view the cert, decline, or continue. I selected to view the certificate and selected the Always Trust checkbox at the top section of that window. I think I may have rebooted again, but then it connected to my SSL VPN normally using the Watchguard Mobile VPN with SSL application on MacOS Ventura.

    Hope this helps someone. It’s working for me again.

  • Thanks Jeff_C your comments worked for us...Thanks for posting your findings.

  • edited October 2022

    If I go the Mobile VPN with IKEv2 route for my MacOS Ventura connections, can I still use my Windows domain's Active Directory for authentication? I didn't see that option in the Setup Wizard.

    Firebox Model M270
    Version 12.8.2.B668649

    I have it setup in Authentication/Server and it is used by the Watchguard Mobil VPN SSL connections.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @Landy You can use it via a RADIUS server. If you're using Windows AD, this will usually be via the NPS role.

    -James Carson
    WatchGuard Customer Support

  • @Jeff_C said:
    I just upgraded to Ventura myself and realized that Watchguard Mobile VPN with SSL would no longer work. I am not 100% sure how I did it, but here is a close list that fixed it for me.

    1 - ran the Mobile VPN with SSL installer again(not sure if this is necessary)
    2 - launched and attempted to connect to my VPN.
    3 - opened MacOS System Settings and then went into the new Privacy & Security section. In there toward the bottom or in there and in extensions it showed that there was a Watchguard Extension being blocked. I selected to allow it and put in my OS password when prompted to update settings. At that point I rebooted. Then I got a certificate dialog when attempting to connect to the VPN that allowed me to view the cert, decline, or continue. I selected to view the certificate and selected the Always Trust checkbox at the top section of that window. I think I may have rebooted again, but then it connected to my SSL VPN normally using the Watchguard Mobile VPN with SSL application on MacOS Ventura.

    Hope this helps someone. It’s working for me again.

    This worked for me as well. All I did was step 1, step 2, then when attempting to connect to the VPN that allowed me to view the cert, decline, or continue. I selected to view the certificate and selected the Always Trust checkbox. No reboot done.

    Thank you @Jeff_C

  • Sadly this didn't work for me. I followed @Jeff_C steps until #3 where I do not see any place where Watchguard is mentioned as being blocked. Any other suggestions?

    Thank you.

  • edited November 2022

    Ventura changed how self signed Certificates are handled. You have to allow or trust the SSL Certificate from Watchguard, whenever you see the prompt.

    If the Pop-up will not come up any longer, please see below link on how to access the Mac’s certificate store, so that you can manually allow it.

    https://support.apple.com/guide/keychain-access/change-the-trust-settings-of-a-certificate-kyca11871/mac

  • edited April 2023

    For those with this issue still.. I was able to use Tunnelblick to connect instead as SSL VPN.

    • Download Tunnelblick and install it - https://tunnelblick.net/downloads.html - I chose the "Stable Version"
    • Use a web browser to log on to the firewall SSL VPN portal.. usually https://
    • In the items to download, select the "Mobile VPN with SSL client profile" download button.
    • This should download "client.ovpn" you can leave it named that or rename it to "My work VPN" or something. (this is how it is named in Tunnelblick)
    • Double-click the .ovpn file to import into Tunnelblick
    • You should now be able to connect with your username and password from the Tunnelblick menu in the menu bar.
  • james.carsonjames.carson Moderator, WatchGuard Representative
    edited April 2023

    @MrJeff01
    Tunnelblick will work just fine, just note that it will fall into the same certificate issue described by Jesse in the post above yours.

    Tunnelblick does not support automatically downloading the SSLVPN client profile, nor does it support entering pop-up OTP keys for MFA solutions. (You would need to append it to the username or password -or- use a push to a phone, depending on what your MFA solution supports.)

    Tunnelblick does seem to provide the most compatibility for Macs, from my experience.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.