IKEv2 Linux

svitadminsvitadmin
in Firebox - VPN Mobile User

Has anyone successfully configured the IKEv2 Mobile VPN with a Linux (Ubuntu) client computer? We do use Linux with our Mobile SSL VPN with no problems, however, I wanted to look at using IKEv2 VPN with Linux. Windows and Mac can connect using the pre-configured file from the firewall.

I tried setting up something manually from the Android config file but couldn't get it to work, and just wondered if someone had already done this and/or can point me in the right direction? I couldn't find much from searching both Watchguard Docs and this forum or Google.

Thanks
Keith

Comments

  • FontejonFontejon
    edited January 2022

    Hey Keith, I am working on this as well. Have you been able to crack this nut? It was recommended that I incorporate strongswan and I got it installed however can't seem to configure this correctly.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @svitadmin
    The other user here is correct, it requires strongswan, which is not always installed by default in every distro.
    Most distros include OpenVPN support by default, which is compliable with the SSLVPN. If you're having trouble getting it up and going, the OVPN file from the firewall into the built in OpenVPN client on the distro may be a faster option.

    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/mvpn_ssl_ovpn_profile_c.html

    -James Carson
    WatchGuard Customer Support

  • Fri3ndFri3nd

    Hello all,
    I am new to this forum. I try to get a connection from my Ubuntu PC at home (Ubuntu 24.04 LTS) on my Firebox T35-W. The device itself is adminisered remotely by CGM; this means I cannot access the web interface of the firewall and therefore I cannot download an ovpn profile. CGM sent me a rootca.pem file which should be used to establish an IKEv2 connection. I installed the following packages fron the repositories:
    strongswan
    strongswan-charon
    strongswan-nm
    strongswan-starter
    After doin so, I could add a new IPsec/IKEv2 (strongswan) VPN connection.
    The firewall is available, I checked this via:
    journalctl -u NetworkManager -f
    A package is sent and one is received, but I get the error messages:
    connect-failed and login-failed.
    I really dont know why this occurs. Any ideas?

    Thanks, Fri3nd

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Fri3nd

    These are your options for creating an OVPN file for use with OpenVPN:

    (Create or download an OpenVPN configuration file to connect to a Firebox device)
    https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000g3KiSAI&lang=en_US

    The easiest thing to do will be to ask the folks administering your firewall to generate an OpenVPN OVPN file for you, as they can just download it from the firewall itself.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.