Post

Watchguard SSL-VPN for Linux

Borrowing a lot from this site, I wanted to update the process on using Mobile VPN with SSL Watchguard. Here’s what you need to do:

  1. Do not download from the sslvpn.html page of your VPN appliance, it won’t have all the steps for the Linux side of the house.
  2. Do download the CRT, PEM, and CA files from your Windows or Mac SSLVPN client installation.  For Windows, it is found in “%Appdata%\Watchguard\Mobile VPN” and grab the following to copy over to your Linux installation:
    1. ca.crt
    2. client.crt
    3. client.pem
  3. If you are using SELinux, you must copy the files from step 2 into ~/.cert or SELinux will whine and stop your connection as the certificates can’t lay around your home folder without intervention not covered here.
  4. Setup an openvpn client using the following settings:
    1. gateway = your pick
    2. Connection type = X.509 with password
    3. CA file = ca.crt
    4. Certificate = client.crt
    5. key = client.pem
    6. Key password = <unneeded>
    7. Username and password is your setup
  5. While setting up the connection, you need to tweak the settings by clicking on “Advanced” which is in the screen from step 3
    1. Gateway port = 443
    2. Tunnel and UDP fragment size = Automatic
    3. Check “Use custom reneotiation interval” = 36060 (default from Watchguard)
    4. Check “Use TCP Connection” as this is a SSLVPN on TCP 443
    5. On the Security tab, your cipher should be AES-256-CBC and the HMAC Authentication should be SHA-1

That’s it, the connection will fire right up and run without further settings.  Enjoy!