Watchguard SSL-VPN for Linux
Borrowing a lot from this site, I wanted to update the process on using Mobile VPN with SSL Watchguard. Here’s what you need to do:
- Do not download from the sslvpn.html page of your VPN appliance, it won’t have all the steps for the Linux side of the house.
- Do download the CRT, PEM, and CA files from your Windows or Mac SSLVPN client installation. For Windows, it is found in “%Appdata%\Watchguard\Mobile VPN” and grab the following to copy over to your Linux installation:
- ca.crt
- client.crt
- client.pem
- If you are using SELinux, you must copy the files from step 2 into ~/.cert or SELinux will whine and stop your connection as the certificates can’t lay around your home folder without intervention not covered here.
- Setup an openvpn client using the following settings:
- gateway = your pick
- Connection type = X.509 with password
- CA file = ca.crt
- Certificate = client.crt
- key = client.pem
- Key password = <unneeded>
- Username and password is your setup
- While setting up the connection, you need to tweak the settings by clicking on “Advanced” which is in the screen from step 3
- Gateway port = 443
- Tunnel and UDP fragment size = Automatic
- Check “Use custom reneotiation interval” = 36060 (default from Watchguard)
- Check “Use TCP Connection” as this is a SSLVPN on TCP 443
- On the Security tab, your cipher should be AES-256-CBC and the HMAC Authentication should be SHA-1
That’s it, the connection will fire right up and run without further settings. Enjoy!