SSL-VPN Roadwarrior with iOS or Android

Create the configuration files for an SSL VPN Roadwarrior connection with iOS or Android

Last adaptation to the version: 12.6.0

New:

New design

notemptyThis article refers to a Beta version

11.8.2 11.6.11 11.7.1

Introduction

If devices running iOS or Android are to be connected to the UTM, the easiest way is to use the Securepoint VPN Client app for iOS or the Securepoint VPN Client app for Android. The configuration files can be easily exported from the UTM and imported onto the mobile devices.

Preparation

The prerequisite is the setup of an SSL VPN Roadwarrior on the Securepoint firewall as described in the SSL VPN Roadwarrior article.

Provide configuration files

The configuration files can be downloaded from the user administration:

Under Authentication User Area User the user is selected,
for which a SSL VPN connection is to be established.
Opening the details with

SSL-VPN

Caption	Value	Description	SSL-VPN settings for users
Use group settings:	No	If the user is a member of a group, the settings can be adopted from there. The following settings are then greyed out here and are to be configured in the Authentication Users Area Groups menu.
Client downloadable in the user interface	Yes	The Securepoint VPN Windows client can be downloaded from the user web interface (accessible via port 1443 by default). The port is configurable in the → Network →Server settingsTab Server settings Button Webserver / User Webinterface Port: : 1443.
SSL VPN connection:	RW-Securepoint	Selection of a connection created in the VPN SSL-VPN menu.
Client certificate:	CC Roadwarrior	A certificate must be specified that the client uses to authenticate itself to the UTM. It is also possible to use ACME certificates.
Remote Gateway:	192.168.175.1 (Example-IP)	External IP address or DNS resolvable address of the gateway to which the connection is to be established.
Redirect Gateway:	by Default-Route-Splitting notemptyNew as of v14.1.1	All data traffic is routed through the tunnel. The VPN tunnel acts as the primary default gateway. If the tunnel does not respond, the regular default gateway is used.
	by replacing the default gateway (deprecated)	All data traffic is routed through the tunnel. Completely replaces the default gateway (without fallback).
	Off	Only destinations behind the VPN are routed through the tunnel. The default gateway is used for all other destinations
Installer notemptyNew as of v14.1.1
Configuration		Downloads the configuration files for any VPN clients. The file contains the necessary configuration files and certificates in the local_firewall.securepoint.local.tblk folder.
Configuration with certificate notemptyNew as of v14.0.1		Downloads the configuration file for any VPN client. The certificates are written directly to the ovpn file.
The file name contains the user name and notempty v14.1.1 the type of file (installer, portable, config, or inline)

Download the configuration files used in the Securepoint VPN Client app with Configuration.

Transfer of configuration files

The .zip file can now be transferred to the mobile device:

iOS

Using iTunes, Apple Configurator2 or via a suitable cloud service.
Save the .zip file under Locations / On my iPhone / Securepoint VPN Client / User.zip

Android

Transfer via USB or via a suitable cloud service.

notemptyTransmission by mail or cloud services that are not DSGVO-compliant is not recommended for security reasons!

Establish VPN connection on the mobile device

Installation of the Securepoint VPN Client app and import of the configuration file into the respective app, is described here: iOS or Android