Configuring Watchguard SSL VPN on Gentoo Linux

Daniel Bernhardt

Creative Commons Attribution-Noncommercial-Share Alike 3.0 Germany License


Watchguard uses OpenVPN to realize its VPN capabilities but only ships a Mac and Windows Client. The Clients are stripped down OpenVPN clients with Watchguard branding. As OpenVPN has mature Linux support, it is relatively easy to get a Watchguard SSL VPN working with Linux.

Revision History
Revision 1.02011-06-16Daniel Bernhardt
initial manual release

Installing OpenVPN

Of course we need to install OpenVPN. Install OpenVPN with emerge openvpn. As the time of writing you will end up with version 2.1. but 2.2. will work just as fine.

Obtaining user certificates

Before you can start setting up the VPN tunnel you need the following certificates.

  • ca.crt

  • client.crt

  • client.pem

If you do not yet have those certificates, you can download them from the watchguard firewall. Open a webbrowser of your choice and enter the following into the URL bar. Replace my_username with your username and my_password with your password.


Save the file.

The file client.wgssl you just downloaded is an archive. Extract the file twice until you end up with your certificates and an OpenVPN config file.


Copy the OpenVPN configuration from the client.wgssl archive to /etc/openvpn/ and name it myvpn.conf. You can replace myvpn with any identifier you want. Open myvpn.conf and edit the path to your certificates. The given path is relativ to /etc/openvpn/.

Go to /etc/init.d/ and create a symlink of the openvpn init script with .myvpn as a suffix.

init.d # ln -s openvpn openvpn.myvpn

You can now start your VPN with /etc/init.d/openvpn.myvpn start.