How can we help you?

Connect to NordVPN (IKEv2/IPSec) on Windows

The IKEv2/IPSec connection is one of the alternative methods to connect to NordVPN servers on your Windows PC. This is the preferred connection method among privacy enthusiasts because the IKEv2/IPSec security protocol is currently one of the most advanced on the market. That said, this manual setup lacks the additional features of the native NordVPN app and is a bit more complicated to set up.

Note: The Windows system configuration downgrades the cipher to the weaker 3DES-CBC encryption.

Disclaimer: This connection method will require you to add the certificate to Trusted Root Authorities, which will apply to all certificates. This may put your system at the risk of an MITM attack if someone gets the private key of that certificate. While our private keys are completely secure and the chances of anything bad happening are very small, we recommend this connection method only if you cannot connect using our native app or other alternative way.


To use this connection method, the only file you need to download and install is the NordVPN digital certificate. The connection application itself is already a part of Windows.

Configuring the NordVPN digital certificate

  1. Download the NordVPN certificate.

    Note: Your browser may try to save the file in its own certificate location or open it immediately. Make sure to download the file instead of just opening it. In Firefox, right-click the link above and select "Save link as." In Internet Explorer, select "Save" instead of "Open.” Chrome will download the file correctly. 
    The “root.cer” is crucial to manually connecting to NordVPN on Windows using IKEv2/IPSec
    Double-click the “root.cer” file that you have just downloaded.
  2. Click "Open."

     In the “Security warning” pop-up, click “Open” to proceed with NordVPN setup on Windows
     
  3. Click "Install certificate."

    When the “root.cer” file opens, click “Install certificate” at the bottom of the “General” tab
     
  4. Select "Local Machine" and click "Next."

    When the “Certificate import wizard” launches, select “Local machine” as your “Store location”
     
  5. Select “Place all certificates in the following store” and click “Browse.”

    The “Certificate store” menu lets you choose specific store for NordVPN and other certificates
  6. Select “Trusted root certification authorities.” Click “Ok” and then “Next.”

    When prompted to select a store, you must choose “Trusted root certification authorities” to proceed
  7. Click "Finish."
  8. Click "Ok" in both the following windows.
  9. Open the “Run” box by pressing the “Windows” key and the “R” key together on your keyboard. Type “certmgr.msc” in the “Run” box to open the certificates management tool.

    The “Run” box lets you manually execute the files needed to set up NordVPN on your Windows device
  10. Go to “Trusted root certification authorities,” open “Certificates,” and find the “NordVPN Root CA” file.

    You will find the “NordVPN Root CA” certificate file among the many other certificates in the folder
  11. Right-click on the “NordVPN Root CA” file and select “Properties.”

    Clicking “Properties” on the “NordVPN Root CA” opens the advanced settings needed for setup
  12. Check the “Enable only for the following purposes” option and uncheck all the boxes except for the “Server authentication” box.

    You only need the NordVPN certificate for server authentication, so uncheck the other options
  13. Click "Ok" and "Apply."

Setting up a VPN connection:

  1. Open the Windows “Start” menu and type “control panel” in the search bar. In the search results, click on “Control panel.”

    The “Start” menu on Windows devices has a search bar, letting you find desired files quickly
  2. Open the “Network and Internet” section.

    The control panel lets you check your device’s performance, installed apps, and system configuration
  3. Click on “Network and sharing center.”

    The network and sharing center lets you monitor and tweak connections, including VPN connections
  4. Click "Set up a new connection or network."

     You can set up a broadband, dial-up, or VPN connection, or set up a router or access point
     
  5. Click “Connect to a workplace” and hit “Next.”

    To set up a VPN connection manually on Windows, you need to select “Connect to a workplace”
  6. If asked "Do you want to use a connection that you already have?", select “No, create a new connection” and click “Next.”
  7. Click “Use my Internet connection (VPN).”

    To continue setting up NordVPN using IKEv2/IPSec, select “Use my internet connection (VPN)”
  8. In the “Internet address” field, type the hostname of the server suggested to you by our recommended server utility.

    For “Destination name,” enter any name that you wish to have for the connection.

    The NordVPN recommended server utility selects the best available server for your circumstances
  9. Open the “Network and sharing center” again and click “Change adapter settings.”

    To set up NordVPN using IKEv2/IPSec, you will need to change your adapter settings
  10. Right-click the adapter with the name you’ve just created, click “Properties,” and go to the “Security” tab.
  11. Make sure the configuration is as follows:

    Type of VPN: “IKEv2” 
    Data encryption: “Require encryption (disconnect if server declines)” 
    Authentication: “Use Extensible Authentication Protocol(EAP)” (select “EAP-MSCHAP v2” in the drop-down menu.)
    Select these options in the “Security” tab to configure NordVPN for Windows using IKEv2/IPSec

  12. Open the “Networking” tab and uncheck the “Internet Protocol Version 6 (TCP/IPv6)” box.

    Your NordVPN connection will not use Internet Protocol Version 6 (TCP/IPv6), so uncheck it
  13. Click "Ok."
  14. In the system tray located in the bottom-right corner of the screen, click on either the Wi-Fi or Ethernet connection icon and click “Network & internet settings.”

    The next step in setting up NordVPN with IKEv2/IPSec lies in the “Network & internet settings”
  15. In the left sidebar of the settings, select “VPN,” find your created IKEv2 connection, and click on “Advanced options.”

    You will need to go to “Advanced options” to finalize a NordVPN connection for your Windows device
  16. Click "Edit" and enter your NordVPN service username and password.

    You can find your NordVPN service credentials through the Nord Account ashboard. Copy the credentials using the “Copy” buttons on the right. Click “Save” to confirm the changes.

    The Nord Account dashboard contains the NordVPN service credentials you need for manual setup

    Enter your NordVPN service credentials in the “Advanced settings” of your NordVPN connection
  17. Click on the network icon again in the system tray in the bottom-right corner of the screen and click “Connect” under “NordVPN IKEv2.”

    After you finish setting up NordVPN using IKEv2/IPSec, click “Connect” to enjoy online security
  18. That’s it — you should now be connected.
Related Articles
© Copyright 2023 all rights reservedSelf-service byGenesys