The IKEv2/IPSec connection is one of the alternative methods to connect to NordVPN servers on your Windows PC. This is the preferred connection method among privacy enthusiasts because the IKEv2/IPSec security protocol is currently one of the most advanced on the market. That said, this manual setup lacks the additional features of the native NordVPN app and is a bit more complicated to set up.
Note: The Windows system configuration downgrades the cipher to the weaker 3DES-CBC encryption.
Disclaimer: This connection method will require you to add the certificate to Trusted Root Authorities, which will apply to all certificates. This may put your system at the risk of an MITM attack if someone gets the private key of that certificate. While our private keys are completely secure and the chances of anything bad happening are very small, we recommend this connection method only if you cannot connect using our native app or other alternative way.
To use this connection method, the only file you need to download and install is the NordVPN digital certificate. The connection application itself is already a part of Windows.
Configuring the NordVPN digital certificate
- Download the NordVPN certificate.
Note: Your browser may try to save the file in its own certificate location or open it immediately. Make sure to download the file instead of just opening it. In Firefox, right-click the link above and select "Save link as." In Internet Explorer, select "Save" instead of "Open.” Chrome will download the file correctly.
Double-click the “root.cer” file that you have just downloaded.
- Click "Open."
- Click "Install certificate."
- Select "Local Machine" and click "Next."
- Select “Place all certificates in the following store” and click “Browse.”
- Select “Trusted root certification authorities.” Click “Ok” and then “Next.”
- Click "Finish."
- Click "Ok" in both the following windows.
- Open the “Run” box by pressing the “Windows” key and the “R” key together on your keyboard. Type “certmgr.msc” in the “Run” box to open the certificates management tool.
- Go to “Trusted root certification authorities,” open “Certificates,” and find the “NordVPN Root CA” file.
- Right-click on the “NordVPN Root CA” file and select “Properties.”
- Check the “Enable only for the following purposes” option and uncheck all the boxes except for the “Server authentication” box.
- Click "Ok" and "Apply."
Setting up a VPN connection:
- Open the Windows “Start” menu and type “control panel” in the search bar. In the search results, click on “Control panel.”
- Open the “Network and Internet” section.
- Click on “Network and sharing center.”
- Click "Set up a new connection or network."
- Click “Connect to a workplace” and hit “Next.”
- If asked "Do you want to use a connection that you already have?", select “No, create a new connection” and click “Next.”
- Click “Use my Internet connection (VPN).”
- In the “Internet address” field, type the hostname of the server suggested to you by our recommended server utility.
For “Destination name,” enter any name that you wish to have for the connection.
- Open the “Network and sharing center” again and click “Change adapter settings.”
- Right-click the adapter with the name you’ve just created, click “Properties,” and go to the “Security” tab.
- Make sure the configuration is as follows:
Type of VPN: “IKEv2”
Data encryption: “Require encryption (disconnect if server declines)”
Authentication: “Use Extensible Authentication Protocol(EAP)” (select “EAP-MSCHAP v2” in the drop-down menu.)
- Open the “Networking” tab and uncheck the “Internet Protocol Version 6 (TCP/IPv6)” box.
- Click "Ok."
- In the system tray located in the bottom-right corner of the screen, click on either the Wi-Fi or Ethernet connection icon and click “Network & internet settings.”
- In the left sidebar of the settings, select “VPN,” find your created IKEv2 connection, and click on “Advanced options.”
- Click "Edit" and enter your NordVPN service username and password.
You can find your NordVPN service credentials through the Nord Account ashboard. Copy the credentials using the “Copy” buttons on the right. Click “Save” to confirm the changes.
- Click on the network icon again in the system tray in the bottom-right corner of the screen and click “Connect” under “NordVPN IKEv2.”
- That’s it — you should now be connected.