How can we help you?

Topics

Connect to NordVPN (IKEv2/IPSec) on Windows

The IKEv2/IPSec connection is one of the alternative methods to connect to NordVPN servers on your Windows PC. This is the preferred connection method among privacy enthusiasts because the IKEv2/IPSec security protocol is currently one of the most advanced on the market. That said, this manual setup lacks the additional features of the native NordVPN app and is a bit more complicated to set up.

Note: The Windows system configuration downgrades the cipher to the weaker 3DES-CBC encryption.

Disclaimer: This connection method will require you to add the certificate to Trusted Root Authorities, which will apply to all certificates. This may put your system at the risk of an MITM attack if someone gets the private key of that certificate. While our private keys are completely secure and the chances of anything bad happening are very small, we recommend this connection method only if you cannot connect using our native app or other alternative way.


To use this connection method, the only file you need to download and install is the NordVPN digital certificate. The connection application itself is already a part of Windows.

Configuring the NordVPN digital certificate

  1. Download the NordVPN certificate.

    Note: Your browser may try to save the file in its own certificate location or open it immediately. Make sure to download the file instead of just opening it. In Firefox, right-click the link above and select "Save link as." In Internet Explorer, select "Save" instead of "Open.” Chrome will download the file correctly. 

    5Q30Rk1Xr8.png

    Double-click the “root.cer” file that you have just downloaded.
  2. Click "Open."

    alesJhupHf.png
     
  3. Click "Install certificate."

    3.PNG
     
  4. Select "Local Machine" and click "Next."

    4.PNG
     
  5. Select “Place all certificates in the following store” and click “Browse.”

    5.PNG

  6. Select “Trusted root certification authorities.” Click “Ok” and then “Next.”


    6.PNG

  7. Click "Finish."
  8. Click "Ok" in both the following windows.
  9. Open the “Run” box by pressing the “Windows” key and the “R” key together on your keyboard. Type “certmgr.msc” in the “Run” box to open the certificates management tool.



  10. Go to “Trusted root certification authorities,” open “Certificates,” and find the “NordVPN Root CA” file.

    PtFuDBCy4q.png

  11. Right-click on the “NordVPN Root CA” file and select “Properties.”

    MpExESA76x (1).png

  12. Check the “Enable only for the following purposes” option and uncheck all the boxes except for the “Server authentication” box.

    03OUSWKlQw.png

  13. Click "Ok" and "Apply."

Setting up a VPN connection:

    1. Open the Windows “Start” menu and type “control panel” in the search bar. In the search results, click on “Control panel.”


      Win10ControlPanel (1).PNG

    2. Open the “Network and Internet” section.

      10.PNG

    3. Click on “Network and sharing center.”

      11.PNG

    4. Click "Set up a new connection or network."

      12.PNG
       
    5. Click “Connect to a workplace” and hit “Next.”

      13 (1).PNG

    6. If asked "Do you want to use a connection that you already have?", select “No, create a new connection” and click “Next.”
    7. Click “Use my Internet connection (VPN).”

      15.PNG

    8. In the “Internet address” field, type the hostname of the server suggested to you in your NordAccount server recommendation tab.

Follow the steps below to find the best server for your connection:

  1. Log into your Nord Account, and click NordVPN.


     
  2. Scroll down to Advanced Settings and click Set up NordVPN manually.


     
  3. Select the Server recommendation tab. According to your location, the best server will be recommended.


     
  4. By pressing Advanced filters you can further customize the recommended servers by selecting the Server type and the Security protocol.




     

 

    1. Open the “Network and sharing center” again and click “Change adapter settings.”

      17.PNG

    2. Right-click the adapter with the name you’ve just created, click “Properties,” and go to the “Security” tab.
    3. Make sure the configuration is as follows:

      Type of VPN: “IKEv2” 
      Data encryption: “Require encryption (disconnect if server declines)” 
      Authentication: “Use Extensible Authentication Protocol(EAP)” (select “EAP-MSCHAP v2” in the drop-down menu.)

      19.PNG

    4. Open the “Networking” tab and uncheck the “Internet Protocol Version 6 (TCP/IPv6)” box.

      lv7xWS5HiY (1).png

    5. Click "Ok."
    6. In the system tray located in the bottom-right corner of the screen, click on either the Wi-Fi or Ethernet connection icon and click “Network & internet settings.”

      uEPsiIJ2Jy.png

    7. In the left sidebar of the settings, select “VPN,” find your created IKEv2 connection, and click on “Advanced options.”

      lmCxOpECUF.png

    8. Click "Edit" and enter your NordVPN service username and password.
      You can find your NordVPN service credentials through the Nord Account dashboard:

Follow the steps below to find the service credentials for manual connection setup:

  1. Log into your Nord Account, and click NordVPN.


     
  2. Scroll down to Advanced Settings and click Set up NordVPN manually.


     
  3. Select the Service credentials tab, where you'll find the Username and Password needed to connect manually.
  1.  
    1.  Paste the service credentials to the Username and password windows and save it.

      SYcoAGcjYT.png

    2. Click on the network icon again in the system tray in the bottom-right corner of the screen and click “Connect” under “NordVPN IKEv2.”

      MAWFxKIeLs (1).png

    3. That’s it — you should now be connected.
Was this article helpful?
Thanks!