How can we help you?

Connecting to NordVPN (IKEv2/IPSec) on Windows 7

The IKEv2/IPSec connection method is one of the alternative options for connecting to NordVPN servers on your Windows PC. This connection method is preferred by privacy enthusiasts, as the IKEv2/IPSec security protocol is currently one of the most advanced in the market. Having said that, this manual set-up lacks the additional features of the native NordVPN app and it is a bit more complicated to set up.

Note: due to Windows system configuration features, it downgrades the cipher to a weaker 3DES-CBC encryption cipher.

Disclaimer: To use this connection method, you have to add the certificate to Trusted Root Authorities. It applies to all certificates. This way, your system can potentially fall for a MITM attack if someone gets that certificate's private key.  Our private keys are completely secure and although there is a very small chance for that, we recommend avoiding this connection method unless you cannot connect using our native app or any other alternative way.

What makes this connection method so unique is that the only file that needs to be downloaded and installed is the NordVPN digital certificate. Windows provides the connection application itself - it's built right into Windows.

Installing the NordVPN certificate

The NordVPN root certificate needs to be installed to be able to connect using the IKEv2 protocol. It only needs to be installed once, and it will not affect your system in any other way.

1. Download our NordVPN certificate –
Note: Your browser may try to save the file into its own certificate location, or open it immediately. Make sure to download the file, instead of opening it. On Firefox, right-click the link above and select “Save Link As…”. In Internet Explorer, select “Save” instead of “Open”. Chrome will download the file correctly.

2. Press the keyboard combination Windows icon + R to open the “Run” window.
Type in “mmc” and press “OK”.

3. In the new window click on “File” and “Add/Remove Snap-in…”.

4. Click on “Certificates” and click on “Add >” button.

5. Then choose “Computer account” and click “Next”.

6. Choose “Local computer: (the computer this console is running on) and click “Finish”.

7. Click “OK”.

8. Click on “Certificates (Local Computer)”, right click on “Trusted Root Certification Authorities” and click “All Tasks” > “Import”.

9. Click “Next”.

10. Click the “Browse” button.

11. Locate “root.der” file which you have downloaded in the first step. Click on and press “Open”. If the file is not visible, make sure to select “All Files (*.*)” at the bottom of the window.

12. Click “Next”.

13. Select “Place all certificates in the following store” and click “Next”.

14. Click “Finish”. Afterwards, you will receive a notification saying “The import was successful”

Configure the connection.

This part of the tutorial actually configures the connection.

15. Go to the Control panel, and click on Network and Internet.

16. Click on Network and Sharing Center.

17. Click Set up new connection or network.

18. In new tab, select Connect to a workplace and click next.

19. Select No, create a new connection and click next. This window will only appear if you have configured a manual connection before.

20. Click on Use my Internet connection (VPN).

21. Fill in the following information:

Internet address: a hostname of any of our servers. 
Server Hostname = For the sake of the tutorial, we have used, but you should connect to a server suggested to you at You can find the server hostname right under the server title.

Destination name: Any name, this is not relevant.
Make sure that Don’t connect now…. Is checked and click Next.

22. Fill in your NordVPN service credentials and click Create.

You can find your NordVPN service credentials (service username and service password) at the Nord Account dashboard. Copy the credentials using the buttons on the right.

23. Click Close and go back to Internet and Sharing Center.

24. Click on Change adapter settings in the left sidebar.

25. Right click on the adapter you have created and click on Properties.

26. In the Security tab, change the following lines:

Type of VPN – IKEv2.
Data encryption: Require encryption.
Authentication – Use Extensible Authentication Protocol(EAP)
Microsoft: Secured password (EAP-MSCHAP v2)

27. In the Networking tab, uncheck – Internet Protocol Version 6 (TCP/IPv6).

28. Click OK on all tabs, go back to adapters, and right click on the adapter that you have created and click on Create Shortcut to have a shortcut on the desktop.

29. Double click on the shortcut and click connect.
(your NordVPN credentials will be saved from the previous 22nd step)

In case you are unable to connect you will need to run an additional command through Powershell.

Press on the windows key, type in 'Powershell' and click enter. When it opens, paste the following command into it:

Set-VpnConnectionIPsecConfiguration -ConnectionName nordvpn -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES128 -DHGroup Group14 -EncryptionMethod AES128 -IntegrityCheckMethod SHA256 -PFSgroup PFS2048 -Force 

You should now be able to connect.

Related Articles

© Copyright 2021 all rights reservedSelf-service byBold360