How to set up a manual IKEv2/IPSec connection to NordVPN on Windows?

Introduction

In this article, you will learn how to manually configure an IKEv2/IPSec connection on your Windows PC. This method is a robust alternative for users seeking advanced security and privacy, utilizing one of the most sophisticated protocols available today. That said, this manual setup lacks the additional features of the native NordVPN app and is a bit more complicated to set up.

Before you start:

Manual Windows configurations may use 3DES-CBC encryption due to system limitations. Additionally, installing the certificate in Trusted Root Authorities applies to all certificates, which may put your system at risk of an MITM attack if someone gets the private key of that certificate. While our private keys are completely secure and the chances of anything bad happening are very small, we recommend this method primarily if the native NordVPN app is unavailable.

Here's what to do:

Configuring the NordVPN digital certificate

To use this connection method, the only file you need to download and install is the NordVPN digital certificate. The connection application itself is already a part of Windows.

Download the NordVPN certificate. Ensure you save the file rather than just opening it in your browser.

NOTE: Your browser may try to save the file in its own certificate location or open it immediately. In Firefox, right-click the link above and select "Save link as." In Internet Explorer, select "Save" instead of "Open." Chrome will download the file correctly.
Double-click the root.cer file and click Open.
Click Install certificate, select Local Machine, and click Next.
Select Place all certificates in the following store and click Browse.
Choose Trusted Root Certification Authorities, click OK, and then Next.
Click Finish, then click Apply, followed by OK in the other windows.
Press Windows + R, type certmgr.msc, and press Enter.
Navigate to Trusted Root Certification Authorities > Certificates and locate NordVPN Root CA.
Right-click NordVPN Root CA, select Properties, and check Enable only for the following purposes.
Uncheck all boxes except Server Authentication, then click Apply and OK.

Setting up the VPN connection

Open the Start menu, type Control Panel, and open it.
Go to Network and Internet > Network and Sharing Center.
Click Set up a new connection or network, select Connect to a workplace, and click Next.
If prompted, select No, create a new connection, then click Use my Internet connection (VPN).
In the Internet address field, enter the hostname of your recommended server. You can find this in your Nord Account under NordVPN. Scroll down to Advanced settings until you see Manual Setup. Click Set up NordVPN manually. Copy the hostname that is written to you in the Server recommendation tab (e.g., de1161.nordvpn.com)

NOTE: When connecting to IKEv2 manually, you will need to use the Username and Password found in the Service credentials tab of the manual setup section.
In the Network and Sharing Center, click Change adapter settings. Right-click your new connection and select Properties.
In the Security tab, set the following:

Type of VPN: IKEv2
Data encryption: Require encryption (disconnect if server declines)
Authentication: Use Extensible Authentication Protocol (EAP) and select EAP-MSCHAP v2.

In the Networking tab, uncheck Internet Protocol Version 6 (TCP/IPv6) and click OK.
Click the Network icon in your system tray, select VPN, and choose your created connection.
Click Advanced options, then Edit. Enter your Service Credentials (Username and Password) from the Nord Account manual setup tab and click Save.
Return to the network list and click Connect under your NordVPN IKEv2 connection.

Additional tips

If you encounter a policy mismatch error, you can resolve it by adding a specific registry key:

Open the Command Prompt as an Administrator.
Run the following command: reg add HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters\ /v NegotiateDH2048_AES256 /t REG_DWORD /d 2
Restart your device and try connecting again.

Alternatively, you can use the Registry Editor (regedit) to navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters, create a new DWORD named NegotiateDH2048_AES256, and set its value to 2.

Was this article helpful?

Still having issues?

Live chat

Contact our support to solve an issue live.
Email form

Fill out an email form so we can help you with an issue.

Email us

Our Support team will get back to you within 24 hours. We’ll reply to the email address you provide.

Attach a file (Optional)

Supported formats: JPEG, PNG.

We couldn’t process your form. Please try again or come back later.

By clicking “Submit”, you agree to our Terms of Service and acknowledge our Privacy Policy.

Thank you! We've got your message and will get back to you within 24 hours.

By clicking “Chat with support”, you agree to our Terms of Service and acknowledge our Privacy Policy. Chat functionality relies on cookies. By starting the chat, you agree to their use. Learn more in our Cookie Policy.

{ "chatTitle": "NordVPN Support", "chatCustomText": { "actionPaymentCompleted": "Payment Completed", "actionPaymentError": "An error occurred while processing the card. Please try again or use a different card.", "actionPostbackError": "An error occurred while processing your action. Please try again.", "clickToRetry": "Message not delivered. Click to retry.", "clickToRetryForm": "Form not submitted. Click anywhere on the form to retry.", "connectNotificationText": "Sync your conversation and continue messaging us through your favorite app.", "connectNotificationSingleText": "Be notified when you get a reply.", "conversationListHeaderText": "My conversations", "conversationListRelativeTimeJustNow": "Just now", "conversationListRelativeTimeMinute": "1 minute ago", "conversationListRelativeTimeMinutes": "{value} minutes ago", "conversationListRelativeTimeHour": "1 hour ago", "conversationListRelativeTimeHours": "{value} hours ago", "conversationListRelativeTimeYesterday": "Yesterday", "conversationListTimestampFormat": "MM/DD/YY", "conversationListPreviewAnonymousText": "Someone", "conversationListPreviewCarouselText": "{user} sent a message", "conversationListPreviewFileText": "{user} sent a file", "conversationListPreviewFormText": "{user} sent a form", "conversationListPreviewFormResponseText": "{user} filled a form", "conversationListPreviewImageText": "{user} sent an image", "conversationListPreviewLocationRequestText": "{user} sent a location request", "conversationListPreviewUserText": "You", "conversationTimestampHeaderFormat": "MMMM D, h:mm A", "couldNotConnect": "Offline. You will not receive messages.", "couldNotConnectRetry": "Reconnecting...", "couldNotConnectRetrySuccess": "You're back online!", "couldNotLoadConversations": "Couldn't load conversations.", "emailChangeAddress": "Change my email", "emailDescription": "To be notified by email when you get a reply, enter your email address.", "emailFieldLabel": "Email", "emailFieldPlaceholder": "Your email address", "emailFormButton": "Submit", "emailLinkingErrorMessage": "Please submit a valid email address.", "errorPrefix": "Error:", "fetchHistory": "Load more", "fetchingHistory": "Retrieving history...", "fileTooLargeError": "Max file size limit exceeded ({size})", "fileTypeError": "Unsupported file type.", "formErrorEntryRequired": "This entry is required", "formErrorInvalidEmail": "Email is invalid", "formErrorNoLongerThan": "Must contain no more than ({characters}) characters", "formErrorNoShorterThan": "Must contain at least ({characters}) characters", "formErrorUnknown": "This doesn't look quite right", "formFieldSelectPlaceholderFallback": "Choose one...", "frontendEmailChannelDescription": "To talk to us using email just send a message to our email address and we'll reply shortly:", "headerText": "How can we help?", "imageClickToReload": "Click to reload image.", "imageClickToView": "Click to view {size} image.", "imagePreviewNotAvailable": "Preview not available.", "inputPlaceholder": "Type a message...", "inputPlaceholderBlocked": "Complete the form above...", "introAppText": "Message us below or from your favorite app.", "lineChannelDescription": "To talk to us using LINE, scan this QR code using the LINE app and send us a message.", "linkError": "An error occurred when attempting to generate a link for this channel. Please try again.", "linkChannelPageHeader": "Sync your conversation", "locationNotSupported": "Your browser does not support location services or it's been disabled. Please type your location instead.", "locationSecurityRestriction": "This website cannot access your location. Please type your location instead.", "locationSendingFailed": "Could not send location", "locationServicesDenied": "This website cannot access your location. Allow access in your settings or type your location instead.", "messageError": "An error occured while sending your message. Please try again.", "messageIndicatorTitlePlural": "({count}) New messages", "messageIndicatorTitleSingular": "({count}) New message", "messageRelativeTimeDay": "{value}d ago", "messageRelativeTimeHour": "{value}h ago", "messageRelativeTimeJustNow": "Just now", "messageRelativeTimeMinute": "{value}m ago", "messageTimestampFormat": "h:mm A", "messageDelivered": "Delivered", "messageSeen": "Seen", "messageSending": "Sending...", "messageTooLongError": "Max message size limit exceeded ({size}).", "messengerChannelDescription": "Connect your Facebook Messenger account to be notified when you get a reply and continue the conversation on Facebook Messenger.", "newConversationButtonText": "New Conversation", "notificationSettingsChannelsDescription": "Sync this conversation by connecting to your favorite messaging app to continue the conversation your way.", "notificationSettingsChannelsTitle": "Other Channels", "notificationSettingsConnected": "Connected", "notificationSettingsConnectedAs": "Connected as {username}", "prechatCaptureGreetingText": "Hi there 👋\nTo start off, we'd like to know a little bit more about you:", "prechatCaptureNameLabel": "Your name", "prechatCaptureNamePlaceholder": "Type your name...", "prechatCaptureEmailLabel": "Email", "prechatCaptureEmailPlaceholder": "name@company.com", "prechatCaptureConfirmationText": "Hi there! I’m the Nordbot AI here to assist you. How can I help you today?", "prechatCaptureMailgunLinkingConfirmation": "You'll be notified here and by email at {email} once we reply.", "sendButtonText": "Send", "settingsHeaderText": "Settings", "shareLocation": "Location", "smsBadRequestError": "We were unable to communicate with this number. Try again or use a different one.", "smsCancel": "Cancel", "smsChangeNumber": "Change my number", "smsChannelDescription": "Connect your SMS number to be notified when you get a reply and continue the conversation over SMS.", "smsChannelPendingDescription": "Check your messages at {number} to confirm your phone number.", "smsContinue": "Send", "smsInvalidNumberError": "Please submit a valid phone number.", "smsLinkCancelled": "Link to {appUserNumber} was cancelled.", "smsLinkPending": "Pending", "smsPingChannelError": "There was an error sending a message to your number.", "smsSendText": "Send me a text", "smsStartTexting": "Start Texting", "smsTooManyRequestsError": "A connection for that number was requested recently. Please try again in {minutes} minutes.", "smsTooManyRequestsOneMinuteError": "A connection for that number was requested recently. Please try again in 1 minute.", "smsUnhandledError": "Something went wrong. Please try again.", "syncConversation": "Sync conversation", "tapToRetry": "Message not delivered. Tap to retry.", "tapToRetryForm": "Form not submitted. Tap anywhere on the form to retry.", "telegramChannelDescription": "Connect your Telegram account to be notified when you get a reply and continue the conversation on Telegram", "unsupportedMessageType": "Unsupported message type.", "unsupportedActionType": "Unsupported action type.", "uploadDocument": "File", "uploadInvalidError": "Invalid file.", "uploadPhoto": "Image", "uploadVirusError": "A virus was detected in your file and it has been rejected", "viberChannelDescription": "Connect your Viber account to be notified when you get a reply and continue the conversation on Viber. To get started, scan the QR code using the Viber app.", "viberChannelDescriptionMobile": "Connect your Viber account to be notified when you get a reply and continue the conversation on Viber. To get started, install the Viber app and tap Connect.", "viberQRCodeError": "An error occurred while fetching your Viber QR code. Please try again.", "wechatChannelDescription": "Connect your WeChat account to be notified when you get a reply and continue the conversation on WeChat. To get started, scan this QR code using the WeChat app.", "wechatChannelDescriptionMobile": "Connect your WeChat account to be notified when you get a reply and continue the conversation on WeChat. To get started, save this QR code image and upload it QR code scanner.", "wechatQRCodeError": "An error occurred while fetching your WeChat QR code. Please try again.", "whatsappChannelDescriptionDesktop": "Sync your account to WhatsApp by scanning the QR code or clicking the link below.\nThen", "whatsappChannelDescriptionMobile": "Sync your account to WhatsApp by clicking the link below.\nThen", "whatsappLinkingError": "An error occurred while fetching your WhatsApp linking information. Please try again." }, "chatCustomScreenReaderAnnouncement": { "supportTyping": "{author} is typing", "supportSays": "{author} says:", "sentImage": "{author} sent an image", "sentFile": "{author} sent a file", "sentCarousel": "{author} sent a carousel", "sentLocation": "{author} sent a location" } }