Don’t want to manage the VPN setup manually? Download the NordVPN app for Windows, where all you need to do is install the app, log in, and pick the server you want.
This is a tutorial on how to connect to NordVPN servers on Windows 10 using the IKEv2 protocol.
The IKEv2/IPsec connection method is one of the alternative options for connecting to NordVPN servers on your Windows PC. This connection method is preferred by privacy enthusiasts, as IKEv2/IPsec security protocol is currently one of the most advanced in the market. Having said that, this manual set-up lacks the additional features of the native NordVPN app and it is a bit more complicated to set up.
Note: due to Windows system configuration features, it downgrades the cipher to a weaker 3DES-CBC encryption cipher.
Disclaimer: To use this connection method, you have to add the certificate to Trusted Root Authorities. It applies to all certificates. This way, your system can potentially fall for a MITM attack if someone gets that certificate’s private key. Our private keys are completely secure and although there is a very small chance for that, we recommend avoiding this connection method unless you cannot connect using our native app or any other alternative way.
What makes this connection method so unique is that the only file that needs to be downloaded and installed is the NordVPN digital certificate. Windows provides the connection application itself – it's built right into Windows.
- Download our NordVPN certificate: https://downloads.nordvpn.com/certificates/root.der
Note: Your browser may try to save the file into its own certificate location, or open it immediately. Make sure to download the file, instead of opening it. On Firefox, right-click the link above and select "Save Link As…". In Internet Explorer, select "Save" instead of "Open". Chrome will download the file correctly. Then, open the root.cer file. (Double-click on it)
- Click “Open”.
- Click “Install Certificate…”
- Select “Local Machine”, and click Next.
- Select “Place all certificates in the following store”, and click “Browse..”.
- Select “Trusted Root Certification Authorities”, and click OK, then “Next”.
- Click Finish.
- Click OK on both windows.
- Open the Run box. In order to do that, press Windows + R buttons on your keyboard. Type certmgr.msc in a Run box to open the Certificates management tool.
- Navigate to Trusted Root Certification Authorities -> Certificates and find NordVPN Root CA.
- Right-click on a NordVPN Root CA and select Properties.
- Select Enable only for the following purposes and disable everything except Server Authentication.
- Click OK and Apply.
Set up a VPN connection:
- Open the Windows Start Menu, and start typing "control panel". Click on the Control Panel in the results.
- Open Network and Internet.
- Click on Network and Sharing Center.
- Click Set up a new connection or network.
- Click Connect to a workplace and click Next.
- If you are asked "Do you want to use a connection that you already have?", select "No, create a new connection" and then click Next.
- Click Use my Internet connection (VPN).
- Internet address = Write down the host name of a server suggested to you at https://nordvpn.com/servers/tools/.
Destination name = Any name that you would like your connection to have, for example United States #936 Connection.
- Open Network and sharing center again and click Change adapter settings.
- Right-click the adapter with the name you created, for example, United States #936 connection, click properties and show the Security tab.
- Enter the following:
Type of VPN: IKEv2
Data encryption: Require encryption (disconnect if server declines)
Authentication: Use Extensible Authentication Protocol(EAP) and EAP-MSCHAPv2.
- Open the Networking tab and disable Internet Protocol Version 6 (TCP/IPv6).
- Click OK.
- Open the Network settings on the bottom right corner. It may be either Wi-Fi icon, or the Ethernet connection icon. Select Network & Internet settings.
- In the opened settings, select VPN, find your created IKEv2 connection and click on Advanced options.
- Click the Edit button and fill in your NordVPN username and password. Click Save to confirm changes.
- Click on your network icon again on the bottom right corner and click Connect under the NordVPN IKE.
- Once that is done, you should be connected!