This is a tutorial on how to connect to NordVPN servers on Windows 7 using the IKEv2 protocol.
Note: due to Windows system configuration features, it downgrades the cypher to a weaker 3DES-CBC encryption cypher.
Disclaimer: To use this connection method, you have to add the certificate to Trusted Root Authorities. It applies to all certificates. This way, your system can potentially fall for a MITM attack if someone gets that certificate’s private key. Our private keys are completely secure and although there is a very small chance for that, we recommend avoiding this connection method unless you cannot connect using our native app or any other alternative way.
The NordVPN root certificate needs to be installed to be able to connect using the IKEv2 protocol. It only needs to be installed once, and it will not affect your system in any other way.
1. Download our NordVPN certificate – https://downloads.nordvpn.com/certificates/root.der
Note: Your browser may try to save the file into its own certificate location, or open it immediately. Make sure to download the file, instead of opening it. On Firefox, right-click the link above and select “Save Link As…”. In Internet Explorer, select “Save” instead of “Open”. Chrome will download the file correctly.
2. Press the keyboard combination Windows icon + R to open the “Run” window.
Type in “mmc” and press “OK”.
3. In the new window click on “File” and “Add/Remove Snap-in…”.
4. Click on “Certificates” and click on “Add >” button.
5. Then choose “Computer account” and click “Next”.
6. Choose “Local computer: (the computer this console is running on) and click “Finish”.
7. Click “OK”.
8. Click on “Certificates (Local Computer)”, right click on “Trusted Root Certification Authorities” and click “All Tasks” > “Import”.
9. Click “Next”.
10. Click “Browse” button.
11. Locate “root.der” file which you have downloaded in first step. Click on and press “Open”. If the file is not visible, make sure to select “All Files (*.*)” at the bottom of the window.
12. Click “Next”.
13. Select “Place all certificates in the following store” and click “Next”.
14. Click “Finish”. Afterwards you will receive a notification saying “The import was successful”
This part of the tutorial actually configures the connection.
15. Go to the Control panel, and click on Network and Internet.
16. Click on Network and Sharing Center.
17. Click Set up new connection or network.
18. In new tab select Connect to a workplace and click next.
19. Select No, create a new connection and click next. This window will only appear if you have configured a manual connection before.
20. Click on Use my Internet connection (VPN).
21. Fill in the following information:
Internet address: a hostname of any of our servers.
Server Hostname = For the sake of the tutorial, we have used de154.nordvpn.com, but you should connect to a server suggested to you at https://nordvpn.com/servers/tools/. You can find the server hostname right under the server title.
Destination name: Any name, this is not relevant.
Make sure that Don’t connect now…. Is checked and click Next.
22. Fill in your NordVPN account credentials and click Create.
23. Click close and go back to Internet and Sharing Center.
24. Click on Change adapter settings in the left sidebar.
25. Right click on the adapter you have created and click on Properties.
26. In the Security tab, change the following lines:
Type of VPN – IKEv2.
Data encryption: Require encryption.
Authentication – Use Extensible Authentication Protocol(EAP)
Microsoft: Secured password (EAP-MSCHAP v2)
27. In the Networking tab, uncheck – Internet Protocol Version 6 (TCP/IPv6).
28. Click OK on all tabs, go back to adapters, and right click on the adapter that you have created and click on Create Shortcut to have a shortcut on desktop.
29. Double click on the shortcut and click connect.
(your NordVPN credentials will be saved from the previous 22nd step)