We are introducing a new way to connect to ProtonVPN using IKEv2 on Linux machines. We want to thank “Sh4dowb,” a member of the Proton community, who was a great help in creating this guide. Use this tutorial if you prefer the connecting to our servers via the IKEv2 protocol or if you are facing network issues with you Linux client tool.
This setup guide explains how to configure an IKEv2 connection on Mint 18.3 Sylvia.
You need to install the necessary packages by opening up the Terminal (CTRL+T) and entering these commands: (It will prompt you for your root password to allow installation. Enter it to proceed)
sudo apt-get install strongswan
sudo apt-get install strongswan-extra-plugins sudo apt-get install libcharon-extra-plugins
Note: depending on your Linux distribution, you might not need all the packages. If the Terminal prompts ‘Unable to locate package’, simply continue without the package.
Download the ProtonVPN certificate and place it in the appropriate directory.
wget https://protonvpn.com/download/ProtonVPN_ike_root.der -O /tmp/protonvpn.der
sudo mv /tmp/protonvpn.der /etc/ipsec.d/cacerts/
Open /etc/ipsec.conf with your favorite text editor (Nano was used for this demonstration) by entering sudo nano /etc/ipsec.conf
This is what you should see:
Delete the text up to ‘Add connections here‘, and enter these parameters:
conn test left=%defaultroute leftsourceip=%config leftauth=eap-mschapv2 eap_identity=tester right=it-01.protonvpn.com rightsubnet=0.0.0.0/0 rightauth=pubkey rightid=%it-01.protonvpn.com rightca=/etc/ipsec.d/cacerts/protonvpn.der keyexchange=ikev2 type=tunnel auto=add
Instead of test, enter a name for your connection that you will use later.
Instead of tester, enter your IKEv2/OpenVPN username.
Instead of it-01.protonvpn.com, choose whatever server you want, except for a Free server. (Free servers do not work with the IKEv2 connection protocol due to the load balancers used on the hostnames.)
Then, press Ctrl+X to save, Y to confirm and then hit Enter.
4. Add the credentials to the correct directory.
Open /etc/ipsec.secrets with a text editor by entering sudo nano /etc/ipsec.secrets
Then, enter this text:
tester : EAP test123
Then, once again, press Ctrl+X, press Y to save and hit Enter.
After that, you will need to restart the IPSEC serivce by entering sudo ipsec restart
The setup is complete. You can try connecting to your created IKEv2 connection.
To connect to the VPN server, enter sudo ipsec up test
Instead of test, use the name of the connection that you’ve entered in the /etc/ipsec.conf file.
If you correctly set up the connection, this is what you should see:
Congratulations! You connected to ProtonVPN via the IKEv2 protocol. If you want to terminate your connection to the server, enter this command:
sudo ipsec down test
(Instead of test use the name of your connection)