We are introducing a new way to connect to ProtonVPN services using IKEv2 on Linux machines. This guide is made with our community member help ‘sh4dowb’. It can be used if you prefer the IKEv2 protocol itself or facing network issues using Linux client tool.
This setup guide shows how to configure an IKEv2 connection on Mint 18.3 Sylvia.
1. You need to install the necessary packages by opening up the Terminal (CTRL+T) and entering these commands: (It will prompt you for your root password to allow installation, enter it to proceed)
sudo apt-get install strongswan
sudo apt-get install strongswan-extra-plugins sudo apt-get install libcharon-extra-plugins
Note: depending on your Linux distribution, you might not need all the packages. If the Terminal prompts ‘Unable to locate package’, simply continue without the package.
2. Download ProtonVPN certificate and place it in the appropriate directory.
wget https://protonvpn.com/download/ProtonVPN_ike_root.der -O /tmp/protonvpn.der
sudo mv /tmp/protonvpn.der /etc/ipsec.d/cacerts/
3. After that, open /etc/ipsec.conf with your favorite text editor (Nano was used for this demonstration) by entering sudo nano /etc/ipsec.conf
This is what you should see:
Delete the text up to ‘Add connections here‘, and enter these parameters:
conn test left=%defaultroute leftsourceip=%config leftauth=eap-mschapv2 eap_identity=tester right=it-01.protonvpn.com rightsubnet=0.0.0.0/0 rightauth=pubkey rightid=%it-01.protonvpn.com rightca=/etc/ipsec.d/cacerts/protonvpn.der keyexchange=ikev2 type=tunnel auto=add
Instead of test, add a name to your connection that you will later use.
Instead of tester, enter your IKEv2/OpenVPN username.
Instead of it-01.protonvpn.com, you can choose whatever server you want (except a free one, free servers do not work with IKEv2 connection protocol due to load balancer used on the hostnames)
Then, press Ctrl+X to save, Y to confirm and then hit Enter.
4. Next step is to add credentials to the right directory.
Open /etc/ipsec.secrets with a text editor by entering sudo nano /etc/ipsec.secrets
Then, enter this text:
tester : EAP test123
Then, once again, press Ctrl+X, press Y to save and hit Enter.
After that, you will need to restart the IPSEC serivce by entering sudo ipsec restart
5. The setup is over and you can try connecting to your created IKEv2 connection.
To connect to the server, enter sudo ipsec up test
Instead of test, use the name of the connection that you’ve entered in the /etc/ipsec.conf file.
This is what you should see if the connection is set up correctly:
That is it, you are now connected to ProtonVPN services via IKEv2 protocol. If you want to terminate the connection to the server, enter this command:
sudo ipsec down test
(Instead of test us the name of your connection)