We are introducing a new way to connect to ProtonVPN using IKEv2 on Linux machines. We want to thank “Sh4dowb,” a member of the Proton community, who was a great help in creating this guide. Use this tutorial if you prefer the connecting to our servers via the IKEv2 protocol or if you are facing network issues with your Linux client tool.
This setup guide explains how to configure an IKEv2 connection on Mint 18.3 Sylvia.
- Install the necessary packages by opening up the Terminal (CTRL+T) and entering the commands below. It will prompt you for your root password to allow installation – enter it to proceed.
sudo apt-get install strongswan
sudo apt-get install libstrongswan-extra-plugins sudo apt-get install libcharon-extra-plugins
Note: depending on your Linux distribution, you might not need all the packages. If the Terminal prompts ‘Unable to locate package’, simply continue without the package.
- Download the ProtonVPN certificate and place it in the appropriate directory.
wget https://protonvpn.com/download/ProtonVPN_ike_root.der -O /tmp/protonvpn.der
sudo mv /tmp/protonvpn.der /etc/ipsec.d/cacerts/
- Open /etc/ipsec.conf with your favorite text editor (Nano was used for this demonstration) by entering sudo nano /etc/ipsec.conf
This is what you should see:
Delete the text up to ‘Add connections here‘, and enter these parameters:
conn test left=%defaultroute leftsourceip=%config leftauth=eap-mschapv2 eap_identity=tester right=it-01.protonvpn.com rightsubnet=0.0.0.0/0 rightauth=pubkey rightid=%it-01.protonvpn.com rightca=/etc/ipsec.d/cacerts/protonvpn.der keyexchange=ikev2 type=tunnel auto=add
Instead of test, enter a name for your connection that you will use later.
Instead of tester, enter your IKEv2/OpenVPN username.
Instead of it-01.protonvpn.com, choose whatever server you want.
Then, press Ctrl+X to save, Y to confirm, and then hit Enter.
4. Add the credentials to the correct directory
Open /etc/ipsec.secrets with a text editor by entering sudo nano /etc/ipsec.secrets
Then, enter this text:
tester : EAP test123
Then, once again, press Ctrl+X, press Y to save and hit Enter.
After that, you will need to restart the IPSEC serivce by entering sudo ipsec restart
- The setup is complete. You can try connecting to your created IKEv2 connection.
To connect to the VPN server, enter sudo ipsec up test
Instead of test, use the name of the connection that you’ve entered in the /etc/ipsec.conf file.
If you correctly set up the connection, this is what you should see:
Congratulations! You connected to ProtonVPN via the IKEv2 protocol. If you want to terminate your connection to the server, enter this command:
sudo ipsec down test
(Instead of test use the name of your connection)