Note: We have an official Proton VPN app for Windows that provides the easiest way to connect to our servers and allows you to benefit from many of Proton VPN’s advanced features. For example:
- Kill switch and permanent kill switch
- Choose between IKEv2, OpenVPN, and WireGuard VPN protocols
- Smart protocol
- DNS leak protection
- NetShield Ad-blocker
- Moderate NAT
- VPN Accelerator
- Port forwarding
You can also connect to Proton VPN servers manually using the following VPN protocols:
- OpenVPN (using OpenVPN GUI )
- WireGuard (using any “vanilla” WireGuard client, including the official open-source app)
- IKEv2 (using the built-in Windows VPN client)
In this guide, we show you how to manually configure devices running Windows 10 to connect to our servers using the IKEv2 protocol. The instructions for Windows 11 are very similar.
Please note that connecting in this way means you will not benefit from the advanced features available through the official Proton VPN Windows app.
Windows manual IKEv2 VPN setup for Proton VPN
Import the Proton VPN IKEv2 certificate
1. Click here to download the certificate, and open it in Explorer.
2. Click Install Certificate.
3. Select Local Machine and click Next.
4. Select Place all certificates in the following store and click Browse… (Click Yes if asked to allow this app to make changes to your device.)
4. Select Trusted Root Certification Authorities and click OK, then Next.
5. Click Finish and then OK on the Certificate Import Wizard window.
Add an IKEv2 VPN connection to Windows
1. Go to Start → Settings → Network & Internet → VPN → Add a VPN connection.
2. Fill in the following information and click Save:
- VPN Provider: Windows (built-in)
- Connection name: Choose any name for the VPN connection that makes sense to you
- Server name or address: see below
- VPN type: IKEv2
- Type of sign-in info: User name and password
- User name: Your Proton VPN IKEv2 username (see below)
- Password: Your Proton VPN IKEv2 password (see below)
To find the names of our VPN servers: Log in to account.protonvpn.com using your browser and go to Downloads → OpenVPN Configuration files → select the server you would like to connect to, and in the Actions column next to it, click the dropdown icon to see the server name.
Clicking on the server name will save it to your clipboard for easy pasting into the Windows Settings menu.
To find your IKEv2 username and password: your IKEv2 login details are not the same as your regular Proton VPN login details. To find your IKEv2 login details, log in to account.protonvpn.com and go to Account → OpenVPN / IKEv2 username.
3. Back on the main Windows VPN Settings page, select the VPN connection you just created → Connect.
You are now connected to Proton VPN using IKEv2!
How to fix a “Policy match error”
If you are prevented from connecting by a Policy match error:
1. Search for the Registry Editor app and Open it.
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters → right-click on any area of white space → New → DWORD (32-bit) Value.
3. Name the newly created value NegotiateDH2048_AES256, then right-click on it → Modify…
4. Enter a Value data of 2 and click OK.
4. The registry entry should now look as follows. Close the Registry Editor and try connecting again.
Proton VPN Windows app tutorial
Proton VPN Windows OpenVPN GUI tutorial
The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly.
Hello, please contact our customer support team for detailed investigation on what could be the case in your situation: https://protonvpn.com/support-form
I use the guide for set up and successfully connect to ProtonVPN server via IKEv2 on Windows 10, but when I do the IP/DNS leak test, I find DNS leak. Could you please advise? Thanks.
Hello James, it would be the best if you would contact our customer support team with some of the information about your connection and leaks. https://protonvpn.com/support-form
There is a typo in step 9
“EAP-MSCHv2” should be “EAP-MSCHAP v2”
and, you have not corrected the previous typo I pointed out.
Hello Michael, thanks for pointing that out, we have changed the typo last time but forgot to hit the update button for the article, now its fixed. Thank you.
When I try to create the new doubleword entry in the registry, I get an error:
Cannot create value: Error writing to the registry
Does this have to be done when logged on to Windows as an admin user?
Hello Michael, all of the configurations have to be done as Administrator user.
Is there a typo in this article? The last parameter of the registry key in the article is “Paramter”. On my Windows 10 Pro system, there is no such field, but there is one called “Parameters”. Plural vs. Singular.
Hello Michael, thank you for the heads up, indeed it was plural!
I too got the error IKE authentication credentials are unacceptable” error. Any resolution ?
Hello Vlad, please make sure you use the correct server address hostname and the OpenVPN credentials from your account which are not the same as protonvpn credentials.
Works here and works great.
Only question, is there a way to get this to work on secure core? I tried copping the host name for the US-CH server and got a non-resolvable host name error
Hello Jeff, may I ask, are you using the hostname as per this example? “se-au-01.protonvpn.com” We tested it with the secure core hostnames and it works, like it should, but please dont use the IP addresses of the servers.
I’ve tried connecting with secure core configs using this guide and none of the hostnames I use are recognized, nor do they resolve in external DNS lookup such as whatsmydns(dot)net. If I use non-secure core server names it works.
Hello Justin, maybe you incorrectly entered the hostname of the server. Please contact our customer support team for detailed investigation of your issue. https://protonvpn.com/support-form
I’ve followed all these instructions twice over and have tried to connect to all the free servers… I also get the “IKE authentication credentials are unacceptable” message when I try to connect. Please can someone help?
Could you please contact our customer support team here with all of the possible information like windows version, what server was tested, your location and ISP ? https://protonvpn.com/support-form
I have the very same problem!
I tried to connect using the free server us-free-01.protonmail.com
Hello Bugi, Please make sure you use your OpenVPN credentials and if they are correct and you still get the error message, please contact our customer support team – https://protonvpn.com/support-form
Ii always get a “IKE authentication credentials are unacceptable” error
Hello, are you sure you are using the correct log in information (openvpn logins) from your user account dashboard?
I’ve tried to follow the steps but i always get a “IKE authentication credentials are unacceptable” error. What else can i do apart from using third party apps?
Hello, Are you sure you are using the OpenVPN credentials from your account dashboard on https://account.protonvpn.com/settings ? If yes, please contact our support and we will do our best on solving this out. https://protonvpn.com/support-form
I tried to connect using the free server us-free-01.protonmail.com, but I couldn’t. I tried then ping us-free-01.protonmail.com to get a server IP address (based on another comment on https://protonvpn.com/support/protonvpn-ios-manual-ikev2-vpn-setup/). I get a “policy match error” while trying to connect (on Windows 10 Pro, build 16299.309 (1709))
Could you please contact our support team and provide some screenshots or information on how you have configured the connection?
Same issue here. Any advices? Thank you!
We are currently investigating this issue as we seems to be able to reproduce it. Will do our best to fix it ASAP.
Same thing happening here after being able to connect via IKEv2 for a few months. Any updates?
We`ve updated the article with the latest fix for that if you get “policy match error” . The steps on what to do is at the bottom of this article.
Comments are closed.