Return to protonvpn.com Facebook   Twitter   Reddit   ProtonMail
Support Center / Setup and use / ProtonVPN manual Windows 10 IKEv2 VPN setup

ProtonVPN manual Windows 10 IKEv2 VPN setup

There are methods you can use to connect to ProtonVPN servers on Windows. The recommended way is to use the ProtonVPN app. You can check our Windows VPN application guide here: https://protonvpn.com/support/protonvpn-windows-vpn-application/ 

If you don’t want to use the ProtonVPN Windows app, you can also connect to ProtonVPN using OpenVPN GUI client or manually connect via the IKEv2/IPsec protocol. If you are wondering how to set up your VPN through the IKEv2/IPsec protocol on Windows 10, the instructions below will walk you through.

How to set up ProtonVPN by using the IKEv2 protocol on Windows 10.

  1. Download the ProtonVPN IKEv2 Certificate from here: http://protonvpn.com/download/ProtonVPN_ike_root.der

  1. Open the Certificate.

  1. Click Install Certificate.


4. Select Local Machine and click Next.

  1. Select Place all certificates in the following store and click Browse

  1. Select Trusted Root Certification Authorities and click OK, then Next.

  1. Click Finish and then OK on the Certificate Import Wizard window.

       How to connect to ProtonVPN servers

  1. Open the Windows Control Panel.


2. Search for “Network and Sharing Center” and open it.


3. Click on Set up a new connection or network.

  1. Select Connect to a workplace and click Next.

  1. Click on Use my Internet connection (VPN).

  1. In the server field, enter the hostname of the server you wish to connect to except for a Free server (for example we used US server us-nj-01.protonvpn.com). Free servers do not work with the IKEv2 connection protocol due to the load balancers used on the hostnames. Server hostnames can be found in the Downloads category in your account, under the Server Configs section. Each server is named according to its server number and a two-letter country code: https://account.protonvpn.com/downloads

Here is an example of what the server hostname looks like and how to find it:

Type any name you choose in the “Destination name” field, then click Create.

  1. You will return to Network and Sharing Center window – click on Change adapter settings.


8. Right-click on the Network adapter you have created and select Properties.

  1. Microsoft changed the Windows 10 Desktop and mobile VPN routing behavior for new VPN connections. The option Use default gateway on remote network in the Advanced TCP/IP settings of the VPN connection is now disabled by default. To access this option:
  • Select the Networking tab in the ProtonVPN IKEv2 Properties Window

 

  • Double-click on Internet Protocol Version 4

 

  • Select Advanced…

 

  • Here you will see the Use default gateway on remote network option

    1. Select the Security tab in the ProtonVPN IKEv2 Properties window and enter these settings:

    Type of VPN: IKEv2
    Data encryption: Require encryption (disconnect if server declines)
    Authentication: Use Extensible Authentication Protocol(EAP) and EAP-MSCHAP v2

    Click OK to save the settings.

 

  1. Right-click on the Network adapter that you created and click Connect / Disconnect.

  1. The Windows 10 built-in VPN client will open up. Select your profile and click Connect.

  1. You will be prompted to enter your VPN credentials – you will have to enter your OpenVPN/IKEv2 credentials, which can be found in the Account category: https://account.protonvpn.com/settings

  1. That’s it! You have successfully connected to a ProtonVPN server via the IKEv2/IPsec protocol. In order to disconnect, just simply select the profile again and click Disconnect.

If you are not able to connect and get “Policy match error” follow these steps:

Open “Run” window while pressing Windows button+R on your keyboard at the same time. Type in regedit.

Then, navigate to this directory –  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters
Now right click on right side empty space and create a new DWORD (32bit) file named NegotiateDH2048_AES256
Right click on new created registry file and click on “Modify…“, then in the value data field enter the value of 2 and click OK.
It should look like this:

After doing this, close regedit and try connecting to the VPN server again.

Related articles:
ProtonVPN Windows app tutorial
ProtonVPN Windows OpenVPN GUI tutorial

Post Comment

30 comments

  1. Can’t connect to VPN Connection, Windows

    Error:
    The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly.

    Please advise.

    Regards,
    PT

  2. ProtonVPN Team

    Hello, please contact our customer support team for detailed investigation on what could be the case in your situation: https://protonvpn.com/support-form

  3. James

    I use the guide for set up and successfully connect to ProtonVPN server via IKEv2 on Windows 10, but when I do the IP/DNS leak test, I find DNS leak. Could you please advise? Thanks.

  4. ProtonVPN Team

    Hello James, it would be the best if you would contact our customer support team with some of the information about your connection and leaks. https://protonvpn.com/support-form

  5. Michael

    There is a typo in step 9
    “EAP-MSCHv2” should be “EAP-MSCHAP v2”
    and, you have not corrected the previous typo I pointed out.

  6. ProtonVPN Team

    Hello Michael, thanks for pointing that out, we have changed the typo last time but forgot to hit the update button for the article, now its fixed. Thank you.

  7. Michael

    When I try to create the new doubleword entry in the registry, I get an error:
    Cannot create value: Error writing to the registry
    Does this have to be done when logged on to Windows as an admin user?

  8. ProtonVPN Team

    Hello Michael, all of the configurations have to be done as Administrator user.

  9. Michael

    Is there a typo in this article? The last parameter of the registry key in the article is “Paramter”. On my Windows 10 Pro system, there is no such field, but there is one called “Parameters”. Plural vs. Singular.

  10. ProtonVPN Team

    Hello Michael, thank you for the heads up, indeed it was plural!

  11. Vlad

    I too got the error IKE authentication credentials are unacceptable” error. Any resolution ?

  12. ProtonVPN Team

    Hello Vlad, please make sure you use the correct server address hostname and the OpenVPN credentials from your account which are not the same as protonvpn credentials.

  13. Jeff

    Works here and works great.
    Only question, is there a way to get this to work on secure core? I tried copping the host name for the US-CH server and got a non-resolvable host name error

  14. ProtonVPN Team

    Hello Jeff, may I ask, are you using the hostname as per this example? “se-au-01.protonvpn.com” We tested it with the secure core hostnames and it works, like it should, but please dont use the IP addresses of the servers.

  15. Justin

    I’ve tried connecting with secure core configs using this guide and none of the hostnames I use are recognized, nor do they resolve in external DNS lookup such as whatsmydns(dot)net. If I use non-secure core server names it works.

  16. ProtonVPN Team

    Hello Justin, maybe you incorrectly entered the hostname of the server. Please contact our customer support team for detailed investigation of your issue. https://protonvpn.com/support-form

  17. Dave

    I’ve followed all these instructions twice over and have tried to connect to all the free servers… I also get the “IKE authentication credentials are unacceptable” message when I try to connect. Please can someone help?

  18. ProtonVPN Team

    Could you please contact our customer support team here with all of the possible information like windows version, what server was tested, your location and ISP ? https://protonvpn.com/support-form

  19. bugi

    I have the very same problem!
    I tried to connect using the free server us-free-01.protonmail.com

  20. ProtonVPN Team

    Hello Bugi, Please make sure you use your OpenVPN credentials and if they are correct and you still get the error message, please contact our customer support team – https://protonvpn.com/support-form

  21. Safiq

    Ii always get a “IKE authentication credentials are unacceptable” error

  22. ProtonVPN Team

    Hello, are you sure you are using the correct log in information (openvpn logins) from your user account dashboard?

  23. Jazereel

    Hello!
    I’ve tried to follow the steps but i always get a “IKE authentication credentials are unacceptable” error. What else can i do apart from using third party apps?

  24. ProtonVPN Team

    Hello, Are you sure you are using the OpenVPN credentials from your account dashboard on https://account.protonvpn.com/settings ? If yes, please contact our support and we will do our best on solving this out. https://protonvpn.com/support-form

  25. kostas

    I tried to connect using the free server us-free-01.protonmail.com, but I couldn’t. I tried then ping us-free-01.protonmail.com to get a server IP address (based on another comment on https://protonvpn.com/support/protonvpn-ios-manual-ikev2-vpn-setup/). I get a “policy match error” while trying to connect (on Windows 10 Pro, build 16299.309 (1709))

  26. ProtonVPN Team

    Hello Kostas.
    Could you please contact our support team and provide some screenshots or information on how you have configured the connection?
    https://protonvpn.com/support-form

  27. Alexandru

    Hi!
    Same issue here. Any advices? Thank you!

  28. ProtonVPN Team

    Hello Alexandru,
    We are currently investigating this issue as we seems to be able to reproduce it. Will do our best to fix it ASAP.

  29. Jasna

    Same thing happening here after being able to connect via IKEv2 for a few months. Any updates?

  30. ProtonVPN Team

    Hello Jasna,
    We`ve updated the article with the latest fix for that if you get “policy match error” . The steps on what to do is at the bottom of this article.

Leave a Reply

Your email address will not be published. Required fields are marked *

Don't find your answer? We're happy to help you!     Contact Our Support Team

Secure Your Internet Today

Get ProtonVPN