Support Center / Setup and use / Proton VPN manual IKEv2 setup for Windows

Proton VPN manual IKEv2 setup for Windows

Note: We have an official Proton VPN app for Windows that provides the easiest way to connect to our servers and allows you to benefit from many of Proton VPN’s advanced features. For example:

Get Proton VPN for Windows 

You can also connect to Proton VPN servers manually using the following VPN protocols:

  • OpenVPN (using OpenVPN GUI )
  • WireGuard (using any “vanilla” WireGuard client, including the official open-source app)
  • IKEv2 (using the built-in Windows VPN client)

In this guide, we show you how to manually configure devices running Windows 10 to connect to our servers using the IKEv2 protocol. The instructions for Windows 11 are very similar.

Please note that connecting in this way means you will not benefit from the advanced features available through the official Proton VPN Windows app.

Windows manual IKEv2 VPN setup for Proton VPN

Import the Proton VPN IKEv2 certificate

1. Click here to download the certificate, and open it in Explorer.

2. Click Install Certificate.

Install certificate3. Select Local Machine and click Next.

Select Local Machine

4. Select Place all certificates in the following store and click Browse… (Click Yes if asked to allow this app to make changes to your device.)

Place all certificates in the following store

4. Select Trusted Root Certification Authorities and click OK, then Next.

Select Trusted Root Certification Authorities

5. Click Finish and then OK on the Certificate Import Wizard window.

Certificate Import Wizard window

Add an IKEv2 VPN connection to Windows

1. Go to StartSettingsNetwork & InternetVPNAdd a VPN connection.

2. Fill in the following information and click Save:

  • VPN Provider: Windows (built-in)
  • Connection name: Choose any name for the VPN connection that makes sense to you
  • Server name or address: see below
  • VPN type: IKEv2
  • Type of sign-in info: User name and password
  • User name: Your Proton VPN IKEv2 username (see below)
  • Password: Your Proton VPN IKEv2 password (see below)

Windows IKEv2 settings

To find the names of our VPN servers: Log in to account.protonvpn.com using your browser and go to DownloadsOpenVPN Configuration files → select the server you would like to connect to, and in the Actions column next to it, click the dropdown icon to see the server name.

Clicking on the server name will save it to your clipboard for easy pasting into the Windows Settings menu. 

server names

To find your IKEv2 username and password: your IKEv2 login details are not the same as your regular Proton VPN login details. To find your IKEv2 login details, log in to account.protonvpn.com and go to AccountOpenVPN / IKEv2 username.

IKEv2 and OpenVPN login details

3. Back on the main Windows VPN Settings page, select the VPN connection you just created → Connect.

Connect

You are now connected to Proton VPN using IKEv2!

Connected!

How to fix a “Policy match error”

If you are prevented from connecting by a Policy match error:

1. Search for the Registry Editor app and Open it.

Open Registry Editor
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters → right-click on any area of white spaceNewDWORD (32-bit) Value

Create a new DWORD (32-bit) Value

3. Name the newly created value NegotiateDH2048_AES256, then right-click on it → Modify…

Modify the value
4. Enter a Value data of 2 and click OK

Enter a Value data of 24. The registry entry should now look as follows. Close the Registry Editor and try connecting again.

Try connecting again

Related articles:
Proton VPN Windows app tutorial
Proton VPN Windows OpenVPN GUI tutorial

Post Comment

30 comments

  1. Can’t connect to VPN Connection, Windows

    Error:
    The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly.

    Please advise.

    Regards,
    PT

  2. ProtonVPN Team

    Hello, please contact our customer support team for detailed investigation on what could be the case in your situation: https://protonvpn.com/support-form

  3. James

    I use the guide for set up and successfully connect to ProtonVPN server via IKEv2 on Windows 10, but when I do the IP/DNS leak test, I find DNS leak. Could you please advise? Thanks.

  4. ProtonVPN Team

    Hello James, it would be the best if you would contact our customer support team with some of the information about your connection and leaks. https://protonvpn.com/support-form

  5. Michael

    There is a typo in step 9
    “EAP-MSCHv2” should be “EAP-MSCHAP v2”
    and, you have not corrected the previous typo I pointed out.

  6. ProtonVPN Team

    Hello Michael, thanks for pointing that out, we have changed the typo last time but forgot to hit the update button for the article, now its fixed. Thank you.

  7. Michael

    When I try to create the new doubleword entry in the registry, I get an error:
    Cannot create value: Error writing to the registry
    Does this have to be done when logged on to Windows as an admin user?

  8. ProtonVPN Team

    Hello Michael, all of the configurations have to be done as Administrator user.

  9. Michael

    Is there a typo in this article? The last parameter of the registry key in the article is “Paramter”. On my Windows 10 Pro system, there is no such field, but there is one called “Parameters”. Plural vs. Singular.

  10. ProtonVPN Team

    Hello Michael, thank you for the heads up, indeed it was plural!

  11. Vlad

    I too got the error IKE authentication credentials are unacceptable” error. Any resolution ?

  12. ProtonVPN Team

    Hello Vlad, please make sure you use the correct server address hostname and the OpenVPN credentials from your account which are not the same as protonvpn credentials.

  13. Jeff

    Works here and works great.
    Only question, is there a way to get this to work on secure core? I tried copping the host name for the US-CH server and got a non-resolvable host name error

  14. ProtonVPN Team

    Hello Jeff, may I ask, are you using the hostname as per this example? “se-au-01.protonvpn.com” We tested it with the secure core hostnames and it works, like it should, but please dont use the IP addresses of the servers.

  15. Justin

    I’ve tried connecting with secure core configs using this guide and none of the hostnames I use are recognized, nor do they resolve in external DNS lookup such as whatsmydns(dot)net. If I use non-secure core server names it works.

  16. ProtonVPN Team

    Hello Justin, maybe you incorrectly entered the hostname of the server. Please contact our customer support team for detailed investigation of your issue. https://protonvpn.com/support-form

  17. Dave

    I’ve followed all these instructions twice over and have tried to connect to all the free servers… I also get the “IKE authentication credentials are unacceptable” message when I try to connect. Please can someone help?

  18. ProtonVPN Team

    Could you please contact our customer support team here with all of the possible information like windows version, what server was tested, your location and ISP ? https://protonvpn.com/support-form

  19. bugi

    I have the very same problem!
    I tried to connect using the free server us-free-01.protonmail.com

  20. ProtonVPN Team

    Hello Bugi, Please make sure you use your OpenVPN credentials and if they are correct and you still get the error message, please contact our customer support team – https://protonvpn.com/support-form

  21. Safiq

    Ii always get a “IKE authentication credentials are unacceptable” error

  22. ProtonVPN Team

    Hello, are you sure you are using the correct log in information (openvpn logins) from your user account dashboard?

  23. Jazereel

    Hello!
    I’ve tried to follow the steps but i always get a “IKE authentication credentials are unacceptable” error. What else can i do apart from using third party apps?

  24. ProtonVPN Team

    Hello, Are you sure you are using the OpenVPN credentials from your account dashboard on https://account.protonvpn.com/settings ? If yes, please contact our support and we will do our best on solving this out. https://protonvpn.com/support-form

  25. kostas

    I tried to connect using the free server us-free-01.protonmail.com, but I couldn’t. I tried then ping us-free-01.protonmail.com to get a server IP address (based on another comment on https://protonvpn.com/support/protonvpn-ios-manual-ikev2-vpn-setup/). I get a “policy match error” while trying to connect (on Windows 10 Pro, build 16299.309 (1709))

  26. ProtonVPN Team

    Hello Kostas.
    Could you please contact our support team and provide some screenshots or information on how you have configured the connection?
    https://protonvpn.com/support-form

  27. Alexandru

    Hi!
    Same issue here. Any advices? Thank you!

  28. ProtonVPN Team

    Hello Alexandru,
    We are currently investigating this issue as we seems to be able to reproduce it. Will do our best to fix it ASAP.

  29. Jasna

    Same thing happening here after being able to connect via IKEv2 for a few months. Any updates?

  30. ProtonVPN Team

    Hello Jasna,
    We`ve updated the article with the latest fix for that if you get “policy match error” . The steps on what to do is at the bottom of this article.

Comments are closed.

Secure
your internet

Get Proton VPN
Get Proton VPN

For customer support inquiries, please submit the following form for the fastest response:
Support Form

For all other inquiries:
contact@protonvpn.com


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v4.10.10
Comment: https://openpgpjs.org

xsBNBFiYeeIBCACpwuYcTsACyjQaqY3tOUonokamGZf3VDuLvcA9nQnu4vlB
n1RFFUJa5Pmf2yZ9EjJFSldTl5lreE3tFf53CcZ9wKa1R6aMnN/0VqURJho0
ZTqevQlCvuJ9kKHkDck3Em0/1WWnhDJgabp+fOa5HAHoAvcNy5gVPuexTT/N
wp6QcfB7w+qFhf73s0bcSn5RC+FAYlQxZVFhFtA7/7LthBVatDJrYLYP9XJd
zOZqz9AX0XZwKal25RcVeGHkNKgloo0bTgro4D88MR7saqXFHTRhy3+Wss7c
uqrh0uIkVmqtadoK/rAbqOyFXQ2DlvSMVrEMLUvwlZbC0taqcKDfNA+FABEB
AAHNLWNvbnRhY3RAcHJvdG9udnBuLmNvbSA8Y29udGFjdEBwcm90b252cG4u
Y29tPsLAfwQQAQgAKQUCWJh54wYLCQcIAwIJEN4dfnhhw11TBBUIAgoDFgIB
AhkBAhsDAh4BAAoJEN4dfnhhw11T6PwIAKgIHTUaEcCFQ5WfmwGpdhRgFe7H
gnHR8UOFPrRKnbCOQgTVPGwCFt8UVFhEgbmtroThU89DpxFSYUOD6nZ2k1X3
X4Q9OsItFUUuhPtLJrkz5ghtZLmsAH/edTRbVU1Ew1E8KbylLFI1J5yId7zR
GdnaTXv/E7P3po5X/b08TFAhXSyYYUbMeQuthbJajtpFygr53lm47cOWa4N8
udqLhmpheaQj04DuqYXOGC08JQn+XbHzhFl5Yvlt9Idk8+7c2UJ0qgWKQ5ZV
mquRAw5HDCQM5OqF1MoImDxOH+tK3PUlvFDsLZ1WPEOHK/EN12sPBx0x1R04
fcPTPdbMwgISGM3OwE0EWJh54gEIALqhrLUpvarPc0nkuHpyJC/MsrIDPLuV
qMc49tgjgDBsyIKJFEP9qCnkSOEixaFi+nTljUSpkHGR+PvEGecmcOdW6djN
QGxon/nwBT9d8HbtxJesaEIzwRAxmqQW9MqNq4UsfNQ0VvUYqV9wEbYfdDT/
jZfz9N0hjFELF1sg3UPcCRijhf162bp+rLQdO9vWVUbOdMQvsM/kyUJ6JMXR
xUtyKC05ddxii2SMr4XUW45ostPbxJybOF5oSZpEb1EIlrTLLPAe/498XlBW
hpRAPe+9ZfNs7drMvUEFnnOXahrXAuaaZpyaS/XBaloqSb1+v2AkUep3dbSF
PaRtbXRMS+kAEQEAAcLAaAQYAQgAEwUCWJh54wkQ3h1+eGHDXVMCGwwACgkQ
3h1+eGHDXVMZ4Qf4hu5N8/uYNDqJMFRIWSCpPGxmyIVXGARG4hgR8gwPZY9K
fReAUndX3uODBNIgZU7I3YntawU1DlP6GpP6yyR/8lfUMNCAXPDmd+zTFYIJ
UDHD8sw2GRrFVzFOKUpAapWFOI4XjSMP2UiK4HgrpUjAhe1wSaa7nEjtAuYT
zFx1QSuQD1iYcOF/FAm7EuhBIfWITjYAobGM6gonPbp3IPHM52rUbulllcdV
vCLs+blcyiVCGZlNcmlg3eibAJJL19TQLqT2DbQvQ/SyVBJGjoT+y4TTRtmZ
cebEjt2KJcc4x2lzPq3z2KJNyJTOTMB+aYD9Ma9IObDds+M/+5XDWi7f
=ueTT
-----END PGP PUBLIC KEY BLOCK-----

You can also Tweet to us:
@ProtonVPN