There are methods you can use to connect to ProtonVPN servers on Windows. The recommended way is to use the ProtonVPN app. You can check our Windows VPN application guide here: https://protonvpn.com/support/protonvpn-windows-vpn-application/
If you don’t want to use the ProtonVPN Windows app, you can also connect to ProtonVPN using OpenVPN GUI client or manually connect via the IKEv2/IPsec protocol. If you are wondering how to set up your VPN through the IKEv2/IPsec protocol on Windows 10, the instructions below will walk you through.
How to set up ProtonVPN by using the IKEv2 protocol on Windows 10.
- Download the ProtonVPN IKEv2 Certificate from here: http://protonvpn.com/download/ProtonVPN_ike_root.der
- Open the Certificate.
- Click Install Certificate.
4. Select Local Machine and click Next.
- Select Place all certificates in the following store and click Browse…
- Select Trusted Root Certification Authorities and click OK, then Next.
- Click Finish and then OK on the Certificate Import Wizard window.
How to connect to ProtonVPN servers
- Open the Windows Control Panel.
2. Search for “Network and Sharing Center” and open it.
3. Click on Set up a new connection or network.
- Select Connect to a workplace and click Next.
- Click on Use my Internet connection (VPN).
- In the server field, enter the hostname of the server you wish to connect to except for a Free server (for example we used US server us-nj-01.protonvpn.com). Free servers do not work with the IKEv2 connection protocol due to the load balancers used on the hostnames. Server hostnames can be found in the Downloads category in your account, under the Server Configs section. Each server is named according to its server number and a two-letter country code: https://account.protonvpn.com/downloads
Here is an example of what the server hostname looks like and how to find it:
Type any name you choose in the “Destination name” field, then click Create.
- You will return to Network and Sharing Center window – click on Change adapter settings.
8. Right-click on the Network adapter you have created and select Properties.
- Microsoft changed the Windows 10 Desktop and mobile VPN routing behavior for new VPN connections. The option Use default gateway on remote network in the Advanced TCP/IP settings of the VPN connection is now disabled by default. To access this option:
- Select the Networking tab in the ProtonVPN IKEv2 Properties Window
- Double-click on Internet Protocol Version 4
- Select Advanced…
- Here you will see the Use default gateway on remote network option
- Select the Security tab in the ProtonVPN IKEv2 Properties window and enter these settings:
Type of VPN: IKEv2
Data encryption: Require encryption (disconnect if server declines)
Authentication: Use Extensible Authentication Protocol(EAP) and EAP-MSCHAP v2
Click OK to save the settings.
- Right-click on the Network adapter that you created and click Connect / Disconnect.
- The Windows 10 built-in VPN client will open up. Select your profile and click Connect.
- You will be prompted to enter your VPN credentials – you will have to enter your OpenVPN/IKEv2 credentials, which can be found in the Account category: https://account.protonvpn.com/settings
- That’s it! You have successfully connected to a ProtonVPN server via the IKEv2/IPsec protocol. In order to disconnect, just simply select the profile again and click Disconnect.
If you are not able to connect and get “Policy match error” follow these steps:
Open “Run” window while pressing Windows button+R on your keyboard at the same time. Type in regedit.
Then, navigate to this directory – HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters
Now right click on right side empty space and create a new DWORD (32bit) file named NegotiateDH2048_AES256
Right click on new created registry file and click on “Modify…“, then in the value data field enter the value of 2 and click OK.
It should look like this:
After doing this, close regedit and try connecting to the VPN server again.