Note: We have an official Proton VPN app for Windows that provides the easiest way to connect to our servers and allows you to benefit from many of Proton VPN’s advanced features. For example:
- Kill switch and permanent kill switch
- Choose between IKEv2, OpenVPN, and WireGuard VPN protocols
- Smart protocol
- DNS leak protection
- NetShield Ad-blocker
- Moderate NAT
- VPN Accelerator
- Port forwarding
You can also connect to Proton VPN servers manually using the following VPN protocols:
- OpenVPN (using OpenVPN GUI )
- WireGuard (using any “vanilla” WireGuard client, including the official open-source app)
- IKEv2 (using the built-in Windows VPN client)
In this guide, we show you how to manually configure devices running Windows 10 to connect to our servers using the IKEv2 protocol. The instructions for Windows 11 are very similar.
Please note that connecting in this way means you will not benefit from the advanced features available through the official Proton VPN Windows app. Please also note that even if you do wish to use manual setup, we recommend using WireGuard instead of IKEv2.
Learn how to manually configure WireGuard on Windows
Windows manual IKEv2 VPN setup for Proton VPN
Import the Proton VPN IKEv2 certificate
1. Click here to download the certificate, and open it in Explorer.
2. Click Install Certificate.
3. Select Local Machine and click Next.
4. Select Place all certificates in the following store and click Browse… (Click Yes if asked to allow this app to make changes to your device.)
5. Select Trusted Root Certification Authorities and click OK, then Next.
6. Click Finish and then OK on the Certificate Import Wizard window.
Add an IKEv2 VPN connection to Windows
1. Go to Start → Settings → Network & Internet → VPN → Add a VPN connection.
2. Fill in the following information and click Save:
- VPN Provider: Windows (built-in)
- Connection name: Choose any name for the VPN connection that makes sense to you
- Server name or address: see below
- VPN type: IKEv2
- Type of sign-in info: User name and password
- User name: Your Proton VPN IKEv2 username (see below)
- Password: Your Proton VPN IKEv2 password (see below)
To find the names of our VPN servers: Log in to account.protonvpn.com using your browser and go to Downloads → OpenVPN Configuration files → select the server you would like to connect to, and in the Actions column next to it, click the dropdown icon to see the server name.
Clicking on the server name will save it to your clipboard for easy pasting into the Windows Settings menu.
To find your IKEv2 username and password: your IKEv2 login details are not the same as your regular Proton VPN login details. To find your IKEv2 login details, log in to account.protonvpn.com and go to Account → OpenVPN / IKEv2 username.
3. Back on the main Windows VPN Settings page, select the VPN connection you just created → Connect.
You are now connected to Proton VPN using IKEv2!
How to fix a “Policy match error”
If you are prevented from connecting by a Policy match error:
1. Search for the Registry Editor app and Open it.
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters → right-click on any area of white space → New → DWORD (32-bit) Value.
3. Name the newly created value NegotiateDH2048_AES256, then right-click on it → Modify…
4. Enter a Value data of 2 and click OK.
5. The registry entry should now look as follows. Close the Registry Editor and try connecting again.
Related articles:
Proton VPN Windows app tutorial
Proton VPN Windows OpenVPN GUI tutorial
