You’re using a web browser that we no longer support. For better security and an improved user experience, please update to a newer browser.

Setting up manual IKEv2 connection on Windows 8/10

The IKEv2/IPsec connection is one of the alternative methods to connect to NordLayer private gateway(s) on your Windows PC. This is the preferred connection method among privacy enthusiasts, as the IKEv2/IPsec security protocol is currently one of the most advanced on the market. That said, this manual setup lacks the additional features of the native NordLayer app and is a bit more complicated to set up.

Disclaimer: This connection method will require you to add the certificate to Trusted Root Authorities, which will apply to all certificates. This might potentially put your system at risk of a MITM attack if someone gets the private key of that certificate. While our private keys are completely secure and the chances of anything bad happening are very small, we recommend this connection method only if you cannot connect using our native app or any other alternative way.

To use this connection method, the only file you need to download and install is the NordLayer digital certificate. The connection application itself is already in-built on Windows.


1. Download the certificate:

Note: Your browser may try to save the file in its own certificate location or open it immediately. Make sure to download the file instead of just opening it. On Firefox, right-click the link above and select "Save Link As...". On Internet Explorer, select "Save" instead of "Open". Chrome will download the file correctly.01_2x.png

Double-click the root.der file you have just downloaded.

2. Click Open02_2x.png

3. Click Install Certificate…03_2x.png

4. Select Local Machine and click Next

5. Select Place all certificates in the following store and click Browse...05_2x.png

6. Select Trusted Root Certification Authorities

Click OK and then Next.06_2x.png

7. Click Finish

8. Click OK on both windows

9. Open the Run box by pressing the Windows + R key combination on your keyboard

Type certmgr.msc in the Run box to open the certificates management tool.07_2x.png

10. Navigate to Trusted Root Certification Authorities > Certificates and find CyberHop Root CA08_2x.png

11. Right-click on CyberHop Root CA and select Properties09_2x.png

12. Check the Enable only for the following purposes option and uncheck all the boxes except the Server Authentication box10_2x.png

13. Click OK and Apply


Set up a VPN connection:

1. Open the Windows Start Menu and type control panel in the search bar. In the search results, click on Control Panel11_2x.png

2. Open Network and Internet12_2x.png

3. Click on Network and Sharing Center13_2x.png
 4. Click Set up a new connection or network14_2x.png

5. Click Connect to a workplace and hit Next15_2x.png
6. If asked "Do you want to use a connection that you already have?", select No, create a new connection and click Next

7. Click Use my Internet connection (VPN)16_2x.png

8. In the Internet address field, type the hostname of your private gateway, which can be found on our Downloads page

At the same time, you should copy the service credentials (username and password) at the bottom of the page.

9. For the Destination name, enter any name you would like your connection to have

10. Open Network and sharing center again and click Change adapter settings17_2x.png

11. Right-click the adapter with the name you’ve just created, click Properties, and go to the Security tab

12. Configure as follows:

  • Type of VPN: IKEv2
  • Data encryption: Require encryption (disconnect if server declines)
  • Authentication: Use Extensible Authentication Protocol(EAP) and EAP-MSCHAPv2


13. Open the Networking tab and uncheck the Internet Protocol Version 6 (TCP/IPv6) box19_2x.png

14. Click OK

15. In the system tray located in the bottom-right corner of the screen, click on either the Wi-Fi or Ethernet connection icon and click Open Network & Internet settings20_2x.png

16. In the left sidebar of the settings, select VPN, find your created IKEv2 connection, and click on Advanced options21_2x.png

17. Click Edit and enter your NordLayer service username and password that you have copied earlier22_2x.png

18. Click on the network icon again in the system tray in the bottom-right corner of the screen and click Connect under NordVPN IKEv2


19. You should now be connected


Note: In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.

Return to top