Contents x
    Setting up manual IKEv2 connection on Windows 8/10
    • 3 Minutes to read
      Contents

      Setting up manual IKEv2 connection on Windows 8/10

      • 3 Minutes to read
        Article Summary

        The IKEv2/IPsec connection is one of the alternative methods to connect to NordLayer private gateway(s) on your Windows PC. This is the preferred connection method among privacy enthusiasts, as the IKEv2/IPsec security protocol is currently one of the most advanced on the market. That said, this manual setup lacks the additional features of the native NordLayer app and is a bit more complicated to set up.

        Disclaimer: This connection method will require you to add the certificate to Trusted Root Authorities, which will apply to all certificates. This might potentially put your system at risk of a MITM attack if someone gets the private key of that certificate. While our private keys are completely secure and the chances of anything bad happening are very small, we recommend this connection method only if you cannot connect using our native app or any other alternative way.

        To use this connection method, the only file you need to download and install is the NordLayer digital certificate. The connection application itself is already in-built on Windows.

        1. Download the certificate: https://downloads.nordlayer.com/certificates/root.der

        Note: Your browser may try to save the file in its own certificate location or open it immediately. Make sure to download the file instead of just opening it. On Firefox, right-click the link above and select "Save Link As...". On Internet Explorer, select "Save" instead of "Open". Chrome will download the file correctly.

        01@2x.png

        Double-click the root.der file you have just downloaded.

        1. Click Open

        Screenshot 2022-08-30 at 13.44.17.png

        1. Click Install Certificate…

        setting-up-ikev2-windows-8-10

        1. Select Local Machine and click Next

        04@2x.png

        1. Select Place all certificates in the following store and click Browse...

        05@2x.png

        1. Select Trusted Root Certification Authorities

        Click OK and then Next.

        06@2x.png

        1. Click Finish

        2. Click OK on both windows

        3. Open the Run box by pressing the Windows + R key combination on your keyboard

        Type certmgr.msc in the Run box to open the certificates management tool.

        07@2x.png

        1. Navigate to Trusted Root Certification Authorities > Certificates and find CyberHop Root CA

        Setting up manual IKEv2 connection on Windows 8/10 Files

        1. Right-click on CyberHop Root CA and select Properties

        09@2x.png

        1. Check the Enable only for the following purposes option and uncheck all the boxes except the Server Authentication box

        10@2x.png

        1. Click OK and Apply

        Set up a VPN connection:

        1. Open the Windows Start Menu and type control panel in the search bar. In the search results, click on Control Panel

        11@2x.png

        1. Open Network and Internet

        12@2x.png

        1. Click on Network and Sharing Center

        13@2x.png

        1. Click Set up a new connection or network

        14@2x.png

        1. Click Connect to a workplace and hit Next

        15@2x.png

        1. If asked "Do you want to use a connection that you already have?", select No, create a new connection and click Next

        2. Click Use my Internet connection (VPN)

        16@2x.png

        1. In the Internet address field, type the hostname or IP of your private gateway, which can be found on our Downloads page

        At the same time, you should copy the service credentials (username and password) at the bottom of the page.

        1. For the Destination name, enter any name you would like your connection to have

        2. Open Network and sharing center again and click Change adapter settings

        17@2x.png

        1. Right-click the adapter with the name you’ve just created, click Properties, and go to the Security tab

        2. Configure as follows:

        • Type of VPN: IKEv2
        • Data encryption: Require encryption (disconnect if server declines)
        • Authentication: Use Extensible Authentication Protocol(EAP) and EAP-MSCHAPv2

        18@2x.png

        1. Open the Networking tab and uncheck the Internet Protocol Version 6 (TCP/IPv6) box

        19@2x.png

        1. Click OK

        2. In the system tray located in the bottom-right corner of the screen, click on either the Wi-Fi or Ethernet connection icon and click Open Network & Internet settings

        20@2x.png

        1. In the left sidebar of the settings, select VPN, find your created IKEv2 connection, and click on Advanced options

        Setting up manual IKEv2 connection on Windows 8/10

        1. Click Edit and enter your NordLayer service username and password that you have copied earlier

        22@2x.png

        1. Click on the network icon again in the system tray in the bottom-right corner of the screen and click Connect under NordVPN IKEv2

        23@2x.png

        1. You should now be connected
        If you are not able to connect and get a “Policy match error” follow these steps:
        1. Open the “Run” window while pressing the Windows button + R on your keyboard at the same time. Type in regedit.
        2. Then, navigate to this directory – HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters
        3. Now right-click on the right side empty space and create a new DWORD (32bit) file named NegotiateDH2048_AES256
        4. Right-click on the newly created registry file and click on “Modify…“, then in the value data field enter the value of 2 and click OK.
        5. After doing this, close the regedit and try connecting to the VPN server again.

        Note: In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.

        Was this article helpful?
        What's Next