< Back

How to set up IKEv2 manual connection on Windows?

This guide will cover the necessary steps of configuring the IKEv2 manual connection with Surfshark on your Windows device. IKEv2 can help you connect to Surfshark servers in restricted network countries or on older Windows versions.

 

Here are the steps that we will go through:

You will need a Windows device and an active Surfshark subscription to follow along.

 

 

Get your credentials

 

  1. Please visit surfshark.com and log in to your account.  You can find the direct link here.

    In case this link doesn't work, please try this page instead.

  2. Go to the VPN -> Manual setup -> Manual -> Credentials section and copy the Username and the Password.

    credentials_manual.png

 

Select your location

 

  1. Go to the VPN -> Manual setup -> Manual -> Files section.

  2. Select which location do you wish to connect to and copy the domain address under the locations name like in the screenshot.

    location_manual.png

 

Install the certificate

 

  1. Go to the VPN -> Manual setup -> Manual -> Files section.

  2. Scroll down until you see the IKEv2 certificate under Other configuration files. Click on IKEv2 certificate to download a certificate file and open it afterward.

    ikev2_certificate.png

  3. A window will appear once you open the certificate file. Click on Install certificate button.

    certificate_install.png

  4. Select Local machine under Store Location and click Next.

    certificate_machine.png

  5. A prompt will appear asking for your permission to proceed with certificate installation. Click Yes. (this option requires you to have administrative privileges).

    certificate_permission.png

  6. Select Place all certificates in the following store and click Browse... Then select the Trusted Root Certification Authorities store. Proceed by clicking Next.

    certificate_store.png

  7. Click Finish on the next window to finish the installation of the IKEv2 certificate.

    certificate_install_prefinish.png

  8. Message regarding a successful certificate import will appear. Click Ok to close it.

    certificate_install_success.png

 

Set up the connection

 

  1. Click on the Windows Start menu, type in 'Control panel', and open Control panel application.

    setup1.png

  2. Click on the Network and Internet category.

    setup2.png

  3. Then select Network and Sharing Center tab.

    setup3.png

  4. Click on the Set up a new connection or network option.

    setup4.png

  5. Select the Connect to a workplace option and press Next.

    setup5.png

  6. Choose Use my Internet connection (VPN) method.

    setup6.png

  7. Enter the required information.

    setup7.png

    Internet address: Enter the domain name which you selected in the "Select your location" step.

    Destination name: you can name this connection however you want.

    Use a smart card: leave unchecked.

    Remember my credentials: you can leave it unchecked if you wish to enter your credentials every time you connect.

    Allow other people to use this connection: if you leave it unchecked, only the user setting up this connection will connect. (If you wish that all of the users would connect, you require Administrator rights.)

    After filling in all the fields, click Create.

  8. Press Create and right-click the adapter that you have created. Select Properties and open the Security tab.

    setup8.png

    Set the following options:
    Type of VPN: IKEv2;
    Data encryption: Require encryption (disconnect if server declines);
    Authentication: Use Extensible Authentication Protocol (EAP) and EAP-MSCHAPv2.

    Then, click OK to save these changes.

  9. Open your Network settings (you can do so in the bottom right corner of the screen by pressing the Network icon) and select Network & Internet settings.

    setup9.png

  10. In the newly opened window, select VPN, click on the newly created connection and select Advanced options.

    setup91.png

  11. In the Advanced option settings, click Edit and fill in your service credentials (Username and Password) which you saved in the "Get your credentials" step. After that, click Save to confirm the changes.

    setup93.png

  12. Now, open your Network settings again, press on the newly created connection and click Connect.

    setup94.png

To make sure that you have connected successfully, please take a look at this article.

 

 

Congratulations! You have successfully set up IKEv2 manual connection to Surfshark servers! As long as you’re connected, your location is private, and your sensitive data is secure.

 

If you have any further questions, our customer success team will help you 24/7 over a live chat or email.

 

You may also be interested in:

Was this article helpful?