How to set up an IKEv2 connection manually on Windows?

This guide will cover the necessary steps of configuring the IKEv2 connection manually with Surfshark on your Windows device. IKEv2 can help you connect to Surfshark servers in restricted network countries or on older Windows versions.


Here are the steps that we will go through:


You will need a Windows device and an active Surfshark subscription to follow along.



Get your credentials


  1. Please visit and log in to your account.  You can find the direct link here.

    In case this link doesn't work, please try this page instead.

  2. Go to the VPN -> Manual setup -> Manual -> Credentials section and copy the Username and the Password.



Select your location


  1. Go to the VPN -> Manual setup -> Manual -> Locations section.

  2. Select which location you wish to connect to and copy the domain address under the location's name as shown in the screenshot below.



Install the certificate


  1. Go to the VPN -> Manual setup -> Manual -> Locations section.

  2. Scroll down until you see IKEv2 certificate under Other configuration files. Click on IKEv2 certificate to download the certificate file and open it afterward.


  3. A window will appear once you open the certificate file. Click on the Install certificate button.


  4. Select Local machine under Store Location and click Next.


  5. A prompt will appear asking for your permission to proceed with the certificate installation. Click Yes (this option requires you to have administrative privileges).


  6. Select Place all certificates in the following store and click Browse... Then select the Trusted Root Certification Authorities store. Proceed by clicking Next.


  7. Click Finish on the next window to finish the installation of the IKEv2 certificate.


  8. A message regarding the success of the certificate import will appear. Click Ok to close it.



Set up the connection


  1. Click on the Windows Start menu, search for 'Control panel', and open the Control panel application.


  2. Click on the Network and Internet category.


  3. Then select Network and Sharing Center.


  4. Click on the Set up a new connection or network option.


  5. Select the Connect to a workplace option and press Next.


  6. Choose Use my Internet connection (VPN) method.


  7. Enter the required information.


    Internet address: Enter the domain name which you selected in the "Select your location" step.

    Destination name: you can name this connection however you want.

    Use a smart card: leave unchecked.

    Remember my credentials: you can leave it unchecked if you wish to enter your credentials every time you connect.

    Allow other people to use this connection: if you leave it unchecked, only the user setting up this connection will connect. (If you wish that all of the users registered on the device would connect, you require Administrator rights.)

    After filling in all the fields, click Create.

  8. Press Create and right-click the adapter that you have created. Select Properties and open the Security tab.


    Set the following options:
    Type of VPN: IKEv2;
    Data encryption: Require encryption (disconnect if server declines);
    Authentication: Use Extensible Authentication Protocol (EAP) and EAP-MSCHAPv2.

    Then, click OK to save these changes.

  9. Open your Network settings (you can do so in the bottom right corner of the screen by pressing the Network icon) and select Network & Internet settings.


  10. In the newly opened window, select VPN, click on the newly created connection and select Advanced options.


  11. In the Advanced options settings, click Edit and fill in the service credentials (Username and Password) which you saved in the "Get your credentials" step. After that, click Save to confirm the changes.


  12. Now, open your Network settings again, press on the newly created connection and click Connect.



Make sure your connection was successful


It's always recommended to check whether your connection was successful after setting up a VPN for the first time. This can be easily done by doing an IP leak test and a DNS leak test which is available on our website. Click here to find out how to make sure your connection was successful.


Congratulations! You have successfully set up an IKEv2 connection to Surfshark servers manually! As long as you’re connected, your location is private and your sensitive data is secure.



If you have any further questions, our customer success team will help you 24/7 over live chat or email.


You may also be interested in:

Was this article helpful?