Setting up IKEv2 VPN access under Windows 10.
1. Download and extract the Certificate file
Download and extract our certificate file to a good location on your computer.
Download our certificate file here: IKEv2 Certificate File
2. Open Microsoft Management Console
Go to your Windows 10 start menu and type the words ‘mmc’ or go to Run and Open ‘mmc’.
3. Add/Remove Snap-in
From the [Console Root] click onto ‘File’ and select the option to ‘Add/Remove Snap-in’.
4. Add Certificate
Select ‘Certificates and click onto the ‘Add’ button.
5. Certificates Snap-in
Check the option to always manage certificates for ‘Computer account’.
6. Select Computer
Ensure the snap-in will always manage ‘Local computer’ then click onto the ‘Finish’ button.
Click onto the ‘OK’ button.
8. Import Certificate
From the ‘Console Root’ expand ‘Certificates (Local Computer)’ option, then expand ‘Trusted Root Certification Authorities’ and right click onto ‘Certificates’ then choose ‘All Tasks’ > ‘Import’.
9. Import Wizard
The certificate will now be imported, click onto the ‘Next’ button.
10. Locate certificate
You now need to seclect the certificate file, click onto the ‘Browse’ button.
11. Select certificate
Navigate to the location of the ikev2.crt certificate that you have extracted and import it.
12. Confirm selection
Confirm the selection by clicking onto the ‘Next’ button.
13. Certificate store
Ensure all certificates are placed in the following certificate store ‘Trusted Root Certification Authorities’ then click onto the ‘Next’ button..
14. Completing the import
Click onto the ‘Finish’ button to complete the certificate import.
15. Confirm import
From the ‘Console Root’ expand ‘Certificates’ then ‘Trusted Root Certification Authorities’ and click onto ‘Certificates’. You should now see the ‘VPNUK Root CA’ certificate in the list of available certificates.
16. Close the Console Window
You can now close the console window.
17. Don’t Save
A prompt will open asking if you would like to ‘Save console settings to Console1’, select ‘NO’.
18. Open Network and Sharing Centre
Right click onto your networking icon in the sys tray (fig. A) and select ‘Open Network and Sharing Centre’ (fig. B).
19. Set up the IKEv2 VPN connection
Click on ‘Set up a new connection or Network’.
20. Choose the Connection Type
On the next screen, click on ‘Connect to a workplace’ then click ‘Next’.
21a. Create a new connection (if it appears)
If you are asked if you would like to use an existing connection choose ‘No, create a new connection’.
21b. Use my Internet Connection (VPN)
Select the option to ‘Use my Internet connection (VPN)’.
22. Enter the server information
Enter a server name into the Internet address field and a friendly name for this connection into the Destination name field. Clients on the Shared IP platform can enter any of our servers from the Shared IP pool of servers, Dedicated IP users should enter the server their unique IP address corresponds to. Place a tick in the checkbox labeled ‘Remember my credentials’ then click the ‘Create’ button. You can find the server information in your ‘Welcome to VPNUK’ email or in the ‘Client CP‘ on the VPNUK website.
NOTE: Please only enter the server name, DO NOT enter the IP address of the server.
23. Open Networking
Right click onto the networking icon in the sys tray and select ‘Open Networking and Sharing Center’.
24. Change adapter settings
Click onto the ‘Change Adapter Settings’ menu option.
25. Connection Propeties
Right Click onto the VPNUK connection and select ‘Properties’.
26. Remember Credentials
Select the ‘Remember my credentials’ option, then click onto the ‘Security’ tab.
27. Choose The ‘Type of VPN’
From the dropdown menu choose the ‘IKEv2’ option..
Ensure the Authentication is using (EAP) is checked and set the drop down option to ‘Microsoft Secured Password (EAP-MSCHAPv2)’.
29. Disable IPv6
Uncheck the IPv6 option and then click onto the ‘OK’ button to save all the changes.
30. Connect to VPNUK
You have now configured the VPNUK connection on Windows 10. Click onto your networking icon in the sys tray (fig. A) which will open the Network Settings overview, then click onto the VPNUK connection (fig. B).
31. Click Connect
Select the VPNUK connection that you would like to connect to and click ‘Connect’.
The first time you connect to the VPN you will be asked to enter your login username and password. Once the details are entered click OK to connect!
ISP DNS Hijack / DNS Leak Protection
Some ISPs will attempt to hijack your DNS settings which hinders the VPN connection from functioning correctly. If you find that your VPNUK connection does not route your traffic correctly you can try changing your Public DNS server to the VPNUK DNS server or to an alternative like Google DNS.
1. Right click onto your network connection icon in the sys tray and select ‘Open Network and Sharing Centre’.
2. Go to ‘View Network Adapters’ from the left hand menu.
3. Right click onto your active Ethernet or Wireless Connection
and select ‘Properties’.
4. Double click onto ‘TCP/IPv4’ from the list of items.
5. Enter a DNS IP into the DNS server box. Google DNS is 126.96.36.199. VPNUK Public DNS is: 188.8.131.52