How to use our IPSec RSA (IKEv2) *New since 25.09.2014*
Posted by Max Biggavelli on 25 September 2014 00:35

Since 25.09.2014: we have implemented the new standard "IKEv2" as beta test.

Since 04.12.2014: All tests showed successful and "IKEv2" is is now active on all countries (except Kasakstan - Kernel related problem).

Benefits of IKEv2:

[+] IKEv2 is light on bandwidth and faster

[+] IKEv2 is more compatible and portable in many aspects

[+] IKEv2 provides inbuilt NAT Traversal

[+] IKEv2 has inbuilt tunnel liveness checks, if tunnel is broken down on peer, it has facility to detect and re-establish the tunnel

[+] IKEv2 provides comprehensive authentication capabilities. It provides EAP authentication and hence it is suitable to integrate with existing authentication systems in Enterprises

[+] All versions of Windows since 2000/XP and Mac OSX 10.3+ have built in support for IKEv2 (yes, even Windows 10)

[+] Fast speed even while traffic still being encrypted (latest tests show slightly/notably better speed results compared to OpenVPN UDP and even more so over TCP!)

[+] Supports Portforwarding

[+] IPsec is a known secure standard and has shown no known critical vulnerabilities when used in conjunction with AES

[+] Using a mobile device with iOS (iPhone) or Android it is the fastest to setup and configure, as it is supported natively (no additional software required to install)

[+] IP change and Encryption for ALL Applications

Downsides of IKEv2:

[-] None yet..


Connect details:

Hostname: (your hostname you can find in your .ovpn config file)
Username: Your VPN username
Password: Your VPN password
Download "client.p12": here
Certificate password: nvpn 



Windows Vista/7/8/10 Certificate setup procedure

Instaling the required "client.p12" Certificate *german version* (english version here):

1. Start off and click on the Start Menu and type “mmc” into the search box (or simply click on  Win key + R)

2. Click on Datei -> Snap-in hinzufügen/entfernen.. (or simply do STRG + m)

3. Choose "Zertifikate" and double click it

4. Choose "Computerkonto" and click weiter, in next window keep all as it is and click Fertig stellen

5. Open "Zertifikate (Lokaler Computer)" -> "Eigene Zertifikate" -> "Zertifikate" and there click on Importieren

Choose the location of the Certificate "client.p12" file (i created an ikev2 folder in Downloads only for presentation purposes) now choose "Privater Informationsautausch *.pfx; *.p12" so you can find the file.

Once you see the file, choose it and proceed..


In next window do everything as shown below and use as password: nvpn


Now finish the import wizard and your window must look the same as below! We see two certs "nVpn Root CA" and ""


Now important: As next step we need to copy these two files into "Vertrauenswürdige Stammzertifizierungsstellen" as well, so select the two files and make a COPY.

Open the "Vertrauenswürdige Stammzertifizierungsstellen" -> "Zertifikate" tree and there choose "Einfügen"

Verify that the two files are showing up 


6. The import of the required certificates is now finished, we proceed to the next important step in where we have to edit a registry key and add a new DWORD value, so open your registry now:

"Windows Start button"

once in registry navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\Parameters" and there add a new DWORD value named "DisableIKENameEkuCheck" and set its value to "1"

Verify that everything looks as below, so that "DisableIKENameEkuCheck" exists and that its value is "1"


Important note: Windows 10 in its current state has bugs (latest build tested: 10240) with IKEv2, if you use the "normal" setup method your IP will NOT change!
In the meantime we have found a workaround that requires just a few extra steps, if you use Windows 10 then make sure to proceed from step 7.2 now, otherwise if you use Windows vista/7/8 then proceed with 7.1


Step 7.1 (Windows vista/7/8)

If everything is done we proceed to the L2TP/IPsec IKEv2 connection settings. Click on the Start Menu and type “VPN” into the search box.


Enter your unique "" hostname in the Internet address field (you find your DNS hostname in your .ovpn config file!!) and set as Destination name "nVPN" for example. Lastly, make sure that the checkbox labelled “Don’t connect now; just set it up so I can connect later” is checked. Then click the “Next” button.

Enter your VPN Username and your VPN Password and tick "Remember this password". Then click the "Create" button.


Click on the Start Menu, type the word “Network” into the search box, and click on “Network and Sharing Center”.


When the Network and Sharing Center opens, click on “Connect to a network”.


When you click on “Connect to a network”, a list of Connections appears. Right click on the “nVPN” connection and choose “Properties”.

Go to options tab and make sure to DISABLE the "Include Windows logon domain" (in german: "Windows Anmeldedomäne einbeziehen") exactly as shown below!


Hover to Security tab and choose as type "IKEv2" and choose "EAP-MSCHAP v2"

Click on Advanced settings and DISABLE the Mobility check


Thats it for the settings, finally time to connect! Again we go to "Connect to a network" and "nVPN" will be showing up in the connection list. Click on "Connect".

Click on "Connect" like shown in both panels and thats it!

Setup for Windows Vista/7/8 is at this point finished, after the successful connect, verify your IP change here: 


7.2 (Windows 10 only!)

Download following file and place it on your Desktop nVPN-IKEv2.pbk (use "Save Link As.." and save it on your desktop)

Go to your desktop and double click on this "nVPN-IKEv2.pbk" file:

a new Window appears, click OK:

Choose "Arbeitsplatznetzwerk":

Enter your unique "" hostname in the Internet address field (you find your DNS hostname in your .ovpn config file!!) and set as Destination name "nVPN-IKEv2" for example. Lastly, make sure that the checkbox labelled “Save login” is checked. Then click the “Erstellen” button.

Click "Eigenschaften"

Hover to the "Sicherheit" tab and select "IKEv2"

Click on "Erweiterte Einstellungen" and disable "Mobilität":

Choose Datenverschlüsselung and select "Erforderlich (Verbindung trennen, falls Server dies ablehnt)"

Under Authentifizierung select "(EAP-MSCHAP v2) (Verschlüsselung aktiviert)"

If you dont use IPv6 make sure to disable it, otherwise keep it activated:

If everything completed, click on OK and start to connect:

After connecting you will not see anything, to check whether you are properly connected, double click again on the "nVPN-IKEv2.pbk" file located on your desktop and following should appear now: 

"Auflegen" means you are successfully connected to IKEv2, verify the IP change here: 

To disconnect from IKEv2 again, click "Auflegen" and the VPN will disconnect, thats it.





Setting up IKEv2 on Mac OS:

Open your Network Preferences, click on the [+] sign and choose "VPN", "Cisco IPSec" and name it "nVPN - IKEv2".

Server Address: (your hostname you can find in your .ovpn config file)
Account Name: Your VPN username
Password: Your VPN password
click on "Authentication Settings":
Shared Secret: NVPN0PSK9

Confirm your settings and click on "Apply", now click on "Connect".



Android setup procedure

1. Go to the Google play store and search for "strongSwan VPN Client"

( alternatively simply use this link: )

Install the software, but dont open it yet.

2. Open your Android browser and download the required "client.p12" certificate: 

3. After the download is complete, go to your downloads location click on the "client.p12" file and it will ask for a password to extract, use as password: nvpn

4. A new window opens now, keep all as it is and make sure "Credential use: VPN and apps" (german "Verwendung der Anmeldedaten: VPN und Apps") is chosen and hit OK. Installation of the certificate is finished.

5. Open the "strongSwan VPN Client" now and click on "ADD VPN PROFILE" (german "PROFIL HINZUFÜGEN") and use settings like below.

Profilename: nVPN (IKEv2)
Gateway:   <---------- "YourCountryHere" must be replaced with your currently assigned country shortname, you can find the shortname for each country in the members area, so for example: if you use Germany then the shortname would be "ger" and the final hostname is therefore "" and it must be typed in small letters!!
Type: IKEv2 EAP (Username/Password)
Username: Your VPN username
Password: Your VPN password



Setting up Cisco IPsec on iPhone/iPad (iOS):

From your Home screen go to "Settings" -> "General" -> "VPN" -> "Add VPN Configuration" -> "IPsec" 

Description: nVPN (IKEv2)
Server: (your hostname you can find in your .ovpn config file)
Account: Your VPN username
Password: Your VPN password
Secret: NVPN0PSK9

To connect, save it and activate the "nVPN (IKEv2)" connection.

(35 vote(s))
Not helpful