Setting Up IKEv2 VPN Client on Windows 7
Posted by Aidil A. on 25 July 2022 02:27 PM

Adding NegotiateDH2048_AES256 into Windows registry

By default Windows 7 up to Windows 11 propose only the weak modp1024 Diffie-Hellman key exchange algorithm that has been deprecated by NIST Special Publication 800-57 Part 3 Revision 1 since 2015:

ike = 3des-aes128-aes192-aes256-sha1-sha256-sha384-modp1024

Therefore, any attempt connect to IKEv2 VPN server, you will getting Policy match error message.

You will need to enable the modp2048 Diffie-Hellman group by adding the NegotiateDH2048_AES256 DWORD into the Windows registry using regedit.

Download following zip file:


NOTE: You do not need to import this file again if you have already imported it, or if you have already upgraded your Diffie-Hellman group to 2048 bits.

If already upgraded to 2048 bits or already imported this file, do skip this and proceed to Setting IKEv2 VPN client section.


Merging NegotiateDH2048_AES256 into Windows registry will require administrator access privilege. If encounter following message, then you will need switch from current Windows user and login as administrator. Once merged into registry, you may switch back to your own Windows user.


Once downloaded, proceed to extract or decompress it. You should see one (1) NegotiateDH2048_AES256.reg file.

Double click on it to automatically merge NegotiateDH2048_AES256 into Windows registry.


Click Yes to continue


Click Ok to close the dialog box


Setting IKEv2 VPN client

Once NegotiateDH2048_AES256 added into your Windows registry, you are now ready to create a new IKEv2 VPN connection.


VPN information as stated below will be located within activation form email:

- VPN Server hostname
- User name
- Password


Create VPN connection

  1. Launch Control Panel, then navigate to the Network and Sharing Center.
  2. Click on Set up a new connection or network, then select Connect to a workplace, then click Next
  3. If your PC already have existing VPN connection, select No, create a new connection, then click Next or else skip to step #4
  4. Select Use my Internet connection (VPN).
  5. Enter the VPN server details. Enter the VPN server hostname or VPN server's IP address in the Internet address field, then fill in Destination name with something that describes your VPN connection. Tick the box next to Don't connect now, just set it up so I can connect later, then click Next
  6. Fill in User name and Password. You may tick box next to Remember this password if you want, then click Create.


Edit VPN connection properties

Once the VPN connection created, open its properties via Network Connections tool box.

  1. Press Win + R to open the Run command dialog box.
  2. Type ncpa.cpl and press Enter to open the Network Connections tool.


   3. Select the VPN connection you have created earlier and right-mouse on it to select Properties


   4. On Security tab, set Type of VPN to IKEv2.

   5. Ensure Authentication is set to Microsoft Secured password (EAP-MSCHAP v2) (encryption enabled).


   6. On Networking tab, make some changes to the VPN properties by following the order numbering


You are now ready connect to the IKEv2 VPN server. Select your VPN connection and click on Connect button

Enter your VPN username and password when asked


Once VPN connection no longer needed, select your VPN connection and click on Disconnect. This will end your VPN session.




If you face any difficulties on the setup, please feel free to contact our support team by submitting a ticket on or emailing out support team at

(0 vote(s))
Not helpful

Comments (0)
Copyright © 1998 - 2021 Shinjiru International Inc. All Rights Reserved.