Knowledgebase
Setting up IKEv2 VPN client on Windows 11
Posted by Aidil A. on 30 August 2022 12:42 PM

Adding NegotiateDH2048_AES256 into Windows registry

By default Windows 7 up to Windows 11 propose only the weak modp1024 Diffie-Hellman key exchange algorithm that has been deprecated by NIST Special Publication 800-57 Part 3 Revision 1 since 2015:

ike = 3des-aes128-aes192-aes256-sha1-sha256-sha384-modp1024

Therefore, any attempt connect to IKEv2 VPN server, you will getting Policy match error message.

You will need to enable the modp2048 Diffie-Hellman group by adding the NegotiateDH2048_AES256 DWORD into the Windows registry using regedit.

Download following zip file:

 

NegotiateDH2048_AES256.zip

 

Once downloaded, proceed to extract or decompress it. You should see one (1) NegotiateDH2048_AES256.reg file.

Double click on it to automatically merge NegotiateDH2048_AES256 into Windows registry.

 

Click Yes to continue

 

Click Ok to close the dialog box

 

Setting IKEv2 VPN client

Once NegotiateDH2048_AES256 added into your Windows registry, you are now ready to create a new IKEv2 VPN connection.

 

VPN information as stated below will be located within activation form email:

- VPN Server hostname
- User name
- Password

 

Create VPN connection

    1. Select Network Settings. The network icon will depend on how your PC/notebook connected to the network.

PC/monitor icon if connected using network cable CAT5/CAT5e

 

Wave icon if connected using WiFi

 

     2. Create a new VPN connection

 

    3. Click Add VPN

 

    4. In Add a VPN connection, do the following:

  • For VPN provider, choose Windows (built-in)
  • For Connection name box, enter a name you'll recognize (for example, My Personal VPN). This is the VPN connection name you'll look for when connecting
  • For Server name or address box, enter the address for the VPN server hostname
  • For VPN type, choose IKEv2
  • For Type of sign-in info, choose User name and password
  • For User name (optional), enter your VPN user name
  • For Password (optional), enter your VPN password
  • Mark Remember my sign-in info
  • Click Save.

 

 

Edit VPN connection properties

Once the VPN connection created, open its properties via Network Connections tool box.

  1. Press Win + R to open the Run command dialog box.
  2. Type ncpa.cpl and press Enter to open the Network Connections tool.

 

Alternatively, click on Windows start button and type ncpa.cpl in the search bar and press enter.

 

 

   3. Select the VPN connection you have created earlier and right-mouse click on it and select Properties

 

   4. On Security tab, ensure Type of VPN set to IKEv2.

   5. Ensure Authentication is set to Microsoft Secured password (EAP-MSCHAP v2) (encryption enabled).

 

   6. On Networking tab, make some changes to the VPN properties by following the order numbering

 

You are now ready connect to the IKEv2 VPN server. Select your VPN connection and click on Connect button

 

Connect to a VPN

  1. On the far right of the taskbar, select the Network icon

  2. Connect to IKEv2 VPN server you have created just now.


 

Once VPN connection no longer needed, select your VPN connection and click on Disconnect. This will end your VPN session.

 

 

==========================================================================================

If you face any difficulties on the setup, please feel free to contact our support team by submitting a ticket on https://247livesupport.biz or emailing out support team at support@247livesupport.biz.

 

(0 vote(s))
Helpful
Not helpful

Comments (0)
Copyright © 1998 - 2021 Shinjiru International Inc. All Rights Reserved.