How to setup IKEv2 VPN client


A virtual private network, or VPN, allows you to securely encrypt traffic as it travels through untrusted networks, such as those at the coffee shop, a conference, or an airport.

IKEv2, or Internet Key Exchange v2, is a protocol that allows for direct IPSec tunneling between the server and client. In IKEv2 VPN implementations, IPSec provides encryption for the network traffic. IKEv2 is natively supported on some platforms (OS X 10.11+, iOS 9.1+, and Windows 10) with no additional applications necessary, and it handles client hiccups quite smoothly.

In this tutorial, you’ll learn how to set up Windows, macOS, Ubuntu, iOS, and Android clients. Some contents from internet were referenced in writing this tutorial.


To complete this tutorial, you will need:

  • Download CA certificate
    • If you are one of the Creekside Networks managed service clients,please download the CA certificate creekside.authority.cer to your device first.
  • Obtain following information from your IT admin
    • VPN server’s domain name, such as ‘’;
    • Your VPN user ID and password
  • Download Android client

Windows 10

Install CA certificate

It takes a little bit time to install a certificate on Windows 10, please follow the slide below.

1. Search for mmc.exe, and righ click to Run as administrator.

2. From the File menu, navigate to Add or Remove Snap-in

3. Select Certificates from the list of available snap-ins, and click Add.

4. Select Computer Account and click Next.

5. Select Local Computer, then click Finish.

6. Back to the home page

7. Right click Trusted Root Certificate Store, select All Tasks and click Import.

8. From the Certificate Import Wizard. Click Next to move past the introduction

9. On the File to Import screen, press the Browse button.

10. Select the certificate file creekside.authority, and click Open.

11. Ensure that the Certificate Store is set to Trusted Root Certification Authorities, and click Next.

12. Click Finish to import the certificate.

previous arrow
next arrow

Setup VPN connection

Windows has built-in IKEv2 VPN client. Follow the steps below, you may need to fill the server information at step 4.

  • VPN provider
    • Seletct “Windows (build-in)”
  • Connection name
    • Pick a name easy for you to recognize
    • You may use alphabets and numbers.
  • Server name or address
    • fill in your VPN server’s domain name
    • Don’t use the name in the slides.
    • If you don’t have it, check with your IT admin.
  • VPN Type
    • Use “IKEv2”
  • Type of sign-in info
    • “User name and password”
  • Username
    • The username that IT admin sent to you.
  • Password
    • The VPN user’s password

1. From right of the task bar,click network icon to call out Network and Internet settings

2. Click the VPN menu on the left panel.

3. Select Add a VPN connection on the right panel.

4. Enter the VPN server details from IT admin. Don't copy samples above

5. Your new VPN connection will be visible under the list of networks. Select the VPN and click Connect. You’ll be prompted for your username and password. Type them in, click OK, and you’ll be connected.

previous arrow
next arrow

Options: Connect to internet via VPN server

These steps are only applicable if you want to use VPN to bypass censorship in some countries, or you are told by your IT admin do so.

1. Under your VPN connection, click Change adapter options under Related settings.

2. Right click your VPN connection, then select Properties from the drop down menu.

3. Choose Network tab, select Internet Protocol Version 4(TCP/IP4), then click Properties

4. Click Advanced...

5. Make sure Use default gateway on remote network is checked, Unselect Automatic metric, input 1 in the Interface metric value.

previous arrow
next arrow


Follow these steps to import the certificate:

  1. Send yourself an email with the CA certificate attached. Save the CA certificate to your downloads folder.
  2. Download the StrongSwan VPN client from the Play Store or APK file from our mirror site.
  3. Open the app. Tap the “more” icon in the upper-right corner (the three dots icon) and select CA certificates.
  4. Tap the “more” icon in the upper-right corner again. Select Import certificate.
  5. Browse to the CA certificate file in your downloads folder and select it to import it into the app.

Now that the certificate is imported into the StrongSwan app, you can configure the VPN connection with these steps:

  1. In the app, tap ADD VPN PROFILE at the top.
  2. Fill out the Server with your VPN server’s domain name or public IP address.
  3. Make sure IKEv2 EAP (Username/Password) is selected as the VPN Type.
  4. Fill out the Username and Password with the credentials you defined on the server.
  5. Deselect Select automatically in the CA certificate section and click Select CA certificate.
  6. Tap the IMPORTED tab at the top of the screen and choose the CA you imported (it will be named “VPN root CA” if you didn’t change the “DN” earlier).
  7. If you’d like, fill out Profile name (optional) with a more descriptive name.

When you wish to connect to the VPN, click on profile you just created in the StrongSwan application.


Follow these steps to import the certificate:

  1. Double-click the certificate file. Keychain Access will pop up with a dialog that says “Keychain Access is trying to modify the system keychain. Enter your password to allow this.”
  2. Enter your password, then click on Modify Keychain
  3. Double-click the newly imported VPN certificate. This brings up a small properties window where you can specify the trust levels. Set IP Security (IPSec) to Always Trust and you’ll be prompted for your password again. This setting saves automatically after entering the password.

Now that the certificate is important and trusted, configure the VPN connection with these steps:

  1. Go to System Preferences and choose Network.
  2. Click on the small “plus” button on the lower-left of the list of networks.
  3. In the popup that appears, Set Interface to VPN, set the VPN Type to IKEv2, and give the connection a name.
  4. In the Server and Remote ID field, enter the server’s domain name or IP address. Leave the Local ID blank.
  5. Click on Authentication Settings, select Username, and enter your username and password you configured for your VPN user. Then click OK.

Finally, click on Connect to connect to the VPN. You should now be connected to the VPN.


To configure the VPN connection on an iOS device, follow these steps:

  1. Send yourself an email with the root certificate attached.
  2. Open the email on your iOS device and tap on the attached certificate file, then tap Install and enter your passcode. Once it installs, tap Done.
  3. Go to SettingsGeneralVPN and tap Add VPN Configuration. This will bring up the VPN connection configuration screen.
  4. Tap on Type and select IKEv2.
  5. In the Description field, enter a short name for the VPN connection. This could be anything you like.
  6. In the Server and Remote ID field, enter the server’s domain name or IP address. The Local ID field can be left blank.
  7. Enter your username and password in the Authentication section, then tap Done.
  8. Select the VPN connection that you just created, tap the switch on the top of the page, and you’ll be connected.


Ubuntu 16.04

First, let’s download source and build the strongswan package:

cd ~
sudo apt-get install -y libssl-dev libglib2.0-dev libnm-dev
tar xjf strongswan-5.6.3.tar.bz2
cd ~/strongswan-5.6.3
./configure --sysconfdir=/etc --prefix=/usr --libexecdir=/usr/lib \
   --disable-aes --disable-des --disable-md5 --disable-sha1 
   --disable-sha2 --disable-fips-prf --disable-gmp --enable-openssl \
   --enable-nm --enable-agent --enable-eap-gtc --enable-eap-md5 \
   --enable-eap-mschapv2 --enable-eap-identity
sudo make install

And the network-manager GUI plugin

cd ~
sudo apt-get install -y intltool libgtk-3-dev libsecret-1-dev \
  libnma-dev network-manager-dev libnm-util-dev libnm-glib-dev \
  libnm-glib-vpn-dev libnm-gtk-dev


tar xjf NetworkManager-strongswan-1.4.4.tar.bz2
cd ~/NetworkManager-strongswan-1.4.4
./configure --sysconfdir=/etc --prefix=/usr --libexecdir=/usr/lib

sudo make install

Ubuntu 18.04

First, we need to install strongswan and network manager plugin.

sudo apt install -y strongswan libcharon-extra-plugins network-manager-strongswan

Setup VPN connections

Ok, now client software is ready, we can set up the VPN connections.

  • Open System Settings, then select Network;
    • Ubuntu 16.04:
      • Click the + sign at the left-bottom corner, choice Interface type to VPN, then click Create;
    • Ubuntu 18.04
      • Click the + sign at the right side of VPN list.
  • A VPN connection type dialog box will pop out, choose IPSec/IKEv2 (Strongswan), click Create;
    • Now a configuration dialog box will pop out. fill in information as directed below;
      • Name: Any text you like to name the VPN connection
      • Gateway
        • Address: The VPN server’s domain name IT sent to you.
        • Certificate: Browse to choose the certificate file you received. 
      • Client
        • Authentication: Select “EAP
        • Username: Use the userid that is given to you.
        • Password:
          • Click the icon at the end of input box.
          • Select the 2nd option: Store the password for all users.
          • Input your password
      • Options:
        • Make sure you check the “Request an inner IP address”.
        • Optionally you may also check Enforce UDP encapsulation
        • Leave use IP compression unchecked.
      • Cipher Proposals
        • Leave this section blank.
    • Finally click the “Add” button to save the configuration.

1,310 thoughts on “How to setup IKEv2 VPN client

  1. یونیننس

    Thanks a bunch for sharing this with all people you actually know what you’re
    talking approximately! Bookmarked. Kindly additionally talk over with my website
    =). We could have a hyperlink alternate contract between us

  2. fun88

    Nice post. I was checking continuously this weblog and I am inspired!
    Extremely helpful info specially the remaining
    phase 🙂 I maintain such info much. I was looking for this certain information for a very long time.
    Thank you and best of luck.

  3. sbobet

    Wow, incredible blog layout! How long have you been blogging for?
    you make blogging look easy. The overall look of your site is great, as well as
    the content!


    Thanks a bunch for sharing this with all of us you actually know what you’re
    speaking about! Bookmarked. Kindly also talk over with
    my site =). We may have a link alternate agreement among us

  5. Ноотропы

    [url=]Ноотропы в Москве[/url]

    Ноотропил содержит действующее сущность пирацетам, которое относится к группе психостимуляторов.
    Пирацетам действует, влияя на энергетические изменения в клетках центральной нервной системы (ЦНС), увеличивая использование кислорода и глюкозы.

    Ноотропил показан для лечения:

    когнитивные расстройства (такие подобно память, мышление, ориентация, понимание, счет, воспитание, язык и оценка), вызванные заболеванием мозга (выключая болезни Альцгеймера)
    дислексические расстройства у детей враз с логопедом
    Ноотропы в Москве

  6. Daotaoseogrowthhacking

    It is actually likewise a good suggestion to optimize
    inner hyperlinks to the website page. Interior hyperlinks
    are very important for improving the general exposure of your website.
    While picking a back-linking service, search for those supplying solutions that pay attention to
    inner marketing of sites. Such providers generally have a team of professionals that can easily
    improve the websites through writing keyword rich information as well as maximizing the interior web links too.
    Thus, you will certainly get better web visitor traffic and also a high ranking in primary search engines such as Google and Yahoo.

    Another efficient procedure made use of by
    several prosperous services is copywriting or even material writing.
    This features writing blogging sites, Search Engine Optimization web content posts,
    Search Engine Optimisation news release, S.E.O content, article
    and also so much more. These blurbs assist your service in a number
    of techniques.

    They deliver fresh and one-of-a-kind information to audiences.

    They encourage visitors to select your hyperlinks as well as this boosts your odds of acquiring
    high quality visitor traffic. Efficient seo material writing also aids your brand credibility
    and reputation and supercharges purchases. Several firms now make use
    of Search Engine Optimization to advertise their social networking sites existence.
    Along with a great S.E.O information creating project, it is easy for services to get the greatest exposure
    by means of social media websites including Facebook, Twitter and also numerous others.

    Nevertheless, it is necessary that you carry out certainly not overuse your SEO
    solutions. Rather, it is crucial that you learn how to do a couple of
    straightforward factors to spare on your own from
    needless SEO tension. Some individuals create the
    error of working with too many Search Engine Optimisation specialists.

    If you do so, you will definitely be actually bewildered with the Search Engine Optimization job.
    Therefore as opposed to tapping the services of Search
    Engine Optimization firms, it is most ideal to choose only a few properly proficient and accomplished

  7. srikandiqq

    Howdy! Quick question that’s completely off topic.
    Do you know how to make your site mobile friendly?
    My blog looks weird when viewing from my apple iphone.
    I’m trying to find a template or plugin that might be able to
    fix this issue. If you have any recommendations, please share.
    With thanks!

  8. download joker123 apk slot

    Simply wish to say your article is as astounding. The clarity to your
    publish is just nice and that i could suppose you’re a professional on this subject.
    Fine along with your permission allow me to snatch your feed to stay up to date with impending post.
    Thank you 1,000,000 and please keep up the enjoyable work.

  9. fun88

    I’m really enjoying the design and layout of your blog.
    It’s a very easy on the eyes which makes it much more enjoyable for me to come here and
    visit more often. Did you hire out a developer to create your theme?

    Exceptional work!

  10. cialis tadalafil

    Wow that was odd. I just wrote an extremely long comment but after I clicked submit my comment didn’t show
    up. Grrrr… well I’m not writing all that over again.
    Anyways, just wanted to say wonderful blog!

  11. fun88

    Greetings, There’s no doubt that your blog could possibly be
    having browser compatibility issues. When I take a look at your web site in Safari, it looks fine however when opening in Internet Explorer,
    it has some overlapping issues. I just wanted to provide you with a quick
    heads up! Aside from that, great site!


    Howdy this is kind of of off topic but I was wanting to know if blogs use WYSIWYG editors or if you have to manually
    code with HTML. I’m starting a blog soon but have no coding experience so I wanted
    to get advice from someone with experience. Any help would be enormously appreciated!

  13. site

    We stumbled over here from a different website and thought I might check
    things out. I like what I seee so now i’m following you.
    Look forward to looking into your web page yet again.

  14. houston junk car buyers

    Furthermore, these buyers are doubtless pay a premium price for the vehicle
    that you just most likely would not receive from a junkyard.
    If you are asking the question, “Can I promote my automotive for money to an Austin, Texas, automotive purchaser that is a junkyard?”, the answer is probably yes.
    Normally, this expectation is correct, however there are additionally
    circumstances when a junk automotive does not fetch any presents.
    Most consumers who personal a junk car and plan to promote it to
    an Austin, Texas, car purchaser that operates as a junkyard expect nothing to dam the sale.
    When you’ve got commonplace junk automobile that many individuals drive,
    trying promote it to a non-public particular person is not prone to be met with success.
    Nonetheless, in case your automotive is considered a
    “basic” in any sense, drivers who take pleasure in restoring traditional
    automobiles may very well be some of your most involved buyers.

    However, when you experience problem landing a worth offer,
    you’ve not less than three alternatives for liquidating your junker for a number of hundred
    dollars – and possibly a bit extra.

  15. fun88

    When I initially left a comment I appear to have clicked the -Notify me when new comments are added- checkbox and from now on whenever a comment is added
    I recieve 4 emails with the exact same comment. Is there a way you
    are able to remove me from that service? Kudos!

  16. 여성레플리카

    You could definitely see your skills in the paintings you write. The world hopes for even more passionate writers such as you who aren’t afraid to mention how they believe. At all times follow your heart. “In order to preserve your self-respect, it is sometimes necessary to lie and cheat.” by Robert Byrne.

  17. 프리미어리그중계

    You are so cool! I do not suppose I’ve read through a single thing like this before. So wonderful to discover someone with some unique thoughts on this topic. Really.. many thanks for starting this up. This web site is one thing that’s needed on the web, someone with a little originality!

  18. 샌즈카지노

    After looking into a number of the articles on your
    web page, I really like your way of writing a blog. I book-marked it to my bookmark webpage list and will be
    checking back soon. Take a look at my website as well and tell me your

  19. superslot pgslot

    I’d like to thank you for the efforts you’ve put in penning
    this site. I am hoping to view the same high-grade blog posts from you in the future as well.
    In fact, your creative writing abilities has encouraged me to get my
    own, personal website now 😉


Leave a Reply

Your email address will not be published.