How to Set Up a VPN in Windows 11

[ad_1]

With a VPN, you can blind your ISP from monitoring your online activities, hide your public IP address, and even make it appear as if you’re browsing the web from another country. Typically, you’d use a VPN client application to do all this, but maybe you want to configure Windows 11 to connect directly to a VPN. We break down how to do it—and why you generally shouldn’t. 


PSA: Just Use a VPN App

This article focuses on commercial VPNs, not the VPNs provided and managed by corporate IT. If you’re using a corporate VPN, manual configuration makes sense, but it will probably be handled by your company. Be sure to consult with your IT team before trying to do it yourself.

When it comes to commercial VPNs, the easiest way to use a VPN in Windows 11 is to install the client application provided by the VPN company of your choice. And in this case, the easiest option is also the best.

When you use a VPN’s client app, you interact through a graphical interface that’s much simpler than any alternative DIY method. Plus, the app will update with all the necessary configuration information to connect to any of the VPN’s servers. As you’ll see below, manual configuration means you have to keep those updated yourself, and you can only connect to the servers you have configuration information for. For some companies, that’s thousands of servers. Trust me, you want the app handling all that.

Most importantly, VPN apps give you access to all the features VPN companies provide as part of their offerings. VPN client apps let you use split tunneling to route specific app traffic in or out of the VPN connection, for example. That’s not possible with manual configuration for commercial VPNs, but it is for corporate VPNs. 

So, before you go further, consider just installing the client app for your VPN of choice. Unless you have a compelling reason, the official VPN app is going to be the better, easier choice every time.


Getting Started With Manual VPN Setup in Windows 11

If you’ve read this far, you either have a complicated technical reason for seeking to manually configure a VPN or you’re filled with hubris. Either way, the first thing to do is purchase a subscription with a VPN service. We have extensive information on how to do this. If you already have a VPN subscription, you’ll need your login information handy as well as a browser where you can access the company’s user portal.

Now it’s time to decide what kind of VPN connection you’re seeking to create and which VPN servers you want to use. For the first question, it comes down to VPN protocol. This is the underlying technology that creates an encrypted connection between your device and the VPN server. There are a few standard options:

  • WireGuard
  • OpenVPN
  • IKEv2/IPSec
  • L2TP/IPSec
  • PPTP

Most VPN companies no longer support PPTP or L2TP because they are older and less secure. You probably shouldn’t use these protocols unless you have to.

The IKEv2 protocol is supported on most devices by default, and it is a good choice for creating a secure VPN connection. However, using it requires the installation of special certificates on your device to authorize the connection. This adds some effort and will take you to some of Windows’ less familiar areas.

OpenVPN and WireGuard are both open-source VPN protocols, which means that they’ve been picked over for any potential vulnerabilities. To use either of these protocols with Windows 11, you need to download official client software from their respective developers. And if you’re going to do that, you should consider simply installing the official VPN app from the service you signed up with instead.

Next, you need to decide which VPN servers you want to connect to. Choosing servers that are close to you is more likely to yield better speeds since your data won’t have to travel as far. If you want to tunnel past local restrictions or want your traffic to appear as if you’re in another country, you’ll want to select a more far-flung server.

Once you have that figured out, head to your VPN’s help page and dig around for official documentation on how to manually configure a VPN. Not every service supports every kind of manual configuration, and every service is slightly different. For the instructions below, I used the information from Proton VPN and Surfshark VPN, and while they should be similar to any other VPN service, it’s best to have the official instructions.


How to Configure WireGuard in Windows 11

WireGuard is rapidly becoming an industry standard among VPNs. It’s new, uses strong cryptography, and promises better speed than other protocols. Most devices don’t support WireGuard by default, and for Windows, you’ll need to download special client software.

The first thing to do is head over to your VPN’s website and seek out the official instructions on how to configure WireGuard. For the example below, I’ll be using Proton VPN. Every service is slightly different in where it stores the necessary information, so keep the official documentation handy. 

First, I logged into the VPN service’s portal and navigated to where it provides WireGuard configuration information. For Proton VPN, this is a single form that generates a configuration file based on the parameters you enter. Surfshark VPN uses a step-by-step process a bit like a software Wizard to generate the files.

Proton VPN web portal page showing a tool for creating WireGuard configuration files

For Proton VPN and Surfshark VPN, I named the configuration, selected the platform I wanted to use (that is, what kind of device to connect to the VPN), and the location of the server I wanted to connect to. Proton VPN had toggles for some additional options and the Surfshark VPN Wizard asked me if I needed to generate cryptographic key pairs. Again, the service you use may be different. Once I made my selections I clicked the Create button and downloaded the configuration file.

Note that some WireGuard configurations have a time limit. Proton VPN files are good for one year but can be extended during generation.

Next, I went to the official WireGuard website and downloaded the client app. It took a few seconds to install.

WireGuard website showing the download options

During installation, the WireGuard app warned me it didn’t have any configuration files. Not a problem. After dismissing the alert, the WireGuard app opened and the only available button was to import configuration files. When I configured my machine, the app said “Import tunnels,” as shown below. VPN connections are sometimes called tunnels.

The WireGuard client prompting the user to install configuration files

I clicked it and navigated to the WireGuard configuration file I downloaded earlier.

Finally, I clicked the Activate button and my VPN connection was complete! Comparing my IP address with and without the VPN running, I confirmed that my public IP address was changed.

The WireGuard app when connected to a VPN

Note that the WireGuard client has the option to manage and store multiple configurations. Be sure to explore the options the client provides.


How to Configure OpenVPN in Windows 11

OpenVPN, like WireGuard, is open-source software and has long been the workhorse of most VPN companies. It’s a solid choice, and, while it might someday be eclipsed by WireGuard, that day is still a long way off. As with WireGuard, you’ll need to download configuration files from your VPN of choice and install the official WireGuard client application.

For the instructions below, I used Proton VPN, but most VPNs will have similar setups. Be sure to find the support documentation from your VPN of choice so you know where to find everything required to use OpenVPN.

First, I logged into the Proton VPN web portal and navigated to the section that holds the OpenVPN and IKEv2 username and password. I set this information aside for later.

Proton VPN page displaying the username and password for IKEv2 and OpenVPN

Then I navigated to where Proton VPN lets users download OpenVPN configuration files. I selected the kind of device I’d be using (Windows, natch) and was then prompted to select UDP or TCP. Proton VPN explained the difference this way, and I’ve seen similar explanations in other VPN documentation: “UDP is faster and recommended in most situations, while TCP is more reliable and can bypass some censorship measures.”

Proton VPN website tool that generates OpenVPN configuration files

Finally, I selected the VPN servers I wanted to use and downloaded the configuration file.

Note that some VPNs, including Proton VPN, include access to some advanced features with their configuration files. Proton VPN, for instance, provides instructions for using DNS filtering and multi-hop connections. Be sure to check your documentation or, better yet, just install the official client from your VPN.

Next, I went over to the OpenVPN website and downloaded the official client application. It took just a few seconds to install.

OpenVPN website where the client can be downloaded

I then right-clicked on the OpenVPN icon in the task bar, selected Import, and then the Import File option. In the prompt, I navigated to the configuration file I downloaded earlier and selected it.

Windows Task Bar menu showing the option to import

When prompted, I entered the username and password I’d saved earlier.

Password and Username prompt in the OpenVPN app

That done, I right-clicked again on the OpenVPN taskbar icon and selected Connect. This created a VPN connection, and I confirmed that my public IP address had changed.

Task Bar menu showing the option to connect the VPN

Like WireGuard, the OpenVPN app can hold several different VPN configurations. Be sure to explore it.


How to Configure IKEv2 in Windows 11

IKEv2 is supported by default by Windows, so you won’t need to install any client software and can control the VPN connection right from the taskbar. However, you’ll likely have to install certificates to successfully connect. These need to be installed in just the right way or they won’t work. While IKEv2 is fine to use, WireGuard and OpenVPN are probably better choices. But the best choice of all? Simply installing your VPN’s default application.

For these instructions, I used Proton VPN. You should look for the official documentation from your VPN of choice so you can find the right configuration information and certificates. 

One thing to note: Because this involves installing Trusted Root Certificates, it’s very important that you only use certificates you get from official documentation from a VPN you trust. This is another compelling reason not to use this particular method, but if you’ve read this far I suppose there’s no stopping you.

First, I had to gather some information necessary to create the VPN connection. I needed to get the exact server name of every VPN server I wanted to use. Proton VPN directed me, confusingly, to a page for OpenVPN configuration, but I easily snagged the server name. I saved this for later.

I also needed an IKEv2 username and password. This is different from the username and password I use to log in to the VPN service. Your VPN’s documentation will point you in the right direction. Note that you should be able to reset these credentials to new ones if you are ever concerned the old ones have been compromised. Once I found this information, I set it aside.

The Proton VPN site where users retrieve their IKEv2 password and username

Next, I needed the appropriate certificates. The Proton VPN documentation had me download the certificate directly from the company’s site. Again, your VPN may differ in this step. After downloading the certificate file, I opened and was prompted to install it.

A Windows dialog window asking permission to install the certificate

The documentation I used had me select the option to install on a Local Machine, then select the Place All Certificates in the Following Store option. From here, I was told to select the Trusted Root Certificate Authorities folder, then to click Next, then click Finish.

Windows tool for installing trusted root certificates

Now I was ready to enter all this information into Windows. I opened the Network & Internet control panel, clicked the VPN option, and then clicked Add VPN. Next, I worked through the form that appeared. The VPN provider is Windows. The connection name can be anything, but I used the service and the location. The Server Name or Address is the server name I copied before. The VPN type is IKEv2. The type of sign-in is username and password. I pasted the username and password from the VPN service into the appropriate fields. I then hit save.

Windows settings for Internet and Networking with VPN options

A new option now appeared in Network Settings, showing the name I gave the VPN connection. I clicked Connect and the VPN was activated. Success! I verified that my public IP address had changed.

Windows Internet and Networking settings, showing the option to disconnect from the VPN

You can store any number of server configurations in this way, and it’s handy to have them accessible from the OS. However, you’re still limited to only the VPN servers you configure Windows to use.


Again, Just Use a VPN App

The built-in support for VPN connections in Windows 11 is certainly handy, but it’s not made for the average consumer. Instead, it’s for anyone that is connecting to a corporate VPN for work or is running a VPN for their own purposes.

For everyone else, it’s best to stick with the official VPN app. These apps are far easier to use, kept up to date automatically, and you get access to all the features you’re already paying for. This is one case where the most convenient option really is the best.

[ad_2]

Source link

Leave a Reply