The basics of VPN
The idea behind a VPN (Virtual Private Network) is partly to connect computers over a virtual network, in a business setting it could mean that you can access your company resources from outside the dedicated network. While you are at home or when traveling for example.
Today VPN:s are also sold to the average user as a magical defense against the cyber dark arts, but it's not entirely true. While it redirects your traffic and also encrypts data, it's not a one size fits all solution. Alternatives such as HTTPS will also encrypt your traffic and browsers like TOR (The Onion Router) redirects your connection through different nodes three times so that you become anonymized.
When you use a VPN you also entrust your information to another company than your Internet Service Provider (ISP).
The benefit of a VPN is that you can control what country you appear to browse the internet from. It can for example make you appear as an Italian user, thus allowing you to browse material restricted to Italy. Such as media sites and news websites. The downside is that some VPN:s messes your search experience up, putting you through annoying recaptchas.
This post is not intending to guide you to a choice of VPN or to recommend one over the other. The simple fact is that I'm using Proton VPN when I need to use a VPN and I'm reasonably happy using their service and I trust them enough. All that aside, this is a guide on how to use Windows 11:s built-in VPN service by setting up a connection to a Proton VPN server. For a beginner I would simply recommend their downloadable app, it's available for Mac, PC and Linux. I even think I got it working on my Raspberry Pi 4 (Kali Linux).
Setting up a connection to a Proton VPN server manually in Windows 11
1. You need to create an account on the Proton VPN website if you aren't already registered. Then continue by login into the dashboard.
2. Take note of your login credentials if you need them again, if you are going to download their app you will need it to log in there as well.
3. When you are logged into their website go to https://account.protonvpn.com/account
At this page, make sure to copy your OpenVPN/IKEv2 username and password. These aren't the same as you use to log into the website/VPN app.
4. You are also going to copy a specific server address for the country/server that you want to use.
Go to https://account.protonvpn.com/downloads and scroll down to OpenVPN configuration files.
Pick a country and server, press the arrow key next to download to get the server address.
It can look like this for a Japanese server: jp-free-11.protonvpn.net
5. At this stage you have prepared your login details and a server address of your choice.
Time to install drivers.
Go to https://protonvpn.com/download/ProtonVPN_ike_root.der and download the certificate.
Open the file and click install certificate
Choose local machine and next
Choose to place all certificates in the following store, navigate and select the folder "Trusted Root Certification Authorities" and continue
Make sure that the installation is finished.
6. Now it's time to create a VPN connection in Windows.
Navigate to Settings -> Network & internet -> VPN. You can go there with PowerShell "start-process ms-settings:network-vpn" or by doing run "ms-settings:network-vpn".
Click "Add VPN"
Fill in the following:
VPN provider = Windows (built-in)
Connection name = Choose a suitable name for the connection
Server name or address = The server address you got from Proton VPN website, see step 4.
VPN type = IKEv2
Type of sign-in info = Username and password
Username = IKEv2 username, see step 3
Password = IKEv2 password, see step 3
7. Your connection should show up in the list.
Test it out directly to see if you get any errors.
Fixing policy match error with Proton VPN
1. If you get a policy match error you can fix it in the registry
2. Create a .reg file with the following text:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters]
"NegotiateDH2048_AES256"=dword:00000002
3. Run the .reg file when you have created it
4. Try connecting your VPN again
5. Confirm that your IP has changed by visiting a "what is my IP" site for example