A VPN is an enormously powerful addition to your security arsenal. Sure, it’s easier to use a dedicated VPN app, but if you want to configure a VPN manually in Windows 10, this guide has you covered.
By Max Eddy
When you use a virtual private network, or VPN, you can rest assured that spies and advertisers aren’t sniffing around your traffic, and it won’t be intercepted by ne’er-do-wells, even if they’re on the same network as you. While VPN companies provide apps to make setting up their products a breeze, that’s not the only approach you can take. In fact, you can manually configure Windows 10 to use a VPN, as we’ll explain — although you’ll still need a subscription to a VPN service.
What Is a VPN?
In the beginning, the web was created. And it was pretty good, albeit lacking in critical privacy and security controls. Unfortunately, not much has changed since the words fiat web were spoken; even though the more secure HTTPS is successfully becoming the standard for web browsing, it doesn’t protect everything and won’t guard against threats lurking on your network. That’s why you need a virtual private network, or VPN.
When you switch it on, a VPN creates an encrypted tunnel between your device and a server controlled by the VPN service. Your web traffic travels through this tunnel, and it exits to the wide-open web from the VPN server to which you are connected. If there’s someone lurking on your network or, worse, the owner of the access point has configured it to steal information, they won’t see a thing. Your ISP and even three-letter intelligence agencies will be effectively blinded when it comes to monitoring your traffic.
Even advertisers and law enforcement will have a harder time tracking you across the web. Because your web traffic appears to be coming from the VPN server, correlating it to you is much more difficult than if you didn’t have a VPN.
The VPN server also hides your true location, because any observer monitoring your activities will see the VPN server’s IP address and not your own. Because your IP address is closely tied to your geographic location, hiding it effectively prevents observers from figuring out where you are. You can even pretend to be somewhere else and spoof your location by connecting to a VPN in a different country. While journalists and activists in repressive countries have used VPNs to avoid censorship in this way, you can also use a VPN to stream Netflix from outside the US — assuming that Netflix hasn’t already blocked your particular VPN.
VPNs are great, but they’re not a cure-all for the security and privacy threats that ail the internet. While some claim to block malicious websites, you should still use standalone antivirus. A VPN also won’t do much to protect your passwords, either, although TunnelBear does offer the RememBear password manager in addition to its VPN product. Also, unless you’re browsing HTTPS exclusively, you lose all the benefits of encryption once your traffic reaches the VPN server.
Do I Need to Set Up a VPN?
While you do need to set up any VPN you care to use on your Windows 10 computer, going through a manual set up process (as described in this piece) is entirely optional. All the VPN services we have tested thus far offer Windows applications that will handle the configuration for you. The apps also act as gateways to all of the VPN’s features, such as switching between VPN servers, choosing different VPN protocols, and so on.
But although VPN apps have made setup a snap, some of you may prefer to do things the old-fashioned way and have Windows handle it for you. Or maybe you just like to tinker with your system. Or you might simply prefer not to have another app on your computer. Just know that if you get frustrated with the steps outlined below, there are apps out there that can take care of this for you.
What You Need to Get Started
First, you need to choose and sign up for a VPN service. No, you’re not going to be using its apps, but you still need to access its servers. Ideally, you already have a VPN service that you are signed up for and using on all your other devices, be they PCs, phones, or tablets. But the truth is, PCMag’s research shows that many of you aren’t using a VPN. That’s bad, but there’s no judgment here, because you’re reading this piece because you’re about to start, right? If you do need to choose a VPN service, click the link in the first paragraph of this piece, read a few reviews, and pick the one that sounds right for you. Once that’s done, come back here and continue.
The second thing you have to do is decide which VPN protocol you want to use. This is the setup that creates the encrypted tunnel. There are four main protocols supported by VPN companies: IKEv2/IPsec, L2TP/IPSec, OpenVPN, and PPTP.
Our preferred protocol is OpenVPN, which is newer and has a reputation for reliability and speed. IKEv2/IPSec is a solid second option and uses new, secure technology. Many VPN companies warn against L2TP/IPSec, which is not as secure as newer protocols. Generally, it’s supported only for use on older, legacy systems. The same is true for PPTP, which you should avoid using if at all possible.
We highly recommend that you take a moment and look at the documentation for your VPN service of choice. The company will no doubt have extensive instructions, as well as direct links to the necessary information. For example, OpenVPN requires you to download a special client as well as configuration files. Configuring for IKEv2/IPSec may require you to install certificates. Depending on the company, you may have to generate a special username and password to connect via L2TP/IPSec, as well as a “shared secret” or “pre-shared key.”
You also need a list of the servers available from the VPN company, and in some cases the URLs for those servers, too. Some companies, like CyberGhost and NordVPN, have handy tools that help you select the best server and spit out all the necessary credentials. Again, it’s going to depend on which service you use, so definitely search the FAQs and Help documents!
When configuring your computer to use OpenVPN, the first thing you need to do is download the OpenVPN client. You can find it on the OpenVPN website. (Note: you want the OpenVPN app, not the PrivateTunnel app. They’re different!) Once it’s downloaded, just open the installer and step through until the Wizard has completed its work.
Next, you’ll need to download the configuration files for the servers that you want to use. NordVPN, Private Internet Access, and TunnelBear each provide them as a single ZIP file, for example. Other companies may offer them one at a time. Regardless of how you get them, you’ll likely want to consult a list or directory of the VPN service’s servers that includes the location and server name, just in case you don’t immediately recognize which server the configuration file (or files) represent.
Once you have the OpenVPN config files you want, you need to load them into the OpenVPN client. The easiest way is to open the OpenVPN app, right click on its icon in the system tray, and select the Import option. Simply navigate to the configuration files you want and select one. Note that the first time you open the app, you’ll see an error message indicating that the app has no configuration files. Don’t worry, you’ll fix that shortly.
Unfortunately, the import tool only lets you select one configuration file at a time. Alternatively, you can bulk load configuration files directly into the app. To do this, you’ll have to navigate to the config folder within the OpenVPN application. We had some trouble finding the right directory to drop the files in testing. There are probably other ways to find it, but this is what worked the best for us.
First, open the OpenVPN app, and ignore any warnings that might pop up. Right click on its icon in the system tray, and select settings. In the window that appears, click the Advanced tab. In the Configuration Files section, copy the file path in the Folder field. Then, open File Explorer, paste the path into the address bar, and hit enter. You should now be in the Config folder.
Once you’re there, drag-and-drop (or copy-and-paste) the OpenVPN configuration files you want to use into the Config folder. You may be prompted to provide administrator permissions to complete this action. Just press Continue. Once the configuration files are in place, you can close the file window and open the OpenVPN app normally.
Although the OpenVPN client is called a GUI, it barely has an interface. Right click on its icon in the system tray and you’ll see a list of the available servers that you’ve already added. Again, it helps to load only the config files you know you’ll use because the server names aren’t particularly useful.
Select the server with which you wish to connect, and click. You’ll be prompted for your VPN username and password. You’ll have the option to save your password, and that’s probably a good idea. And that’s it! Within a few seconds, you’ll be secure and online. You’ll know the connection is successful when the OpenVPN app window disappears and its system tray icon glows green.
NordVPN and Private Internet Access both have very useful tutorials, as well as links to the necessary files and information you’ll need. That said, we had some issues following them to the letter. TunnelBear’s information is a little harder to find, and the company clearly wants you to use its (admittedly excellent) apps. However, a TunnelBear blogpost about Linux support should have most of the files and information to get online — although we have not attempted it.
To set up an IKEv2/IPSec connection, you’ll need a few things. First, you’ll need the username and password of the VPN service you use. We recommend keeping it handy on your screen, so you can copy and paste it when the time comes.
Second, you’ll need the name of a server with which you can connect. You can usually find a list of servers provided by your VPN service. NordVPN and CyberGhost both offer handy tools that will recommend servers to you, and even let you choose one based on specific criteria. The name of the server will be something like us2407.nordvpn.com.
Last, you’ll likely need to download and install a certificate from your VPN service and then create a connection in Windows. We followed the instructions provided by NordVPN, which, though very complete, are quite lengthy. We highly recommend that you read these, or find an equivalent version from the VPN company you patronize.
A major advantage of configuring a connection in this way is that it will appear in the Network tab of the menu that is accessed from the bottom right corner of your screen. You won’t have to install and configure an app, as you must with OpenVPN, either. But you will have to go on a magical, tedious journey through Windows 10’s myriad of settings menus.
Configuring L2TP/IPSec or PPTP
OpenVPN and IKEv2/IPSec are newer technologies that create secure VPN connections. L2TP/IPSec and PPTP are older and widely considered less secure. In fact, many VPN companies include notes on their tutorials for these protocols indicating that users should not, if they can help it, use them.
That said, because of their age these protocols are widely supported. If nothing else works, you could give them a try, but we’re not going to detail their workings here, because we don’t recommend them.
Is It Worth the Hassle?
The fact of the matter is that there’s probably not a compelling reason to manually configure your VPN settings in Windows 10. When we started reviewing these services some years ago, not all of the VPN companies supported OpenVPN in their apps. In that scenario, it made sense to manually configure the OpenVPN app to connect. Now, however, just about every VPN maker supports VPN from its own app.
So unless you really enjoy the kind of system-level tweaking described so far in the piece, forget all the steps described above and just install the app from your VPN service. It takes only a few seconds, and it makes switching protocols and servers far, far easier than manual configuration. Moreover, VPN apps let you access additional features provided by your VPN company. Easy connection to the Tor network and specialty servers can be manually added, but VPN apps make it the work of just a few clicks.
Start Using Your VPN
Whether you install a VPN app or configure Windows 10 for VPN directly, use it as often as you can. Use it on the road, to keep the threats posed by free or public Wi-Fi at bay. Use it at home to ensure that your ISP can’t monetize your data. Use it to secure your traffic from the eyes of those who you have not given consent to view your data.
Just use your dang VPN.
Read More: “The Best VPN Services of 2018”
Originally published at www.pcmag.com.