If you’re setting up a VPN in Windows 10, you’re likely using the first-party VPN app provided by your VPN provider. What you may not know is that Windows 10 already has a built-in way to configure a VPN, at least for some VPN protocols – whether or not it can be used with your VPN depends on their setup.
The built-in VPN tool supports the PPTP, L2TP, SSTP, and IKEv2 VPN protocols. Unfortunately, it doesn’t support the standard VPN protocol, OpenVPN. The VPN manager can be found in the Settings app, under VPN, in the Network & Internet section. You can open the page directly, by pressing the Windows key, typing “VPN settings” and hitting enter.
On the VPN settings page, click the “Add a VPN Connection” button at the top to open the VPN configuration overlay.
The first step in the VPN configurator is the “VPN provider” drop-down box, which only has one value for you to select “Windows (built-in)”.
The second setting is “Connection name”, here you can enter any name you want. It will only be used as a label and so it isn’t important, although if you’re going to have more than one VPN configured, it may be a good idea to give it a helpful name, such as the name of the VPN provider.
Next, you need to select a VPN type, this is the protocol that the VPN connection will use. You need to select a protocol offered by your VPN provider.
Tip: L2TP has two variants, “with certificate” and “with pre-shared key”. A pre-shared key will normally be relatively short and look very similar to a password. A certificate, however, will be much longer, will be made up of random characters, and will likely start with the phrase “BEGIN CERTIFICATE” in capitals.
IKEv2 is the strongest supported VPN protocol, followed by SSTP, L2TP with certificate, and L2TP with pre-shared key. PPTP is the least secure VPN protocol offered.
Tip: L2TP with certificate is only preferred over the pre-shared key variant if you trust all of the people that use your device. You shouldn’t save and use certificates for authentication on public computers unless you keep the certificate exclusively on removable storage. If you’re on a public computer L2TP with a pre-shared key is better than the certificate.
The fifth setting “Type of sign-in info” is the method of authentication you’ll be using to connect to the VPN. The options are Username and password, Smart card, One-off password, and Certificate. You’ll need to select the type of credentials given to you by your VPN provider.
“Username and password” is self-explanatory. “Smartcard” allows you to use a physical security token to prove your identity. “One-off password” is a password that can only be used once before it becomes invalid. “Certificate” is a certificate file used to prove your identity.
The last two boxes are “Username” and “Password” they’re only both available depending on the type of authentication you’re using.
Certificate-based authentication only works with the IKEv2 protocol. To import a certificate, double-click it in File Explorer then follow the Certificate Import Wizard. When asked, you should install the certificate to the “Local Machine” and let the certificate automatically select which certificate store to import to.
Once you’ve entered all the details, and imported a certificate if it’s needed, you can save the VPN configuration.
To connect to a VPN, go to the VPN settings page, select the VPN you created and click “Connect”. If your connection details are all correct, it will now connect to your VPN. Once connected, it will show as “Connected” and only give you the “Advanced options” and the option to “Disconnect”.