How to connect to NordVPN with IKEv2/IPSec on macOS

In this guide, we will cover how to set up an IKEv2 manual connection on older macOS versions. If you are using the latest macOS Ventura version, follow our guide on IKEv2 setup on macOS Ventura.

Even though the IKEv2/IPSec protocol is no longer supported on macOS on NordVPN 8.5.0 and newer app versions, this connection method can be used as an alternative way to connect to NordVPN servers if you can't install the application.

This setup lacks the additional features of the native NordVPN app and is a bit more complicated.

Manual connection setup

1. First, download the NordVPN IKEv2 certificate to your macOS. The easiest way is to click this link on your macOS device.
   
   Once downloaded, open the certificate file in the Downloads folder.
   
   
   
   
2. The Add Certificates window will appear. Click Add to add the certificate to the login keychain.
   
   
   
   
3. Right-click the NordVPN Root CA certificate in the login keychain and select Get Info.
   
   
   
   
   
4. Under When using this certificate, set the IP Security (IPSec) and Extensible Authentication (EAP) fields to Always Trust. Leave all other fields as Never Trust. You will have to enter your Mac password to make these changes. Once done, close the keychain.
   
   
   
   
5. Click on the Apple logo in the upper-right corner of the screen and select System Preferences....
   
   
   
   
6. In the System Preferences, click on Network.
   
   
   
   
7. When the network window opens, click on the + icon in the lower-left corner (you must have administrator privileges).
   
   
   
   
8. A new window will pop up. Fill in the information as so:
   Interface: select VPN from the drop-down menu. 
   VPN Type: select IKEv2.
   Service Name: type any name you want. We recommend that you name the service NordVPN (IKEv2).
   
   
9. After you have filled in the required fields, click Create:
   
   
   
   
10. The settings for the new VPN connection will now be displayed. In the Server Address and Remote ID fields, type the hostname of a NordVPN server.
    
    
    
    For this tutorial, we used the hostname of server NL#37, but you should connect to a server suggested to you.
    
    

Follow the steps below to find the best server for your connection:

1. Log into your Nord Account, and click NordVPN.
   
   
    
2. Scroll down to Advanced Settings and click Set up NordVPN manually.
   
   
    
3. Select the Server recommendation tab. According to your location, the best server will be recommended.
   
   
    
4. By pressing Advanced filters you can further customize the recommended servers by selecting the Server type and the Security protocol.
   
   
   
   
    

11. Click on Authentication Settings…. Select Username as the Authentication method, then type in your NordVPN service username and password. Click OK and then Apply.
    
    

Follow the steps below to find the service credentials for manual connection setup:

1. Log into your Nord Account, and click NordVPN.
   
   
    
2. Scroll down to Advanced Settings and click Set up NordVPN manually.
   
   
    
3. Select the Service credentials tab, where you'll find the Username and Password needed to connect manually.
   

12. After you've set up authentication information, check the Show VPN status in menu bar box (optional), click Connect and then Apply.
    
    

You should now be connected.

If you have checked the Show VPN status in menu bar box, you’ll be able to connect to your VPN from the status bar: