The IKEv2/IPSec connection method is one of the alternative ways to connect to NordVPN servers on your macOS. This connection method is preferred by privacy enthusiasts as well as Apple itself, as the IKEv2/IPSec security protocol is currently one of the most advanced on the market. That said, this manual set-up lacks the additional features of the native NordVPN app and is a bit more complicated to set up. Alternatively, you can use the IKEv2 application, which you can download from the App Store.
If you are using the latest macOS Ventura version, follow the guide here.
Manual connection setup
1. First, download the NordVPN IKEv2 certificate to your macOS. The easiest way is to click this link on your macOS device.
Once downloaded, open the certificate file in the Downloads folder.
2. The Add Certificates window will appear. Click Add to add the certificate to the login keychain.
3. Right-click the NordVPN Root CA certificate in the login keychain and select Get Info.
4. Under When using this certificate, set the IP Security (IPSec) and Extensible Authentication (EAP) fields to Always Trust. Leave all other fields as Never Trust. You will have to enter your Mac password to make these changes. Once done, close the keychain.
5. Click on the Apple logo in the upper-right corner of the screen and select System Preferences....
6. In the System Preferences, click on Network.
7. When the network window opens, click on the + icon in the lower-left corner (you must have administrator privileges).
8. A new window will pop up. For Interface, select VPN from the drop-down menu. For VPN Type, select IKEv2. In the Service Name field, type any name you want. We recommend that you name the service NordVPN (IKEv2). Click Create.
9. The settings for the new VPN connection will now be displayed. In the Server Address and Remote ID fields, type the hostname of a NordVPN server.
For the sake of this tutorial, we used the hostname of server NL#37, but you should connect to a server suggested to you at https://nordvpn.com/servers/tools/. You will find the server hostname right under the server title.
10. Click on Authentication Settings…. Select Username as the Authentication method, then type in your NordVPN service username and password. Click OK and then Apply.
You can find your NordVPN service credentials (service username and password) in the Nord Account dashboard. Copy the credentials using the “Copy” buttons on the right.
11. Check the Show VPN status in menu bar box (optional), click Connect and then Apply.
12. That’s it! You should now be connected. If you have checked the Show VPN status in menu bar box, you’ll be able to connect to your VPN from the status bar