How can we help you?

Topics
  1. Live Chat, VPN Setup, Troubleshooting | NordVPN Customer Support
  2. Connectivity
  3. macOS

How to connect to NordVPN with IKEv2/IPSec on macOS

Even though the IKEv2/IPSec protocol is no longer supported on macOS on NordVPN 8.5.0 and newer app versions, this connection method can be used as one of the alternative ways to connect to NordVPN servers if you're unable to install the application.

This setup lacks the additional features of the native NordVPN app and requires more steps to set up.

For macOS versions Sierra (10.12), High Sierra (10.13), Mojave (10.14), Catalina (10.15), Big Sur (11), and Monterey (12), please refer to the older macOS 10.12-12 section.

If you're using macOS Ventura (13), follow the macOS 13 section, and if you're using macOS Sonoma or later, check out the macOS 14-15 section.

Choose your macOS version below:

  • macOS 14-15
  • macOS 13
  • macOS 10.12-12

Manual IKEv2 connection setup for macOS Sonoma and later

The following steps will guide you on how to set up a manual IKEv2 connection on your macOS Sonoma or later device.

  1. First, download the NordVPN IKEv2 certificate to your macOS. The easiest way is to click this link on your macOS device.

    Once downloaded, open the certificate file in the Downloads folder.



  2. The Add Certificates window will appear. Click Add to add the certificate to the login keychain.



  3. In the Keychain Access window, login keychains, right-click the NordVPN Root CA certificate, and select Get Info.



    If you're struggling to find the NordVPN Root CA certificate, use the search bar at the top right.

  4. Select the Trust tab and set the IP Security (IPSec) and Extensible Authentication (EAP) fields to Always Trust. Leave all other fields as Never Trust. You will have to enter your Mac password or fingerprint to make these changes. Once done, close the keychain.



  5. Click on the Apple logo in the upper-left corner of the screen and select System Preferences....



  6. In the System Preferences, select VPN. Afterward, click Add VPN Configuration and select IKEv2...



  7. The settings for the new VPN connection will now be displayed. In the Server Address and Remote ID fields, type the server hostname of a NordVPN server.

    For the Authentication fields, select Username and fill in your NordVPN service username and password.



    For the sake of this tutorial, we used the hostname of server us8374.nordvpn.com, but you should connect to a server suggested to you. 

    Follow the steps below to find the best server for your connection:

    1. Log into your Nord Account, and click NordVPN.


       
    2. Scroll down to Advanced Settings and click Set up NordVPN manually.


       
    3. Select the Server recommendation tab. According to your location, the best server will be recommended.


       
    4. By pressing Advanced filters you can further customize the recommended servers by selecting the Server type and the Security protocol.




       
    5. Under the server IP, next to Available protocols, select IKEv2/IPSec.


       
    6. In the window that pops up, copy the server hostname and use it in your IKEv2 manual connection setup.



       
    7. When connecting to IKEv2 manually, you're going to need to use the Username and Password from the Service credential tab.



  8. After these steps, a VPN tab will appear below Network in the System Settings. After you click on it, you will see a VPN connection present. In order to connect to a VPN server, toggle the switch to the on position. To disconnect, complete the reverse action.

You should now be connected.

Manual IKEv2 connection setup for macOS Ventura

The steps below will guide you on how to set up a manual IKEv2 connection on your macOS Ventura device.

  1. First, download the NordVPN IKEv2 certificate to your macOS. The easiest way is to click this link on your macOS device.

    Once downloaded, open the certificate file in the Downloads folder.



  2. Keychain Access window will open up. Locate the NordVPN Root CA within the login section. Right-click on it and select Get Info.



  3. Under NordVPN Root CA, click on the Trust section and set the IP Security (IPSec) and Extensible Authentication (EAP) fields to Always Trust. Leave all other fields as Never Trust. You will have to enter your Mac password to make these changes. Once done, close the keychain.




     
  4. Click on the Apple logo in the upper-right corner of the screen and select System Settings....


     
  5. In the System Settings, click on Network.


     
  6. When the network tab opens, click on the arrow down icon in the lower-right corner (you must have administrator privileges) and then click on Add VPN Configuration. After that, click on IKEv2.


     
  7. The settings for the new VPN connection will now be displayed. In the Server Address and Remote ID fields, type the server hostname of a NordVPN server.



    For the sake of this tutorial, we used the hostname of server us8374.nordvpn.com, but you should connect to a server suggested to you. 

    Follow the steps below to find the best server for your connection:

    1. Log into your Nord Account, and click NordVPN.


       
    2. Scroll down to Advanced Settings and click Set up NordVPN manually.


       
    3. Select the Server recommendation tab. According to your location, the best server will be recommended.


       
    4. By pressing Advanced filters you can further customize the recommended servers by selecting the Server type and the Security protocol.




       
    5. Under the server IP, next to Available protocols, select IKEv2/IPSec.


       
    6. In the window that pops up, copy the server hostname and use it in your IKEv2 manual connection setup.


       
    7. When connecting to IKEv2 manually, you're going to need to use the Username and Password from the Service credential tab.



    1. Scroll down to Authentication and in the Type section select Username as the Authentication method. After that, type in your NordVPN service username and password. Click Create.



    2. After these steps, a VPN tab will appear below Network in the System Settings. After you click on it, you will see a VPN connection present. In order to connect to a VPN server, click on a button next to it.
    3. That’s it! You should now be connected. After clicking on VPN, you can connect to and disconnect from a VPN in the same VPN tab within the System Settings.

     

If you want to add different servers, you may also do it via the VPN tab. In order to do so, click on "Add VPN Configuration" and choose "IKEv2", afterward follow the same steps as before.



Manual IKEv2 connection setup for older macOS versions

The steps below will guide you through setting up a manual IKEv2 connection on older macOS versions, such as Sierra (10.12), High Sierra (10.13), Mojave (10.14), Catalina (10.15), Big Sur (11), and Monterey (12). Although the steps may vary slightly throughout the different versions, the principle of the setup remains the same.

  1. First, download the NordVPN IKEv2 certificate to your macOS. The easiest way is to click this link on your macOS device.

    Once downloaded, open the certificate file in the Downloads folder.



  2. The Add Certificates window will appear. Click Add to add the certificate to the login keychain.



  3. In the Keychain Access window, login keychains, right-click the NordVPN Root CA certificate, and select Get Info.



  4. Set the IP Security (IPSec) and Extensible Authentication (EAP) fields to Always Trust. Leave all other fields as Never Trust. You will have to enter your Mac password to make these changes. Once done, close the keychain.



  5. Click on the Apple logo in the upper-left corner of the screen and select System Preferences....



  6. In the System Preferences, click on Network.



  7. When the network window opens, click on the + icon in the lower-left corner (you must have administrator privileges).



  8. A new window will pop up. Fill in the information as so:
    Interface: select VPN from the drop-down menu. 
    VPN Type: select IKEv2.
    Service Name: type any name you want. We recommend that you name the service NordVPN (IKEv2).

  9. After you have filled in the required fields, click Create:



  10. The settings for the new VPN connection will now be displayed. In the Server Address and Remote ID fields, type the hostname of a NordVPN server.



    For this tutorial, we used the hostname of server NL#37, but you should connect to a server suggested to you.

    Follow the steps below to find the best server for your connection:

    1. Log into your Nord Account, and click NordVPN.


       
    2. Scroll down to Advanced Settings and click Set up NordVPN manually.


       
    3. Select the Server recommendation tab. According to your location, the best server will be recommended.


       
    4. By pressing Advanced filters you can further customize the recommended servers by selecting the Server type and the Security protocol.




       
    5. Under the server IP, next to Available protocols, select IKEv2/IPSec.


       
    6. In the window that pops up, copy the server hostname and use it in your IKEv2 manual connection setup.


       
    7. When connecting to IKEv2 manually, you're going to need to use the Username and Password from the Service credential tab.



  1. Click on Authentication Settings…. Select Username as the Authentication method, then type in your NordVPN service username and password. Click OK and then Apply.



Follow the steps below to find the service credentials for manual connection setup:

  1. Log into your Nord Account, click NordVPN, and, under Manual setup, click on Service credentials. Here you'll find the Username and Password needed to connect manually.



  1. After you've set up authentication information, check the Show VPN status in menu bar box (optional), click Connect and then Apply.

You should now be connected.

If you have checked the Show VPN status in menu bar box, you’ll be able to connect to your VPN from the status bar:


 

Was this article helpful?
Thanks!

Related articles