How to set up IKEv2 manual connection on macOS

In this tutorial, you will learn how to set up a manual IKEv2 connection on your macOS device. IKEv2 can help you connect to Surfshark servers in restricted network countries or on older macOS versions.

You will need a device running macOS and an active Surfshark subscription. You can find the available plans on Surfshark’s pricing page.


Here are the steps that we will go through:

  1. Get your credentials
  2. Select your location
  3. Install the certificate
  4. Connect to the VPN
  5. Ensure your connection was successful


Get your credentials

NOTE: These are not your regular credentials, such as your email address and password.

  1. Enter the Surfshark login page and log in. Then, click on VPN > Manual setup. This is the page where all the details required from the manual connection are stored.

  2. Click Desktop or Mobile > IKEv2. Proceed to the Credentials tab.

NOTE: Keep this tab open as we'll need it for later.


Select your location


  1. On the same page, go to the Locations tab.

  2. Select which location you wish to connect to and click on the name of the location.

  3. In the new pop-up, copy the address of the server by pressing the copy button.


Install the certificate


  1. Go to VPN > Manual setup > Desktop or mobile > IKEv2 and click on the Locations tab.

  2. Scroll down until you see the IKEv2 certificate under Other configuration files. Click on the IKEv2 certificate to download the certificate file.

  3. Once you download the certificate file, you can open it right away. Find it in your Downloads folder and double-click it.

  4. You will receive a keychain inquiry asking for your permission to add the IKEv2 Surfshark certificate to your login Keychain. Click Add.

  5. Open your Keychain application afterward and locate the Surfshark Root CA certificate on the list. Right-click on it and select Get Info.

  6. Press the triangle next to the Trust directory and select Always Trust next to When using this certificate. If you are required to enter your Mac password, please do so. Then, close the Keychain.


Connect to the VPN


  1. To begin the setup process, please access System Preferences and select Network.

    To access System Preferences, type System in the Finder and press Enter.

  2. In the Network window, click the "+" icon and enter the required settings.

    Interface: VPN
    VPN Type: IKEv2
    Service Name: You can select any name you prefer.

    Click Create afterward.

  3. New fields for the configuration will appear, which you will also need to fill out.

    Server Address and Remote ID: input the domain address that you copied (refer to the Select your location section in this guide). Input the domain address in both of the fields.

  4. After that, click on the Authentication Settings... button, select Username as the authentication method, and enter your Surfshark service credentials(refer to the Get your credentials section in this guide). Click OK and then Apply the settings.

  5. Click Connect to establish a connection to one of Surfshark's servers. You can see in the screenshot below that it is connected. Also, make sure to leave a checkmark on the "Show VPN status in menu bar" box.

  6. Since you checked the Show VPN status in menu bar box, you can now easily control your connectivity with a few clicks straight from the menu bar.


Ensure the connection is successful


We always recommend checking if Surfshark VPN is working after setting it up for the first time. You can easily do it by performing Surfshark IP leak test and a DNS leak test. For your convenience, both are available on our website.


You may also be interested in:

Was this article helpful?
Thank you for your feedback!