How to set up IKEv2 manual connection on macOS

This guide will cover the necessary steps of configuring the IKEv2 manual connection with Surfshark on your macOS device. IKEv2 can help you connect to Surfshark servers in restricted network countries or on older macOS versions. 


Here are the steps that we will go through:


You will need a macOS device and an active Surfshark subscription to follow along.



Get your credentials


  1. Open this page and copy the Username and Password.



Select your location


  1. Now you will need to switch from the Credentials tab to the Locations tab.

  2. Select which location you wish to connect to and click on the name of the location.


  3. In the new pop-up, copy the address of the server.



Install the certificate


  1. Go to VPN -> Manual setup -> Manual -> Files.

  2. Scroll down until you see the IKEv2 certificate under Other configuration files. Click on the IKEv2 certificate to download the certificate file.


  3. Once you download the certificate file, you can open it right away. Click on the arrow pointing up.


  4. Clicking on it will bring up a small menu. Click Open.


  5. You will receive a keychain inquiry asking for your permission to add the IKEv2 Surfshark certificate to your keychain. Click Add.


  6. Open your Keychain application afterward and locate the Surfshark Root CA certificate on the list. Right-click on it and select Get Info.


  7. Press the triangle next to the Trust directory and select Always Trust next to When using this certificate. If you are required to enter your Mac password, please do so. Then close the Keychain.



Set up the connection


  1. To begin the setup process, please access System Preferences and select Network.


    To access System Preferences, type "System" in the Finder and press Enter.


  2. In the Network window, click the "+" icon and enter the required settings.


    Interface: VPN
    VPN Type: IKEv2
    Service Name: You can select any name you prefer.

    Click Create afterward.

  3. New fields for the configuration will appear, which you will also need to fill out.


    Server Address and Remote ID: input the domain address from the "Select your location" step. Both of these fields are identical so put the same domain address there.

  4. After that, click on the Authentication Settings... button, select Username as the authentication method and enter your Surfshark service credentials from the "Get your credentials" step. Click OK and then Apply the settings.


  5. Now click Connect to establish a connection to one of Surfshark's servers. You can see in the screenshot below that it is connected. Also, make sure to leave a checkmark on the "Show VPN status in menu bar" box.


  6. Since you checked the "Show VPN status in menu bar" box, you can now easily control your connectivity with a few clicks straight from the menu bar.



Make sure your connection was successful


It's always recommended to check whether your connection was successful after setting up a VPN for the first time. This can be easily done by doing an IP leak test and a DNS leak test which is available on our website. Click here to find out how to make sure your connection was successful.


Congratulations! You have successfully set up an IKEv2 manual connection to Surfshark servers! As long as you’re connected, your location is private, and your sensitive data is secure.



You may also be interested in:

Was this article helpful?
Thank you for your feedback!