Consumers are more concerned about their privacy than ever before, and virtual private networks (VPNs) are one of the simplest and most effective methods of improving your security when using the internet. While a VPN can’t protect you from every potential threat, it will hide your activity from your internet service provider (ISP) as well as anyone else on your network.

In this article, we’ll explain how to set up a VPN on Mac as well as how to find a VPN provider that matches your needs. Most VPN users rely on preconfigured services, but you can also set up a VPN yourself if you want more control over your configuration. We’ll cover the steps involved in both cases, so keep reading if you’re wondering how to configure a VPN on your Mac.

Before Creating a VPN on Your Mac

The first step in setting up a new Mac VPN is deciding whether you want to use a preconfigured VPN or go through the process of setting it up on your own. Preconfigured VPNs offer applications — also called clients — that allow the user to manage their VPN connection and adjust a variety of settings. With a preset VPN, you’ll download the client, adjust any configuration options you want to change, and then connect to the VPN.

Meanwhile, manual setups involve connecting to the VPN’s servers through the System Preferences app. You’ll need to add your provider’s certificate to your computer in System Preferences and enter some details about their servers along with your own credentials.

The main advantage of a manual configuration is that you won’t need to download any third-party software. However, that also means that you’ll be performing certain tasks that are usually automated by the VPN client. As mentioned above, this isn’t as intimidating as it sounds, but it’s still more complex and time-consuming than downloading and installing a preset VPN.
Choose a VPN App or Service for Mac
After you’ve decided on a preconfigured platform or a manual VPN configuration, you’re ready to determine which VPN service you want to use. VPNs have become more popular during the past few years, so Mac users have access to a wide range of reliable providers.

Unfortunately, that can also make this step feel overwhelming. With so many options available, it’s not always easy to determine which one is right for you. While your criteria will likely depend on what you’re planning to use the VPN for, these are some of the most important factors to consider in a new VPN service.

Speed

A good VPN will have little to no effect on your connection, but some providers may reduce your speed or have a negative impact on your connection’s reliability. If you have the opportunity to start with a free trial, use that time to test out some servers and see how they affect your internet speed. Regardless of the other features included, you won’t want to use a VPN that slows down your traffic.

Privacy

VPNs are all about keeping your information safe, but different VPNs have very different approaches to security and privacy. Free VPNs are particularly notorious for storing and even selling user data as part of their business model, essentially defeating the purpose of downloading a VPN in the first place.

In general, you’ll want to look for a VPN with a no-logs policy. These policies clarify that they won’t store any information about your activity. Unfortunately, some VPNs that claim to have no-logs policies have been caught storing information or providing data to law enforcement.

If you’re serious about privacy, consider using a VPN that’s either open-source or has been through an independent security audit. Privacy-focused VPNs sometimes allow independent security organizations to test their app and look for vulnerabilities. This lends more credibility to their privacy claims and ensures that they aren’t hiding any weak points from their customers.

Some providers also offer a kill switch, which will stop all internet traffic automatically if the VPN cuts out — preventing your activity from being vulnerable during the outage. Without a kill switch, your traffic could be temporarily exposed following any connection issues.

Server Locations

One of the most common use cases for Mac VPNs involves streaming regionally locked content. If you want to view content that’s only available in a particular country, make sure to find a VPN that offers servers in that location.

Of course, the sheer volume of servers isn’t the only consideration. A higher number offers a certain measure of redundancy, but you should also test out those servers to confirm that they provide a decent connection. Most reputable VPNs have hundreds if not thousands of servers, so quality is typically more important than quantity.

VPN Provider Price Free trial Logging Policy Security Audit? Server Count Device Limit
NordVPN Starts at $11.95/month, $3.71/month when paid for 2 years in advance 30-day money-back guarantee No Yes 5,431 in 59 countries 6
Mullvad Starts at approximate $6, 10% off when paid in bitcoin or bitcoin cash 30-day money-back guarantee No Yes 754 in 36 countries 5
ExpressVPN Starts at $12.95, $8.32 when paid for 1 year in advance 30-day money-back guarantee No Yes 3,000+ in 94 countries 5

Select a VPN Protocol for Mac

While most users rely on preset VPNs to protect their internet traffic, Apple offers built-in support for manual VPN configurations on Big Sur and other recent versions of macOS. You can currently create manual VPN setups using the OpenVPN, IKEv2, L2TP, and Cisco protocols. In this section, we’ll cover some key information about each protocol and help you decide which one is best for your use case.

OpenVPN

OpenVPN is a VPN system that’s available for macOS 10.8 as well as some versions of Windows, iOS, Android, and Linux. It’s entirely free to use, and it’s a common protocol that’s used by numerous popular providers, including ExpressVPN, NordVPN, Mullvad, IPVanish, and more. OpenVPN also relies on OpenSSL for encryption, so it supports AES 256-bit encryption as well as other leading security measures.

Unfortunately, OpenVPN isn’t supported in Mac VPN configurations without a client. Tunnelblick is a free application that’s designed to facilitate easy OpenVPN setup on macOS. The other protocols on this list can be integrated within System Preferences, streamlining setup and minimizing the risk of any issues.

With that being said, Tunnelblick is relatively simple to use, so you don’t need any technical knowledge or experience to use OpenVPN on Mac.

OpenVPN is also particularly powerful when it comes to getting around firewall controls due to its compatibility with both transmission control protocol (TCP) and user datagram protocol (UDP) ports — in other words, it can connect to a wider range of ports than some other VPN protocols that only work with UDP ports. IKEv2, for example, is limited to UDP ports 500 and 4500, so it won’t work on networks with firewalls on those ports.

Internet Key Exchange version 2 (IKEv2)

In contrast to OpenVPN, IKEv2 is natively compatible with macOS and can be configured through System Preferences. Other than the VPN provider itself, you won’t need any additional software or subscriptions to get started with IKEv2 on your Mac. This makes it much simpler to set up — we’ll cover the details of an IKEv2 configuration later on in the article.

One downside to IKEv2 compared to OpenVPN is that it only supports UDP ports and isn’t compatible with TCP. This can make it a less-attractive option for users looking for a VPN to get around restrictive firewalls. Like OpenVPN, IKEv2 uses AES 256-bit encryption and is a highly secure protocol for nearly any use case.

Layer 2 Tunneling Protocol (L2TP)

L2TP is another popular VPN protocol that’s easy to set up through System Preferences. Since it doesn’t offer any native encryption, it runs over the IP security (IPsec) protocol to ensure security. IPsec supports the same AES 256-bit encryption that’s available with OpenVPN, IKEv2, and Cisco (more on that protocol later).

L2TP is also similar to IKEv2 in that it’s limited to UDP ports and can’t be set up with TCP to get around firewalls. Without getting too deep into the technical side of the protocol, L2TP encapsulates data twice and can therefore be slower than other protocols would be in the same context. In practice, however, you may or may not experience a noticeable difference between L2TP and the other protocols listed.

These are a few of the best options for the most popular VPN protocols in 2021:

Protocol OpenVPN IKEv2 L2TP
TCP Ports? Yes No No
AES 256-bit Encryption? Yes Yes Yes
Native Mac Support? No Yes Yes
Best Provider ExpressVPN NordVPN CyberGhost

Connect to a VPN on Mac: Step-by-Step Guide

In this section, we’ll walk you through everything that’s involved in getting started with your new VPN, whether you’re planning to use a preconfigured service or configure your own setup. While setting up a VPN manually might sound complicated, you can get it done in less than an hour by following the steps below.

Preconfigured VPN on Mac

Your specific configuration steps will likely depend on the preset VPN you’re using, but most use a similar setup process. Check your provider’s website if you have any specific questions about their configuration.

1. Download and Install the Mac Client

After creating an account and opening a new subscription, you’ll download your provider’s Mac VPN client and start protecting your internet activity.

The NordVPN client, for example, can be downloaded directly from the Apple App Store. While you won’t need a subscription to install the app itself, you won’t be allowed to use the VPN service until you pay for a NordVPN plan. Other providers may require you to set up an account before downloading the client.

2. Adjust Settings

You can move on to step 4 if you want to use your client’s default settings, but you may want to adjust certain configuration options before connecting to the VPN. Mullvad offers various settings, including IPv6 communication, local network sharing, open at startup, and an automatic kill switch. Depending on your provider, you may have access to some or all of these features along with other tools that aren’t available with Mullvad.

3. Select a Server

Once you’ve logged into your account in the VPN app, you should see either a list of available servers or a map of their locations. After changing any settings, you’re ready to click on the server you want to use and get started with your new VPN. The Mullvad client, for example, can be accessed from the toolbar on the top of your screen. Don’t hesitate to try another server if you notice any slowdowns, downtime, or other technical issues.

Mac-VPN-Location

Set up VPN on Mac Manually

Why Set Up a VPN on Mac Manually

The first and most obvious reason to create a manual VPN configuration is to get around VPN restrictions in your location. This isn’t much of an issue for American users, but readers in other countries may not have access to popular VPN providers like the ones mentioned above. If you’re struggling to get around network blocks and other forms of censorship, setting up a VPN manually could provide the same security without the need for a publicly available VPN app.

Manual VPN configurations also offer you more control over the details of your setup compared to what you can get from a VPN provider. While different providers cater to different needs, manually setting up a VPN gives you the opportunity to configure nearly every aspect of your configuration, including your choice of protocol. Furthermore, manual configuration isn’t as complicated as it seems — you can get things up and running surprisingly quickly.

How to Set Up a VPN on Mac Manually

Setting up your own VPN doesn’t have to be particularly time-consuming, but it’s undoubtedly more complicated than simply using a preset configuration from an existing VPN provider like NordVPN, Mullvad, or ExpressVPN. In this section, we’ll walk through the steps involved in setting up a VPN on a Mac — while this guide will use Big Sur as a reference, the process should be similar for any recent release of macOS.

Even if you’re planning to set up your VPN manually, you’ll still need access to a server to protect your traffic. Again, the steps can vary slightly depending on the provider you’re using. While we walked through the Mullvad setup process in the last section, our manual setup guide will cover a NordVPN configuration, which uses the IKEv2 protocol mentioned above.

1. Download the VPN Certificate

First, you’ll need to acquire the NordVPN IKEv2 certificate from the provider’s website — you can use this link for a direct download. If you’re using another provider or protocol, check their website for their certificate location. Regardless of the provider, the certificate should show up in your Downloads folder, accessible from the Dock or by entering Command+L in the Finder app.

2. Add the Certificate to Your Computer

Mac VPN CA

From there, open that file and confirm that you want to add the certificate to your keychain. The NordVPN guide recommends marking Extensive Authentication and IP Security as “Always Trust” while selecting “Never Trust” for every other option.

3. Add the VPN in System Preferences

At this point, you’re ready to add the VPN to your computer through the Network section of the System Preferences app. Keep in mind that you’ll need administrator permissions to make any changes to VPN configurations. After selecting Network, click the plus sign in the lower-left corner and choose “VPN” from the dropdown menu.

4. Enter Configuration Details

From there, the app will ask you to select the protocol you’re using and enter the name of the service. The Service Name field won’t affect your VPN, so feel free to use any name you want.

After selecting a protocol and typing in the Service Name, enter the Server Address and Remote ID as instructed by your provider. NordVPN subscribers should enter the hostname of the server they want to use in their new configuration. You’ll also need to type in your credentials under Authentication Settings — if you’re using NordVPN, you can find these in your account dashboard under NordVPN and then Advanced Configuration.