Two main ways to install a VPN on macOS
When it comes to VPNs, you have a choice: either do it manually or allow a pre-configured VPN service to do most of the job for you.
- Download a VPN service (for example, Surfshark) with a built-in VPN client, thousands of servers, and smooth functionality. VPN providers work hard to make their apps as user-friendly (and newbie-friendly) as possible.
- Set up a VPN manually using Apple’s built-in VPN support. While downloading and setting up a VPN app is intuitive and takes just several clicks, configuring a VPN manually is a lengthier process.
Both methods get similar results, but they’re not the same. What’s the difference then?
Let’s get into the next section.
Manual vs. automatic VPN setup: Which one is better?
To answer the question of whether it’s better to install a ready-to-go VPN app or do it all manually, I have to know the situation you’re in. Sounds weird? Let me explain.
When to choose a manual VPN setup on Mac?
- If you live in a restrictive regime. Countries like Russia and China strictly monitor VPN use and ban many popular VPN providers from operating within country borders. A manually configured VPN could be a way for people to have at least some privacy online. It’s not a guarantee that it’ll work 100% of the time, but it’s worth a try.
- To make sure you’re still protected when a VPN app stops working. If a VPN app crashes, but you want to be connected to a VPN at all times, this could be a safe plan B.
Why is a pre-configured VPN app a better option for Mac?
- Downloading a ready-to-use VPN app takes less time and allows the users to tinker app settings to their liking.
- Pre-configured VPNs come with hundreds or thousands of servers that users can switch through in a matter of seconds. A manual configuration makes changing servers a time-consuming task because every server has to be set up separately.
- VPN apps have additional features that make the browsing experience safer; for example, a Kill Switch. Surfshark also offers unlimited simultaneous connections for one account.
How to choose the best VPN for macOS?
When it comes to choosing the right VPN, there are several factors that you should carefully assess.
- Privacy. The lack of privacy online is the reason VPNs exist. Make sure to choose a no-log VPN – a reputable provider will not collect and sell your personal information, no matter how innocent or harmless the intention sounds (e.g., marketing purposes).
- VPN speed. There are a lot of speculations online regarding VPN speed. Some claim that virtual private networks slow down the internet, but it’s not true for most top VPN providers, like Surfshark, for example. Having a fast VPN is crucial because no one wants to go back in time and suffer constant loading and buffering.
- Server locations. It’s simple – the number and variety of server locations ultimately determine VPN’s speed and capacity. The more, the merrier.
- Content accessibility. Geo-blocking affects everyone on earth. When you go for a VPN, pick the one that unblocks multiple Netflix libraries, Disney+, BBC iPlayer, HBO, sports channels, etc.
Install a VPN app on your Mac
You’ve probably installed an app or a program on your Mac before. A VPN installation works the same.
1. Go to Mac’s App Store (Launchpad -> App Store).
2. In a search bar, type in a VPN of your choice, e.g., Surfshark.
3. Install the app by following macOS instructions.
4. Create an account or log in if you’re already registered.
5. Connect to a preferred server location. A lot of VPN providers have a function that finds the fastest server for you and automatically connects to it. Just open the app and click Connect.
6. You now have a fully functioning VPN with all of its features! You can configure the app settings to your preference, but it’s not necessary.
By the way, besides going to the Mac App Store, there’s also an option to download the app for your Mac straight from your VPN provider’s website.
Now, before jumping straight into setting up a VPN manually, you should be up to speed about what VPN protocols are and what role they play in your online privacy and security.
Why do you need that? Because if you plan to configure a VPN connection manually, you’ll have to choose a VPN protocol. To make the right decision, you should know how to differentiate between them. So, that’s what I’m going to cover next.
Before the manual setup: Quick guide to VPN protocols
Here’s a quick rundown of the VPN protocols:
- They’re essential to VPN functionality. Without getting too much into details, protocols make sure your data travels safely when you’re connected to the internet.
- There are different VPN protocols, and they all vary in the level of security and speed.
- IKEv2 and OpenVPN protocols are two of the most secure and speedy in the industry. You’ll most likely come across these the most often.
- There are also outdated VPN protocols like L2TP and PPTP. Since they’re not secure, Surfshark doesn’t even offer them as an option to the users. This is why I’m not going to cover L2TP connection in this article – you’re better off choosing newer protocols.
In this guide, I’m going to show you how to set up IKEv2 and OpenVPN connections on your Mac manually.
IKEv2 – very fast, secure, and works best when connecting to nearby servers. IKEv2 is usually set as a default protocol when you download a VPN on macOS, iOS, Android, Windows, and FireTV.
OpenVPN – fast, secure, and open-source, meaning different security professionals worldwide contribute to its development. It works best when connecting to long-distance servers.
Set up IKEv2 connection on your Mac
If you’ve made up your mind to set up a VPN on macOS manually, IKEv2 is the way to go. As you’ll see later on, OpenVPN requires a third-party app, so this method is quicker.
- Get the IKEv2 certificate from your VPN provider. Since I’m using Surfshark as an example, go here. Once logged in, you should see this page:
Scroll down until you come across Other configuration files. Select the IKEv2 certificate and click on it. The download will start.
2. Find the certificate in your downloads folder and open it.
3. Click Add (Keychain: login), and the certificate will be added to a keychain.
4. In the Keychain Access window, find Surfshark Root CA, right-click on it, and select Get info.
5. Open Trust and select Always Trust on When using this certificate.
6. Go to System Preferences -> Network.
System Preferences are in the Launchpad
7. In the Network window, click the + icon in the bottom left corner. Type in this:
VPN type: IKEv2
Service Name: Put in anything you want. Make sure you’ll recognize it later. I’m naming it Surfshark (IKEv2).
8. Now enter the hostname of any VPN server. Find all servers on your VPN provider’s website. For Surfshark, click here and scroll to Get configuration files. You should see something similar to this:
For the best speeds, choose the server that’s recommended for you.
For this tutorial, I’m choosing Chicago in the USA.
Copy the address and put it in the Server Address and Remote ID lines.
9. For the next step, you’ll need to collect your service credentials. Again, find them on this page. Scroll all the way down and keep the window open for the next step because you’ll need to copy and paste them.
10. Now, click Authentication Settings… and put in the credentials that you got in the previous step.
Click OK, then Apply. On the same window, tick the Show VPN status in menu bar.
This will allow you to control your VPN connections easily.
11. To finish it off, simply click Connect on the connection you just created. Once it’s connected, it should look like this:
And you’re done with IKEv2 connection!
Set up OpenVPN connection on your Mac
To set up OpenVPN on macOS, you’ll need to download Tunnelblick. It’s a free program that functions as a bridge connecting you to the VPN servers using OpenVPN. The application is supported by macOS 10.4+.
Strap in, and let’s get into the setup guide.
1. Download Tunnelblick from their website.
2. Get the OpenVPN configuration files from your VPN provider. For Surfshark, you’ll find them here. Scroll down to Other configuration files and click on OpenVPN.
3. Now, back to Tunnelblick. Find the file in your Downloads folder and start the installation by clicking on it.
4. Double-click on Tunnelblick when you get this pop-up window.
5. Click Open when another window pops up asking if you want to open it.
6. Install the program by following installation instructions.
7. Unzip the Surfshark_Config.zip file. There’s now a folder called Surfshark_Config.
This is a list of all the server locations. The first two letters indicate the country.
8. I’ve chosen a server in New York. Double-click on it and select Only me.
9. Click the Tunnelblick icon in the menu bar on the top right side of the screen and tap the Configuration you’ve just installed.
10. You’ll have to type in your service credentials from the Manual connection guide. (As I’ve mentioned before, I’m using Surfshark as an example. The page you get credentials from will vary depending on your VPN provider). Scroll down to the bottom of the page and collect your credentials.
11. Copy and paste the Username and Password. It should look like this:
Tick Save in Keychain if you want your computer to remember these credentials. Click OK to finish.
12. Now, check if you’re connected by clicking on the Tunnelblick icon in the menu bar again. This is also where you can disconnect from OpenVPN connection whenever you want.
Congratulations, you’ve set up an OpenVPN connection on your Mac!
If you have any questions regarding the setup (either IKEv2 or OpenVPN), don’t hesitate to contact our team of experts at Customer Success!
To sum it up
Here’s the takeaway: If you want to configure a VPN connection on your Mac manually (e.g., you live in a country where the government doesn’t trust VPNs), go on and do it with the help of this guide.
However, I suggest always going for a ready-to-roll VPN app. The installation is as simple as it gets, not to mention that you get all the advantages of a manual config AND then some more.
The choice is yours.