VPN software developed for macOS generally favors IKEv2 as the default protocol. This contrasts with Windows, Android and Linux VPN software which generally support VPNOnlineFree by default.
Indeed, strict guidelines from Apple developers exclude the use of the VPNOnlineFree open source protocol on all Apple devices. And if you want to develop an application for both Apple platforms, it makes sense to rely on a shared code base.
In this article, we are going to show you how to manually configure IKEv2 on your Macbook, iMac or Mac Mini. We have also Explain the advantages and disadvantages of using IKEv2 on other protocols, such as VPNOnlineFree, and list the best IkEv2 VPNs for Mac.
What is IKEv2?
IKEv2 is a VPN * protocol used to secure your VPN connection. Its position as a new kid-on-the-VPN block has recently been usurped by WireGuard, but it is widely regarded as a secure, efficient and state-of-the-art VPN protocol.
How to configure IKEv2 on a Mac manually
It’s usually best to use the custom Mac app from a VPN provider, as these are usually accompanied by additional bells and whistles, such as a stop switch, IP leak protection, a ” WiFi protection ”, blocking of DNS advertisements, etc.
But if you prefer to run Lean and say without needing to download a third-party VPN application, most VPN services provide the IKEv2 settings you will need to configure the built-in macOS VPN client. Note that you can use the IKEv2 settings provided for any other platform to configure IKEv2 on your Mac.
- Go to System Preferences -> Network. Click it + button and select Interface: VPN in the pop-up dialog. To choose IKEv2 as the VPN type and choose the service name you like – or just leave the “default VPN (IKEv2)”.
Fill in the IKEv2 settings provided by your VPN service.
The built-in macOS VPN client has no form of protection against WebRTC leaks, so you have to manually deactivate WebRTC in your browser.
Best IKEv2 VPNs for Mac
These are the best VPNs offering IKEv2 Mac users. If you need more information on any of the services listed below, please click on the provider’s website or check out our detailed VPN reviews.
ExpressVPN is based in the British Virgin Islands and is one of the best known names in the VPN industry. Notable for the pioneering features that are considered industry standard, such as 24/7 live chat support and a 30 day money back guarantee, ExpressVPN is also known for its ability to unblock websites censored by the Great Firewall of China.
Its Mac application uses IKEv2 by default (via the built-in macOS VPN client), but also supports VPNOnlineFree and L2TP / IPsec. It also includes a split tunnel to manage VPN connections on a per-app basis, and “Network Lock” – a firewall that prevents IP leakage and acts as a kill switch. The only thing to note is that ExpressVPN does not support manual IKEv2 configuration on any platform.
Otherwise, ExpressVPN is great for unlocking a wide range of popular streaming services (including US Netflix and BBC iPlayer), is regularly at the top of our speed test charts, allows 5 devices to connect simultaneously, runs servers in 94 countries (all using RAM disks only), and have no problems with the torrent.
CyberGhost is a Romanian newspaperless VPN service that gives its customers a lot for their money. Its Mac application uses IKEv2 exclusively and has an “integrated” system-level circuit breaker and IP leakage protection. The app also offers a number of special “login features,” such as blocking ads, trackers, and malicious domains based on DNS.
It also guarantees that a secure HTTPS connection is established if the domain supports HTTPS at any level (similar to the famous browser extension HTTPS Everywhere). However, it does not support WiFi splitting and protection features found in CyberGhost applications for other platforms, and no parameters are provided for manual IKEv2 configuration.
CyberGhost manages servers in 90 different countries, authorizes up to 7 simultaneous connections, authorizes the torrent on all its servers, and is a key partner in unlocking the most popular streaming services (including US Netflix).
Surfshark is a relatively new VPN service based in the British Virgin Islands and offering excellent value for money. This complete Mac application, for example, operates the built-in IKEv2 client of macOS and has a stop switch, WiFi protection on unknown networks, DNS and ad blocking and NoBorders VPN obfuscation technology. You can also use the MultiHop function of Surfshark to route your connection via two servers to its servers from the Mac application.
Surfshark offers servers in more than 60 countries, is excellent at unlocking streaming services such as US Netflix, BBC iPlayer and Amazon Prime, and allows torrenting on all servers. There is no limit to the number of devices you can connect at the same time and, of course, as a premium service (if it is cheap enough), it offers a 30-day money back guarantee and 24/7 Live Chat support.
A manual IKEv2 configuration guide is available on the Surfshark website, but we don’t know (and we’re somewhat concerned) why it requires you to install a root CA certificate. So it’s best to avoid it – just use the custom app instead.
VyprVPN is a long-standing VPN service that has its own network of servers, which is good news for speed performance and privacy (since there is no need to trust third-party server centers). And a recent transfer from the United States to Switzerland gives a welcome boost to their privacy credentials. VyprVPN is, in fact, now the only VPN provider on the market to have its log-free claims fully audited independently.
The mac OS VyprVPN application defaults to IKEv2 (taking advantage of the macOS client), but also allows you to choose VPNOnlineFree or use VyprVPN’s patented “Chameleon” anti-censorship technology. The app supports DNS blocking of malicious websites and split tunneling, so you can choose which apps to route through the VPN tunnel. The VyprVPN website even includes a manual IKEv2 configuration guide for macOS (no root certification authority required)!
VyprVPN manages servers in some 70 countries, offers 24/7 customer support, a 30-day money back guarantee, authorizes up to 5 simultaneous connections, authorizes the torrent and will unlock the most popular streaming services ( including US Netflix and BBC iPlayer).
IPVanish, like VyprVPN, is a well-established newspaper-less VPN company known for having 100% of its network infrastructure, so there is no need to trust potentially unreliable third-party server centers. Unlike its competitor, however, it remains in the United States – which isn’t too much of a problem when no newspapers are kept.
IPVanish allows you to benefit from a maximum of 10 devices at the same time, offers 24/7 live chat support, and you can request a refund up to 30 days after purchase.
Exceptionally these days, his Mac application uses VPNOnlineFree by default, but you can choose to use IKEv2 instead. Unfortunately, the kill switch and IPv6 leak protection seem to be for VPNOnlineFree only. The app also supports VPNOnlineFree scrabble (XOR encryption) for those who need to hide their VPN usage. A manual IVKEv2 configuration guide for macOS is available on the website.
IKEv2 is not a real protocol
* Technically, IKEv2 is not a real VPN protocol. It is part of the suite of IPsec protocols which guarantees traffic security by putting the SA (Security Association) attribute in IPsec. As such, IKEv2 can also be correctly called IKEv2 / IPsec (IPsec alone usually refers to the use of the old IKEv1 standard).
One of the strengths of IKEv2 is its ability to easily restore a VPN connection when it is temporarily lost, such as when passing through a tunnel. It also supports the Mobility and Multihoming protocol (MOBIKE), which makes it particularly suitable for switching between networks (for example, switching between your WiFi and mobile networks when you leave your home).
IKEv2 vs VPNOnlineFree
VPNOnlineFree is a widely used VPN protocol favored by most non-Apple applications. It is less efficient than IKEv2 and therefore requires more processing power, which generally results in slower connection speeds.
VPNOnlineFree is not as effective but we think it is practically not crackable
However, the documents leaked by Edward Snowden strongly suggest that, once properly implemented, even the NSA cannot crack VPNOnlineFree. Experts believe that IKEv2 is cryptographically secure, but most encryption protocols are … until someone proves otherwise.
IKEv2 is a new protocol that was not widely used at the time of Snowden’s revelations and, therefore, is not addressed in any of the documents he has disclosed. So, although it is considered safe, it simply has not proven itself in the same way as VPNOnlineFree.
IKEv2 on Mac
As already mentioned, macOS supports the IKEv2 connection “ready to use” using its integrated VPN client (see manual IKEv2 configuration below). Most custom Mac VPN applications simply automatically configure this integrated VPN client when implementing IKEv2 connections – often adding additional functionality such as kill switch and IP leakage protection firewall.
Although most Mac VPN applications support IKEv2 by default, many also include a full VPNOnlineFree client for those who prefer the old protocol. Some Mac VPN applications support legacy PPTP and L2TP (/ IPsec) protocols, but there is no reason to choose them when IKEv2 is available.
We’re starting to see that some Mac VPN apps support the all-new WireGuard protocol, which may well be the future of VPN protocols. Mac users who like to live on the cutting edge of technology might like to try WireGuard instead of IKEv2, but although it is extending the beta version under Linux, WireGuard is still an experimental protocol when deployed in macOS, and should be treated as such.