This guide will show you how to set up a manual IKEv2 connection on your macOS device. IKEv2 can help you connect to Surfshark servers in restricted network countries or on older macOS versions.
To proceed, you will need a computer running macOS and an active Surfshark subscription. If you don't have one yet, you can find the available plans on Surfshark's pricing page.
Get your credentials
NOTE: These are different from the email and password you use to log into your account dashboard or the app.
-
Log in to your account on Surfshark website.
NOTE: If you have any trouble accessing the page, you can also use this link or this link. -
Click on VPN and select Manual Setup:
-
Click Desktop or mobile:
-
Click IKEv2 to generate your credentials:
-
Once there, you can copy the username and the password by clicking the icon. You will need to paste these credentials later in the guide.
For now, keep this browser tab open, as we will return to it shortly.
Download configuration files
NOTE: For the following steps, we recommend opening a new tab in your browser.
-
Log in to your account on Surfshark website.
NOTE: If you have any trouble accessing the page, you can also use this link or this link. -
Click on VPN and select Manual Setup:
-
Click Desktop or mobile:
-
Click IKEv2:
-
Click Locations:
-
From the location list, find the server you wish to connect to and click the Download button beside it:
-
For now, keep this browser tab open, as we will return to it shortly:
Install the certificate
NOTE: For the following steps, we recommend opening a new tab in your browser.
-
Log in to your account on Surfshark website.
NOTE: If you have any trouble accessing the page, you can also use this link or this link. -
Click on VPN and select Manual Setup:
-
Click Desktop or mobile:
-
Click IKEv2:
-
Click Locations:
-
Scroll down to Other configuration files and locate the IKEv2 certificate. Click the download button to download the certificate file:
-
Once the certificate is downloaded, open it directly or locate it in your Downloads folder and double-click the file:
-
A Keychain Access prompt will appear asking for permission to add the Surfshark IKEv2 certificate to your login keychain. If prompted, enter your Mac credentials and click Add:
-
Now open the Keychain Access application:
-
Locate the Surfshark Root CA certificate in the list, then right-click it and select Get Info.
NOTE: If you’re unable to locate the certificate in Keychain Access, drag the certificate file directly from your Downloads folder into the Keychain Access window.
-
Expand the Trust section by clicking the triangle. Next to When using this certificate, select Always Trust:
- If prompted, enter your Mac password to confirm the change, then close Keychain Access.
Connect to the VPN
-
Click the Apple menu and select System Settings:
-
Click Network in the left‑hand sidebar:
-
Click VPN & Filters:
-
Click the arrow icon and select IKEv2:
- You may be prompted to enter your device (administrator) credentials.
-
A configuration window will appear. Fill the fields in as follows, then click Create:
-
- Display Name: Enter any name you’d like for the VPN connection.
- Server Address: Enter the domain address you copied earlier (see the Select your location section of this guide).
- Remote ID: Enter the same domain address as above.
- Local ID: Leave this field empty.
-
User Authentication: Select Username and enter the VPN username and password you copied earlier (see the Get credentials section of this guide).
NOTE: These are not your computer’s username and password.
-
-
Locate the newly created VPN configuration and click the toggle next to it to connect:
-
Once connected, the VPN status will change to Connected:
-
To disconnect, click the toggle again:
Ensure the connection is successful
We always recommend checking if Surfshark VPN is working after setting it up for the first time. You can easily do it by performing Surfshark IP leak test and a DNS leak test. For your convenience, both are available on our website.