Support Center / Proton VPN macOS manual IKEv2 VPN setup

Proton VPN macOS manual IKEv2 VPN setup

Note: We have an official Proton VPN app for macOS that provides the easiest way to connect to our servers and allows you to benefit from many of Proton VPN’s advanced features. For example:

Get Proton VPN for macOS

You can also connect to Proton VPN servers manually using the following VPN protocols:

  • OpenVPN (using TunnelBlick)
  • WireGuard (using any “vanilla” WireGuard client, including the official open-source app)
  • IKEv2 (using the built-in macOS VPN client)

In this guide, we show you how to manually configure devices running Mac OS X 10.11 (El Capitan) or newer to connect to our servers using the IKEv2 protocol. Please note that connecting in this way means you will not benefit from the advanced features available through the official Proton VPN macOS app.

macOS manual IKEv2 VPN setup for Proton VPN

1. Import the Proton VPN IKEv2 certificate.

Click here to download the certificate, and open it in Finder. This will open the Keychain Access app, and you will be asked to verify that you wish to import the certificate into your  Keychain.

2. Trust IKEv2 connections using the certificate.

In Keychain Access, find the Proton VPN Root CA right-clickGet info. (The same certificate will appear in both the login and System Roots keychains. You can edit either instance.)

Get infor for the Proton VPN certificate

3. Trust IKEv2 when using the certificate.

Using the dropdown menu next to IP Security (IPsec), select Always Trust. You do not need to trust this certificate for any other purpose. Be sure to close the window when you’re done (x), at which point you will be asked to verify the changes using your password or biometrics. 

Trust IP Security (IPsec)
4. Go System Preferences Network +.

Add new network

5. Create a new network interface.


  • Interface: VPN
  • VPN Type: IKEv2
  • Service name: Choose any name for the VPN connection that makes sense to you

Setup an IKEv2 VPN interface

6. Enter VPN server details.

Enter the name of the VPN server you would like to connect to into both the Server Address and Remote ID fields. Click Authentication Settings… when you’re done.

Enter server settings

To find the names of our VPN servers, log in to using your browser and go to DownloadsOpenVPN Configuration files → select the server you would like to connect to, and in the Actions column next to it, click the dropdown icon to see the server name.

Clicking on the server name will save it to your clipboard for easy pasting into the macOS Settings menu. 

Proton VPN server names

7. Ensure authentication by Username is selected (it is by default), and enter your IKEv2 login details. Click OK when you’re done.

Enter IKEv2 login details


These IKEv2 login details are not the same as your regular Proton VPN login details. To find your IKEv2 login details, log in to and go to AccountOpenVPN / IKEv2 username.


IKEv2 and OpenVPN login details

8. Back on the main Network Settings screen, click Apply to finish setting up the new VPN connection and Connect to establish a VPN connection to our server.

Apply and Connect

You are now connected to Proton VPN using IKEv2!


Related articles:
Proton VPN macOS OpenVPN setup
Proton VPN iOS IKEv2 manual setup

Post Comment


  1. Jos

    Would it be possible to generate a .mobileconfig file for macOS / iOS users?
    Or publish the exact VPN configuration details (like IKEv2 & Child Security Association Parameters, Certificate details, Connection details such as Perfect Forward Secrecy etc.)?

  2. ProtonVPN Team

    Hello Jos, we will send out the config to your email you provided here. :)

  3. PacketPusher

    Just wanted to post this because it was not found in any documentation anywhere on the site. Due to the setup with PFsense and using strict firewall configurations; egress traffic is filtered (i,e,. outbound traffic), you must open the outbound ports below for Proton App which uses IKEv2:

    IP Protocol Type= UDP,
    UDP Port Number= 500 <- Used by IKEv2

    IP Protocol Type= UDP,
    UDP Port Number= 4500 <- Used by IKEv2

  4. aras

    i need to connect with ip address instead of hostname on ikev2. can you change your config server to provide this option?

  5. ProtonVPN Team

    Hey Aras, shoot us an e-mail via if you need server IP addresses. Also, you can ping the server hostname, which is listed in the OpenVPN Config file, though it might not be the most convenient way to get IPs. We are planning to list hostnames on our website in the near future as well.

  6. Bob

    It would be nice if you said it only works for paid servers.

  7. ProtonVPN Team

    Hey Bob, this method for free servers requires a server IP address. For example ping and use the IP address you will get instead of the hostname.

Comments are closed.

your internet

Get Proton VPN
Get Proton VPN

For customer support inquiries, please submit the following form for the fastest response:
Support Form

For all other inquiries:

Version: OpenPGP.js v4.10.10


You can also Tweet to us: