Support Center / Proton VPN macOS manual IKEv2 VPN setup

Proton VPN macOS manual IKEv2 VPN setup

Note: We have an official Proton VPN app for macOS that provides the easiest way to connect to our servers and allows you to benefit from many of Proton VPN’s advanced features. For example:

Get Proton VPN for macOS

You can also connect to Proton VPN servers manually using the following VPN protocols:

  • OpenVPN (using TunnelBlick)
  • WireGuard (using any “vanilla” WireGuard client, including the official open-source app)
  • IKEv2 (using the built-in macOS VPN client)

In this guide, we show you how to manually configure devices running Mac OS X 10.11 (El Capitan) or newer to connect to our servers using the IKEv2 protocol. Please note that connecting in this way means you will not benefit from the advanced features available through the official Proton VPN macOS app.

macOS manual IKEv2 VPN setup for Proton VPN

1. Import the Proton VPN IKEv2 certificate.

Click here to download the certificate, and open it in Finder. This will open the Keychain Access app, and you will be asked to verify that you wish to import the certificate into your  Keychain.

2. Trust IKEv2 connections using the certificate.

In Keychain Access, find the Proton VPN Root CA right-clickGet info. (The same certificate will appear in both the login and System Roots keychains. You can edit either instance.)

Get infor for the Proton VPN certificate

3. Trust IKEv2 when using the certificate.

Using the dropdown menu next to IP Security (IPsec), select Always Trust. You do not need to trust this certificate for any other purpose. Be sure to close the window when you’re done (x), at which point you will be asked to verify the changes using your password or biometrics. 

Trust IP Security (IPsec)
4. Go System Preferences Network +.

Add new network

5. Create a new network interface.


  • Interface: VPN
  • VPN Type: IKEv2
  • Service name: Choose any name for the VPN connection that makes sense to you

Setup an IKEv2 VPN interface

6. Enter VPN server details.

Enter the name of the VPN server you would like to connect to into both the Server Address and Remote ID fields. Click Authentication Settings… when you’re done.

Enter server settings

To find the names of our VPN servers, log in to using your browser and go to DownloadsOpenVPN Configuration files → select the server you would like to connect to, and in the Actions column next to it, click the dropdown icon to see the server name.

Clicking on the server name will save it to your clipboard for easy pasting into the macOS Settings menu. 

Proton VPN server names

7. Ensure authentication by Username is selected (it is by default), and enter your IKEv2 login details. Click OK when you’re done.

Enter IKEv2 login details


These IKEv2 login details are not the same as your regular Proton VPN login details. To find your IKEv2 login details, log in to and go to AccountOpenVPN / IKEv2 username.


IKEv2 and OpenVPN login details

8. Back on the main Network Settings screen, click Apply to finish setting up the new VPN connection and Connect to establish a VPN connection to our server.

Apply and Connect

You are now connected to Proton VPN using IKEv2!


Related articles:
Proton VPN macOS OpenVPN setup
Proton VPN iOS IKEv2 manual setup

your internet

Get Proton VPN
Get Proton VPN

Contact us

Support form

Tell us about the problem and we'll get back to you as soon as we can.

Open support form

Live chat

Get help from a support agent in real time. Available with a paid VPN subscription.

Chat with us

Secure email

Send us an encrypted message at It may take us longer to respond.

Email us