Connect to IKEv2 VPN on Mac, iPhone, iPad

VPN Tracker enables you to create a secure IKEv2 VPN connection to your VPN gateway so you can enjoy remote access to your network wherever you are.

VPN Tracker's custom IKEv2 VPN profile gives you the flexibility to configure your connection exactly as you need it - with support for all major encryption options – including those rumored to soon be deprecated by Apple in an upcoming macOS release.

Follow these steps to create an IKEv2 connection on Mac, iPhone and iPad.

How to set up IKEv2 VPN

Set up IKEv2 VPN on your device

This guide assumes you have already successfully configured an IKEv2 VPN tunnel on your VPN gateway; however, if you need support setting up your device, check out some of our device-specific IKEv2 configuration guides:

• ASUS routers
• Fortinet FortiGate
• Zyxel USG Flex
• DrayTek Vigor
• TP Link SafeStream
• strongSwan

IKEv2 VPN must-haves

Before you start, make sure you have the following configuration information available for your gateway, as you will need to enter it into VPN Tracker.

You can find these values on the network overview page or VPN setup UI of your VPN gateway.

Needed for all IKEv2 connections:

• The public IP address or host name (e.g. “203.0.113.48” or “vpn.example.com”) of the VPN gateway you are connecting to
• Your authentication method for the connection – this may be a Pre-shared Key, a certificate, or a user login and password (i.e. if EAP user authentication has been enabled)

You may also need:

• Remote network address (if manually configuring network settings)
• The local identifier (Some VPN gateways (e.g. Cisco) refer to the local identifier as “group name” or “group ID”)
• The settings for phase 1 and 2 (encryption algorithms, etc.)

Connect to IKEv2 VPN in VPN Tracker

To start setting up IKEv2 VPN, first open the VPN Tracker IKEv2 Connection Creator:

 

You can now begin filling out the configuration options for your connection.

VPN gateway address:

Enter the public IP address or hostname of the router, firewall, etc. you are connecting to via VPN

 

Network preferences

VPN Tracker offers automatic network configuration to automatically inherit the network settings from your VPN gateway; meaning you don't need to configure any additional network information in VPN Tracker:

 

Alternatively, you can choose manual network configuration from the dropdown menu and specify your own network preferences:

 

Choose between Host to Everywhere (tunnel all traffic through the VPN) or select Host to Network to configure split tunneling. This is the right setting for most people who only need to connect to certain networks via the VPN (e.g. in a home office scenario.)

If you choose Host to Network, enter the remote networks you wish to connect to and click the + to add more.

You can enter the addresses or networks in the following formats:

• As a single address, e.g. "192.168.10.4",
• as a single remote network, e.g. "192.168.10.0" (VPN Tracker will use the most typical subnet),
• in CIDR notation, e.g. "192.168.10.0/24",
• or with the full subnet, e.g. "192.168.10.0 / 255.255.255.0", which VPN Tracker will then convert to CIDR notation.

 

Authentication

In order to connect to your IKEv2 VPN, you will need to select the correct authentication method to match what has been configured on your gateway. VPN Tracker supports:

• Pre-shared Key (PSK)
• EAP user authentication (user login + password)
• Certificates

Choose the appropriate authentication method from the dropdown menu and save your username and password / PSK or upload your certificate:

 

Local identifier

By default, this field is set to "Local endpoint IP address", meaning the identification process is done via IP address.

If you have configured this differently on your gateway, select one of the options from the drop-down menu (e.g. Email (User FQDN)) and fill in the identifier:

 

DNS settings (optional)

If you have configured or are using a DNS server for your network, you can add these settings by checking the box "Use Remote DNS Server" – either by importing settings from your VPN gateway or entering them manually:

 

Learn more about setting up DNS in VPN Tracker.

Configure additional IKEv2 settings

VPN Tracker also allows you to define custom advanced settings for IKEV2 connections. Switch to the Advanced tab to explore your configuration options:

 

Phase 1 and Phase 2 settings

For Phase 1 and Phase 2, you have the opportunity to select numerous encryption settings (i.e. encryption and authentication algorithms) for your connection:

The options you select here should exactly match up with the settings specified on your VPN gateway in order for the connection to work correctly.

 

Traffic Control

Use Traffic Control to customize your connections and determine exactly how much of your internet traffic is to be routed over the VPN. Set up split tunneling and exclude addresses from the VPN or set up connection-based rules.

Start using your new IKEv2 connection

As soon as you're finished configuring your new IKEv2 connection, save it in your VPN Tracker account using secure end-to-end encryption and enjoy easy remote access on your Mac, iPhone and iPad in VPN Tracker.

Why VPN Tracker?

Connecting to IKEv2 VPN? VPN Tracker is your best choice VPN client for Mac, iPhone and iPad. VPN Tracker's custom IKEv2 engine includes unbeatable support for all relevant IKE extensions, providing seamless compatibility with the most popular IKEv2 VPN gateways from Cisco, Fortinet, Zyxel, TP Link, Draytek, and more.