Set Up IKEv2 on Mac

First, securely transfer the generated .p12 file to your Mac, then double-click to import into the login keychain in Keychain Access. Next, double-click on the imported IKEv2 VPN CA certificate, expand Trust and select Always Trust from the IP Security (IPsec) drop-down menu. Close the dialog using the red "X" on the top-left corner. When prompted, use Touch ID or enter your password and click "Update Settings". When finished, check to make sure both the new client certificate and IKEv2 VPN CA are listed under the Certificates category of login keychain.

  1. Open System Preferences and go to the Network section.
  2. Click the + button in the lower-left corner of the window.
  3. Select VPN from the Interface drop-down menu.
  4. Select IKEv2 from the VPN Type drop-down menu.
  5. Enter anything you like for the Service Name.
  6. Click Create.
  7. Enter Your VPN Server IP (or DNS name) for the Server Address.
  8. Enter Your VPN Server IP (or DNS name) for the Remote ID.
  9. Enter Your VPN client name in the Local ID field.
    Note: This must match exactly the client name you specified during IKEv2 setup. Same as the first part of your .p12 filename.
  10. Click the Authentication Settings... button.
  11. Select None from the Authentication Settings drop-down menu.
  12. Select the Certificate radio button, then select the new client certificate.
  13. Click OK.
  14. Check the Show VPN status in menu bar checkbox.
  15. Click Apply to save the VPN connection information.
  16. Click Connect.