Set up a VPN for Mac

VPNs virtual private networks provide secure remote access to private networks. Users commonly experience authentication errors, DNS resolution issues, or misconfigured VPN settings that prevent access to company networks.

VPN configuration on Mac

Mac includes built-in support for L2TP, IKEv2, and IPSec VPN connections. You configure these through System Settings by adding a VPN network service. Some organizations require third-party VPN clients with specific protocols or security requirements.

Before you begin

Contact the network administrator for your organization or VPN service provider for the VPN settings. These include the VPN connection type, server address, account name, and authentication settings like a password or certificate.
If you received a VPN settings file, double-click it to set up the connection. If not, follow the steps below to manually enter the settings.

Enter VPN settings manually

On the Mac, choose Apple menu > System Settings, then click Network in the sidebar.
Click the Action pop-up menu, choose Add VPN Configuration, then choose the type of VPN connection you want to set up.
- L2TP (Layer 2 Tunneling Protocol) is an extension of PPTP (Point-to-Point Tunneling Protocol) used by internet service providers to enable a VPN over the internet.
- IPSec (Internet Protocol Security) is a set of security protocols.
- IKEv2 (Internet Key Exchange version 2) is a protocol that sets up a security association in IPSec.
Enter a name for the new VPN service in the Display Name field.
If you’re setting up an L2TP over IPSec VPN, click the Configuration pop-up menu, then select a configuration.
If you don’t need multiple configurations, just use the Default configuration.
Enter settings for the new VPN service.
Required settings vary by the type of VPN and may include settings like server address, account name, password, and authentication method.
If needed, enter additional settings.
- L2TP over IPSec: You can enter settings for Options, TCP/IP, DNS, and Proxies.
- Cisco IPSec or IKEv2: You can enter settings for DNS and Proxies.
Click Create.

Change VPN settings

To change these settings, choose Apple menu > System Settings, then click VPN in the sidebar.

Note: The available settings vary depending on the type of VPN service selected.

Option	Description
[Service name]	The name of the VPN service and the connection status indicator. Connect or disconnect: Turn the VPN service on or off. Manage a VPN service: Click the Info button next to the service, then enter settings for the service.
Add VPN Configuration	Set up a new VPN service.

Option

Description

[Service name]

The name of the VPN service and the connection status indicator.

Connect or disconnect: Turn the VPN service on or off.

Manage a VPN service: Click the Info button next to the service, then enter settings for the service.

Add VPN Configuration

Set up a new VPN service.

VPN Info button settings

Option				Description
Display Name				Enter a name for the service.
Server Address				Enter the address of the VPN server.
Account Name				Enter the account name.
Password				Enter the password for the VPN account. This option appears for Cisco IPSec VPN connections.
Remote ID				Enter the remote ID for the VPN account. This option appears for IKEv2 VPN connections.
Local ID				Enter the local ID for the VPN account. This option appears for IKEv2 VPN connections.
Authentication				Enter the authentication details for the account.
Connect on demand				Automatically start the VPN connection when needed.
Remove configuration				Remove the selected VPN service.
Options				These options are available for L2TP VPN services. Disconnect when switching user accounts: End the VPN session when you switch to a different user account on a Mac. Disconnect when user logs out: End the VPN session when you log out. Send all traffic over VPN connection: Send all network traffic over the VPN connection, regardless of the network service you use to access the network (for example, Wi-Fi or Ethernet). Use verbose logging: Capture detailed log information during the VPN session.
TCP/IP				Configure IPv4 and IPv6. See Change TCP/IP settings.
DNS				Configure DNS servers and search domains. See Change DNS settings.
Proxies				Configure internet proxies. See Change proxy settings.

You can also configure TCP/IP settings, DNS settings, and proxy settings as needed.

Remove a VPN configuration

On the Mac, choose Apple menu > System Settings, then click VPN in the sidebar.
Click the Info button next to the VPN service you want to remove.
Click Remove Configuration, then confirm you want to remove it.

Test DNS resolution

DNS resolution issues are common with VPN connections. You can test DNS functionality using command-line tools to identify connectivity problems.

Use these commands in Terminal to test DNS resolution:
- Test basic DNS resolution: nslookup apple.com
- Test specific DNS server: nslookup apple.com 8.8.8.8
- Test internal organization resource: nslookup internal-organization-website.com

Common DNS troubleshooting steps

Verify DNS servers: Check that the VPN configuration includes the correct DNS server addresses for internal resources.
Test external DNS: Use nslookup google.com to verify external DNS resolution works.
Test internal DNS: Use nslookup with an internal hostname to verify the VPN is routing DNS queries correctly.
Flush DNS cache: Run sudo dscacheutil -flushcache to clear cached DNS entries.
Check DNS search domains: Verify that search domains are configured correctly in the VPN settings.

If the VPN connection isn’t working

What to look for:
- Authentication failures
- Configuration errors
- Slow internet speeds
- Random disconnection
- Can’t access certain websites or services
- Compatibility issues
- Third-party VPN apps crash or freeze
Steps to take:
- Perform initial checks: Ensure that the Mac is connected to the internet. Verify that the user can access internal resources without the VPN enabled. Confirm that the correct VPN type is selected in the configuration.
- Perform credential and configuration checks: Verify the user name and password are entered correctly. Check that the shared secret or certificate is properly configured and that the VPN server address is accurate and reachable.
- Check network settings: Verify that DNS is correctly resolving internal resources. Test connectivity using tools like ping or traceroute. Review whether split-tunneling settings are configured correctly for the user’s needs.
- Review logs: Examine system logs using the Console app by searching for “VPN” or use the log show command in Terminal. If the user is running a third-party VPN app, review its client logs for any errors or warnings.
- Check third-party VPN: Confirm that the third-party VPN works with the macOS Network Extension framework.

Ces renseignements étaient-ils utiles?

Apple Platform Support