A virtual private network, or VPN, keeps others from tracking your movements online and makes your IP address untraceable.The best VPNshelp protect your network and data while unblocking streaming video content worldwide and letting you browse international content like a local no matter where you are.
Difficulty
What You Need
A Windows PC or Mac
An internet connection
If you like the idea of a VPN but are unsure how to use one, this guide will help. A simple setup can hide your browser activity and keep your IP address secret when using apps. A more advanced option is to install a VPN at the system level so everything is protected without running a VPN app or extension. You can use a VPN on Windows and macOS so we’ll cover each.
Whether you pick apopular service like NordVPNor ourcurrent top pick, Surfshark, the easiest way to get started is to use the VPN app. Most top VPNs offer software for Windows, macOS, and Linux computers, as well as mobile apps for Android and iOS.
Step 2:Most VPNs provide a quick-connect button, so if you don’t mind what server you connect to, click that. After a moment or two, you’ll connect to the fastest server available at the time.
If you want to appear to be located in a particular country or want to stream services like Netflix while connected to your VPN, you’ll need to pick a specific server. Your VPN service of choice will have a list of countries and may designate which ones are best for streaming. Use the server browser, map, or however that particular VPN organizes its options to select the right server for you.
Then, if prompted, click theConnectorQuick Connectbutton and wait for the notification saying you’re connected.
Step 3:If you’re happy to manually select a server, or at least manually connect to one each time your system starts, you can draw a line under today’s efforts and begin to browse safely and privately thanks to your new VPN. If you want it to be even more hands-off, though, you can look to see if your VPN offers automatic connection and startup options. Most do.
Find the settings menu and look for the relevant tick boxes there. Enable the client to start up with your operating system and to automatically connect. Each time your system boots, you should find it automatically connects you to the fastest server available at the time.
Alternative: Manually configure your VPN under Windows 11
If you like complete control of your VPN connection and you’re running Windows 11, you can instead set everything up using the Windows 11 VPN configuration tool. Doing so is a much more in-depth method but does give you more say in how the tunneling works. You’ll need to know your way around Windows 11 and should do some supplementary reading before getting started.
With that in mind, here’s a crash course on VPN protocols that is well worth reading before you dive into the step-by-step instructions below.
How to understand protocols
Older protocols like Point-to-Point Tunneling Protocol (PPTP) may be easier to configure, but they come with vulnerabilities that make them more susceptible to attacks. If at all possible, you should avoid using PPTP.
Newer protocols, like Layer Two Tunneling Protocol (or L2TP), come with a 256-bit encryption key, deemed safe for top-secret communications for Windows and MacOS users. However, L2TP may be vulnerable to attacks if configured with shared keys, so you’ll also want to be aware of how you authenticate with the VPN service.
OpenVPN protocol is another favorite standard, thanks to how highly configurable and secure it is. It’s difficult to block because it can be run on any port, and it supports both UDP and TCP protocols. The downside is that it may be challenging to set up because it is so highly configurable and often requires third-party software.
In this setup, we’ll use the Internet Key Exchange Version 2 (IKEv2). This standard comes with hearty security, supports a fast connection, and both Windows and Mac mobile operating systems support it. It’s decently simple to set up, and IKEv2 reconnects quickly if you lose your VPN connection. This is crucial and is a big selling point thanks to its ease of switching and reconnecting to different networks with the new crop of LTE-enabled Always Connected PCs.
IKEv2 allows individuals to switch between Wi-Fi and LTE networks without losing their connection to the VPN because it’s based on Mobility and Multihoming standard. However, since IKEv2 is newer than other standards, it may not currently be supported by all VPN providers.
Setting up a virtual private network in Windows 11
Step 1:Navigate to the Windows 11 VPN configuration tool by typingVPN *into the Windows search bar and select *VPN Settings. Alternatively, you’re able to also go to Windows’Settings *menu, click on *Network & Internet, and chooseVPNon the left column.
Step 2:SelectAdd VPNto continue.
Step 3:A pop-up window should appear. Click on the drop-down forVPN Providerand chooseWindows (built-in).
In theConnection namefield, you can name it anything you want. We chose to name this connection with a combination of our VPN provider’s name, the server location, and the server number. In this case, because we are using NordVPN’s service and connecting to a U.S. server with an ID of 2093 from NordVPN’s directory of servers, we opted forNordVPN USA 2093as my connection name. Being descriptive will help you identify the server from a list in the future if you decide to add multiple server locations.
Each VPN provider publishes their directory of available connections, and you’ll want to consult with your provider on specifics about server addresses. In our case, we chose NordVPN’s U.S.-based server atus2093.nordvpn.com. That will be the address that will go into theServer Name Or Addressfield.
For better connection speeds and reliability, you’ll want to opt for a server near you. However, if you’re looking to skirt geographic restrictions, you can also choose a server located in another country.
UnderVPN Type, choose the connection type you want to use to connect and authenticate your VPN service. As outlined in the protocol guide section above, selectIKEv2.
For theType Of Sign-in Info, we choseUser Name And Password. There are different ways you can log in to a VPN and authenticate with the service, including using a smart card, a one-time password, or a certificate. You’ll want to refer to your VPN service for instructions on the best way to log in. Most services will accept a username and password.
After you’re finished, clickSave.
Step 4:Your newly created VPN name should appear in the list now. For most types of connections, you should be done and ready to connect, in which case you’ll want to jump ahead to Step 19 in this section of the guide. However, for an IKEv2 connection, you’ll want to continue to download a certificate and change some additional settings before you may connect.
Your VPN provider will give you instructions on where to download the certificate from its website. After you’ve downloaded the certificate, click it to open it. A security warning will pop up, and you’ll want to clickOpen.
Step 5:In the first tab of the certificate labeledGeneral, selectInstall Certificatelocated near the bottom.
Step 6:The certificate wizard will appear asking you where you want to install the certificate. Make sure the bubble next toLocal Machineis selected. SelectNextand thenYesin the following security pop-up.
Step 7:ChoosePlace All Certificates in the Following Storeand then clickBrowse.
Step 8:A pop-up with a list of locations will appear. ChooseTrusted Root Certificates Authoritiesand clickOK.
Step 9:ClickNextand then clickFinish. ClickOKand then clickOKagain to confirm that the certificate has been installed.
Step 10:TypeControl Panelin the Windows season bar. Click onControl Panelto launch it.
Step 11:SelectNetwork and Internet.
Step 12:ChooseNetwork and Sharing Center.
Step 13:On the left column, selectChange adapter settings.
Step 14:You should see your VPN connection’s name (NordVPN USA 2093) here. Right-click on it and selectProperties. Then click on theSecuritytab.
Step 15:ChooseIKEv2under the Type of VPN if it wasn’t already specified. UnderData encryption, make sure to selectRequire Encryption (Disconnect If Server Declines). UnderAuthentication, selectUse Extensive Authentication Protocol (EAP)and selectMicrosoft: Secured password EAP-MSCHAPv2. ClickOKwhen done.
Step 16:Now, you’re ready to connect. Click on the Wi-Fi symbol on the right-hand side of the Windows taskbar. At the top, you should see your VPN name. Click on it, and then selectConnect. If you haven’t saved your username and password during configuration, you’ll have to enter your username and password to authenticate with the service. Once the service connects, you should be able to enjoy a more secure internet experience.
There is one limitation to note when you’re using a built-in VPN connection tool, like the one that ships with Windows 11. When you configure the service, you’re identifying a particular server for your PC connection. Depending on your needs, you may want to repeat the steps above to add multiple servers to the list.
If, for example, the current server gets too congested, you can disconnect and connect to a different server to see if speeds are faster. Some users will have country-specific servers to skirt geographical limitations for some streaming services and several local servers to quickly and securely browse the web.
How to set up a virtual private network on a Mac
Setting up aMacOS VPNis very similar to the process on Windows. You’ll want to have your username, password, server address, and certificates ready if you’re using an IKEv2 to login.
Step 1:Download your VPN certificate. Please refer toStep 8in the Windows section for downloading the certificate and defer to your VPN provider for the specific URL where you can navigate to download your certificate. Once the certificate is downloaded, it will be placed in yourDownloadsfolder on your Mac. Click it to open it.
Step 2:MacOS will then display a new window, asking if you want toAdd Certificates. You’ll want to clickAddat the bottom right to add the certificate to thelogin keychain.
Step 3:In theKeychain Accesswindow, log in under theKeychainsmenu on the left-hand side. Your VPN certificate – we’re using NordVPN in this step – will appear. Right-click on the certificate and selectGet Info.
Step 4:ChooseAlways Trustin the dropdown next toWhen Using This Certificate. Once you approve the new changes, MacOS will ask you to enter your password to save.
Step 5:You’ll want to go toSystem Settingsby typing it into the Spotlight search. InSystem Settings, select the *VPN *tab.
Step 6:SelectAdd VPN Configurationand chooseIKEv2from the menu. A window will open with boxes to fill in connection details.
Step 7:The display name can be anything you want. Still, it would be best if you named it with a combination of your VPN provider’s name, server number, and location to be able to identify the connection quickly. You can refer to the Windows guide for more details. For this step, we choseNordVPN USA 2093because we connected to NordVPN’s 2093 server, which is located in the U.S.
You’ll be able to enter the Server Address and Remote ID. You can refer to your VPN provider’s guide for details — NordVPN publishes a list of its servers. For this step, enter us2093.nordvpn.com into both the Server Address and Remote ID fields. Leave Local ID blank.
Next comes setting up your authentication by heading to theAuthentication Settings. Enter the username and password for the connection and selectCreate.
Step 8:Your new VPN connection will appear in theVPNtab ofSystem Settings. Toggle the switch to connect and start using the VPN. All your internet activities will now pass through your newly established VPN, so you can be sure that your online actions are completely confidential.
If you haven’t already chosen a VPN, there are many factors to consider. While there are somegood free VPNs, you’ll get faster service, more options, and better service.
We can also help you pickthe best VPN at school, choosea VPN that works best for streaming, or finda VPN that lets you connect lots of devices.
