Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

How to set up a VPN

A virtual private network, or VPN, keeps others from tracking your movements online and makes your IP address untraceable. In times such as these, it could be beneficial to use a VPN to protect your network and data. If a VPN is in your future, but you are unsure how to set one up, this is the guide for you. We will discuss how to set up and use your VPN on Windows and MacOS PCs.

Step 1: Sign up and install your chosen VPN

Whether you pick a firm favorite like NordVPN or our current top choice, Private Internet Access, you will need to install the VPN client. Most top VPNs offer apps for Windows, MacOS, Linux, and both Android and iOS mobile devices, so download the program from either your respective app store or the official website and install it as usual.

You’ll need to sign up for the service to get an official account, but once concluded, take your login information and enter it into the software to access the VPN service.

Step 2: Quick connect or choose a server

Proton VPN client
ProtonVPN lets you select a server by map, list, or with the Quick Connect button. Image used with permission by copyright holder

Most VPNs provide a quick-connect button, so if you don’t mind what server you connect to, click that. After a moment or two, you’ll connect to the fastest server available at the time.

If you want to appear to be located in a particular country or want to stream services like Netflix while connected to your VPN, you’ll need to pick a specific server. Your VPN service of choice will have a list of countries and may designate which ones are best for streaming. Use the server browser, map, or however that particular VPN organizes its options to select the right server for you.

Then, if prompted, click the Connect button and wait for the notification saying you’re connected.

Step 3: Keep it manual, or auto-start

NordVPN client
NordVPN has an entire section of its Settings menu dedicated to automated connections. Image used with permission by copyright holder

If you’re happy to manually select a server, or at least manually connect to one each time your system starts, you can draw a line under today’s efforts and begin to browse safely and privately thanks to your new VPN. If you want it to be even more hands-off, though, you can look to see if your VPN offers automatic connection and startup options. Most do.

Find the settings menu and look for the relevant tick boxes there. Enable the client to start up with your operating system and to automatically connect. Each time your system boots, you should find it automatically connects you to the fastest server available at the time.

Alternative: Manually configure your VPN under Windows 10

If you like complete control of your VPN connection and you’re running Windows 10, you can instead set everything up using the Windows 10 VPN configuration tool. Doing so is a much more in-depth method but does give you more say in how the tunneling works. You’ll need to know your way around Windows 10 and should do some supplementary reading before getting started.

With that in mind, here’s a crash course on VPN protocols that is well worth reading before you dive into the step-by-step instructions below.

How to understand protocols

Older protocols like Point-to-Point Tunneling Protocol (PPTP) may be easier to configure, but they come with vulnerabilities that make them more susceptible to attacks. If at all possible, you should avoid using PPTP.

Newer protocols, like Layer Two Tunneling Protocol (or L2TP), come with a 256-bit encryption key, deemed safe for top-secret communications for Windows and MacOS users. However, L2TP may be vulnerable to attacks if configured with shared keys, so you’ll also want to be aware of how you authenticate with the VPN service.

OpenVPN protocol is another favorite standard, thanks to how highly configurable and secure it is. It’s difficult to block because it can be run on any port, and it supports both UDP and TCP protocols. The downside is that it may be challenging to set up because it is so highly configurable and often requires third-party software.

In this setup, we’ll use the Internet Key Exchange Version 2 (IKEv2). This standard comes with hearty security, supports a fast connection, and both Windows and Mac mobile operating systems support it. It’s decently simple to set up, and IKEv2 reconnects quickly if you lose your VPN connection. This is crucial and is a big selling point thanks to its ease of switching and reconnecting to different networks with the new crop of LTE-enabled Always Connected PCs.

IKEv2 allows individuals to switch between Wi-Fi and LTE networks without losing their connection to the VPN because it’s based on Mobility and Multihoming standard. However, since IKEv2 is newer than other standards, it may not currently be supported by all VPN providers.

Setting up a virtual private network in Windows 10

Step 1: Navigate to the Windows 10 VPN configuration tool by typing VPN into the Windows search bar and select VPN Settings. Alternatively, you can also go to Windows’ Settings menu, click on Network & Internet, and choose VPN on the left column.

Step 2: Click on the + sign to add a VPN connection.

Step 3: A blue pop-up wizard should appear. Click on the drop-down for VPN Provider and choose Windows (built-in).

In the Connection name field, you can name it anything you want. We chose to name this connection with a combination of our VPN provider’s name, the server location, and the server number. In this case, because we are using NordVPN’s service and connecting to a U.S. server with an ID of 2093 from NordVPN’s directory of servers, we opted for NordVPN USA 2093 as my connection name. Being descriptive will help you identify the server from a list in the future if you decide to add multiple server locations.

Each VPN provider publishes their directory of available connections, and you’ll want to consult with your provider on specifics about server addresses. In our case, we chose NordVPN’s U.S.-based server at us2093.nordvpn.com. That will be the address that will go into the Server Name Or Address field.

For better connection speeds and reliability, you’ll want to opt for a server near you. However, if you’re looking to skirt geographic restrictions, you can also choose a server located in another country.

Under VPN Type, choose the connection type you want to use to connect and authenticate your VPN service. As outlined in the protocol guide section above, select IKEv2.

For the Type Of Sign-in Info, we chose User Name And Password. There are different ways you can log in to a VPN and authenticate with the service, including using a smart card, a one-time password, or a certificate. You’ll want to refer to your VPN service for instructions on the best way to log in. Most services will accept a user name and password.

After you’re finished, click Save.

Step 4. Your newly created VPN name should appear in the list now. For most types of connections, you should be done and ready to connect, in which case you’ll want to jump ahead to Step 19 in this section of the guide. However, for an IKEv2 connection, you’ll want to continue to download a certificate and change some additional settings before you can connect.

Your VPN provider will give you instructions on where to download the certificate from its website. We navigated to NordVPN’s certificate download page for this example. After you’ve downloaded the certificate, click it to open it. A security warning will pop up, and you’ll want to click Open.

Step 5. In the first tab of the certificate labeled General, you’ll click Install Certificate located near the bottom.

Step 6. The certificate wizard will appear asking you where you want to install the certificate. Make sure the bubble next to Local Machine is selected. Click Next and then click Yes in the following security pop-up.

Step 7. Choose the bubble for Place All Certificates in the Following Store and then click Browse.

Step 8. A pop-up with a directory will appear. Choose Trusted Root Certificates Authorities and click OK.

Step 9. Click Next and then click Finish. Click OK and then click OK again to confirm that the certificate has been installed.

Step 10. Type Control Panel in the Windows season bar. Click on Control Panel to launch it.

Step 11. Click Network and Internet.

Step 12. Click Network and Sharing Center.

Step 13. On the left column, click Change adapter settings.

Step 14. You should see your VPN connection’s name (NordVPN USA 2093) here. Right-click on it and select Properties. Then click on the Security tab.

Step 15: Choose IKEv2 under the Type of VPN if it wasn’t already specified. Under Data encryption, make sure to select Require Encryption (Disconnect If Server Declines). Under Authentication, select Use Extensive Authentication Protocol (EAP) and select Microsoft: Secured password EAP-MSCHAPv2. Click OK when done.

Step 19: Now, you’re ready to connect. Click on the Wi-Fi symbol on the right-hand side of the Windows taskbar. At the top, you should see your VPN name. Click on it, and then select Connect. If you haven’t saved your username and password during configuration, you’ll have to enter your username and password to authenticate with the service. Once the service connects, you should be able to enjoy a more secure internet experience.

There is one limitation to note when you’re using a built-in VPN connection tool, like the one that ships with Windows 10. When you configure the service, you’re identifying a particular server for your PC connection. Depending on your needs, you may want to repeat the steps above to add multiple servers to the list.

If, for example, the current server gets too congested, you can disconnect and connect to a different server to see if speeds are faster. Some users will have country-specific servers to skirt geographical limitations for some streaming services and several local servers to quickly and securely browse the web.

Setting up a virtual private network on Windows 7 and 8.1

The Windows VPN configuration tool also works in older versions of Windows like 7 and 8.1, although the steps to use it are slightly different.

Step 1: Launch Control Panel. You can navigate to Control Panel in many ways, but the easiest way is to type in Control Panel in the Windows search bar.

Step 2: Click on Network and Internet and then Network and Sharing Center.

Image used with permission by copyright holder

Step 3: Under the Change Your Network Settings header, click on Set Up a New Connection or Network.

Image used with permission by copyright holder

Step 4: A wizard will appear to guide you through the setup. Click on the last option to Connect to a Workplace, which will allow you to enter your VPN provider’s settings in the following steps. Then, click Next to continue, followed by Use My Internet Connection (VPN) in the next prompt.

Image used with permission by copyright holder

Step 5: In the Internet address field, you’ll want to consult with your VPN provider to get the server information. Generally, choose the server in your country or one that’s closest to you to get the fastest connection speeds. Alternatively, if you’re trying to mask your location when trying to access region-restricted content, like a foreign country’s Netflix catalog, you can also choose a server in the nation where you want to access or one optimized for streaming. Your VPN provider will have a list of available servers for you to select.

In this example, we’re going to choose a U.S. server from NordVPN, specifically the United States #2093 server. The internet address for this server is located at us2093.nordvpn.com, and that’s what we into the field.

Image used with permission by copyright holder

In the Destination name field, you can name your VPN connection anything you want. This part of the process is where the limitation of setting up a VPN through the built-in Windows client comes into play. Whereas NordVPN’s app allows you to jump between servers, you’ll only be able to connect to a single server at a time with Windows.

It’s worth noting that the Destination name should be specific to avoid confusion in the future. We called this connection NordVPN USA 2093. If you want to connect to a NordVPN server in Australia or the U.K. in the future, for example, you’ll have to set up new VPN connections to servers in those countries. Giving the VPN connection a specific name will minimize confusion down the road when choosing which server to connect to.

You’ll want to make sure that the box for Remember my credentials is checked if you don’t want to enter your login information every time you connect to the VPN. And depending on how you use and share your computer, you can also check the box Allow other people to use this connection. Click on the Create button when you’re done.

Image used with permission by copyright holder

Step 6: With an IKEv2 connection, you’ll need to install a certificate. If this is supported, your VPN provider will tell you where to go to download and install the certificate. For NordVPN, you’ll want to download the file from its site. Save the certificate and then open it after the download is complete. A security warning will pop up. Click Open.

Step 7: In the first tab of the certificate labeled General, click Install Certificate located near the bottom.

Step 8: The certificate wizard will appear, asking you where you want to install the certificate. Make sure the bubble next to Local Machine is selected. Click Next and then click Yes in the following security pop-up.

Image used with permission by copyright holder

Step 9: In this step, you’ll want to choose the location where you want your certificate placed. Select the bubble for Place All Certificates in the Following Store and then click Browse.

Image used with permission by copyright holder

Step 10: A pop-up with a directory will appear. Choose Trusted Root Certificates Authorities and click OK.

Image used with permission by copyright holder

Step 11: Click Next and then click Finish. Click OK and then again to confirm that the certificate has been installed.

Image used with permission by copyright holder

Step 12:Go back to the Network and Sharing Center again. Click on Change Adapter Settings on the left-hand column.

Step 13: Right-click on the VPN that you’ve just created and select Properties, then click on the Security tab.

Image used with permission by copyright holder

Step 14: Choose IKEv2 under the Type of VPN. Under Data encryption, make sure to select Require encryption (disconnect if server declines). Under Authentication, select Use Extensive Authentication Protocol (EAP) and select Microsoft: Secured password EAP-MSCHAPv2. Click OK when done.

Image used with permission by copyright holder

Step 15: Click on the Wi-Fi or wired network symbol on the Windows taskbar’s right-hand side. At the top, you should see your VPN name. Click on it, and then select Connect. You’ll be asked for your username and password, and then you’re on your way to a more secure internet experience.

Image used with permission by copyright holder

How to set up a virtual private network on a Mac

Setting up a VPN connection on MacOS is very similar to the process on Windows. You’ll want to have your username, password, server address, and certificates ready if you’re using an IKEv2 to login.

Step 1: You’ll want to download your VPN certificate. Please refer to Step 8 in the Windows section for downloading the certificate and defer to your VPN provider for the specific URL where you can navigate to download your certificate. Once the certificate is downloaded, it will be placed in your Downloads folder on your Mac. Click it to open it.

Step 2: MacOS will then display a new window, asking if you want to Add Certificates. You’ll want to click Add at the bottom right to add the certificate to the login keychain.

Step 3: In the Keychain Access window, you’ll want to log in under the Keychains menu on the left-hand side. Your VPN certificate — we’re using NordVPN in this step — will appear. Right-click on the certificate and select Get Info.

Step 4: In this step, you’ll want to choose Always Trust in the dropdown next to When Using This Certificate. Once you approve the new changes, MacOS will ask you to enter your password to save.

Step 5: You’ll want to go to System Preferences by typing it into the Spotlight search. In System Preferences, select the Network icon.

Image used with permission by copyright holder

Step 6: Click on the + (plus) sign at the bottom left to add a new connection. You’ll want to choose VPN for the interface and select IKEv2 for the type. The service name can be anything you want. Still, it would be best if you named it with a combination of your VPN provider’s name, server number, and location to be able to identify the connection quickly. You can refer to the Windows guide for more details.

Step 7: For this step, we chose NordVPN USA 2093 because we connected to NordVPN’s 2093 server, which is located in the U.S. Click Create after you’re done.

Image used with permission by copyright holder

Step 7: You’ll be able to enter the Server Address and Remote ID. You can refer to your VPN provider’s guide for details — NordVPN publishes a list of its servers. For this step, enter us2093.nordvpn.com into both the Server Address and Remote ID fields. Leave Local ID blank.

Step 8: Next comes setting up your authentication by heading to the Authentication Settings. Enter the username and password for the connection on the next screen and click OK.

Check the Show VPN Status in the Menu Bar box, and click Apply. Click OK on the next screen to confirm your choice. An icon that looks like a luggage tag will appear on your menu bar that allows for easier access.

Step 9: The appearance of the luggage tag icon indicates that your new VPN connection was successful. Clicking on the icon in your menu bar will prompt you to select the option Connect VPN. That will send you to the newly created virtual private network. All your internet activities will now pass through your newly established VPN, so you can be sure that your online actions are completely confidential.

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Microsoft Defender finally feels like proper antivirus software for individuals
The Windows Security app in Windows 11.

With password attacks and ransomware on the rise, Microsoft has announced the general availability of Microsoft Defender for individuals, a premium, cross-platform, consumer security application for Windows, Android, iOS, and Mac.

Available for paid Microsoft 365 Personal and Family subscribers, this new security offering from Microsoft is the latest step in a journey to bring its security features to all of its users. Building on what's been done with the Windows Security app on Windows, Microsoft Defender for individuals will bring together multiple protections into a single online dashboard.

Read more
Microsoft Edge just got a new way to protect your privacy
Microsoft Edge Secure Network graphic.

Microsoft Edge just got even more secure. After a tease a few weeks ago, Microsoft has just officially announced the availability of Edge Secure Network, the new built-in VPN feature for the Microsoft Edge browser.

Though still in an experimental stage with a small audience using the Canary version of the browser, Microsoft hopes this feature can provide extra peace of mind when using Edge on unsecured networks. As with most other VPN services, this built-in Secure Network can mask your device's IP address, encrypt your data, and route it through a secure network that's geographically co-located.  This will make it harder for hackers and others with bad intent to see your true location. The company that provides your internet also won't be able to collect your browsing data for ads.

Read more
Apple’s Private Relay VPN seems to be leaking user data
Apple products are seen in the store.

When Apple unveiled iCloud+ at its Worldwide Developers Conference (WWDC) in June 2021, one of its key features was a secure VPN called Private Relay. Yet a fresh report claims the service has been leaking user data on MacOS, potentially meaning it’s not as secure as previously thought.

Private Relay works by obfuscating various identifying pieces of information when you browse the internet. It encrypts your data, separates your page requests from your IP address, then assigns you a spoof IP address. The idea is that it becomes impossible for anyone (including Apple) to see which websites you are visiting.

Read more