How to set up a VPN

A virtual private network or VPN keeps others from tracking your movements online and makes your IP address untraceable. In times such as these, it could be beneficial to use a VPN to protect your network and data. If a VPN is in your future but are unsure how to set one up, this is the guide for you. We will discuss how to set up and use your VPN on Windows and MacOS PCs.

Step 1: Sign up and install your chosen VPN

Whether you pick a firm favorite like NordVPN or our current top choice, Private Internet Access, you will need to install the VPN client. Most top VPNs offer applications for Windows, MacOS, Linux, and both Android and iOS mobile devices, so download the program from either your respective app store or the official website and install it as usual.

You’ll need to sign up for the service to get an official account, but once concluded, take your login information and input it into the software to access the VPN service.

Step 2: Quick connect or choose a server

Proton VPN client
ProtonVPN lets you select a server by map, list, or with the Quick Connect button.

Most VPNs provide a quick-connect button, so if you don’t mind what server you connect to, just click that. After a moment or two, you’ll connect to the fastest server available at the time.

If you want to appear to be located in a particular country or want to stream services like Netflix while connected to your VPN, you’ll need to pick a specific server. Your VPN service of choice will have a list of countries and may designate which ones are best for streaming. Use the server browser, map, or however that particular VPN organizes its options to select the right server for you.

Then, if prompted, click the Connect button and wait for the notification saying you’re connected.

Step 3: Keep it manual, or auto-start

NordVPN client
NordVPN has an entire section of its Settings menu dedicated to automated connections.

If you’re happy to manually select a server, or at least manually connect to one each time your system starts, you can draw a line under today’s efforts and begin to browse safely and privately thanks to your new VPN. If you want it to be even more hands-off, though, you can look to see if your VPN offers automatic connection and startup options. Most do.

Find the settings menu and look for the relevant tick boxes there. Enable the client to startup with your operating system and to automatically connect. Each time your system boots, you should find it automatically connects you to the fastest server available at the time.

Alternative: Manually configure your VPN under Windows 10

If you like to be in complete control of your VPN connection and you’re running Windows 10, you can instead set everything up using the Windows 10 VPN configuration tool. Doing so is a much more in-depth method but does give you more say in how the tunneling works. You’ll need to know your way around Windows 10 and should do some supplementary reading before getting started.

With that in mind, here’s a crash course on VPN protocols that is well worth reading before you dive into the step-by-step instructions below.

How to understand protocols

Older protocols like Point-to-Point Tunneling Protocol (PPTP) may be easier to configure, but they come with vulnerabilities that make them more susceptible to attacks. If at all possible, you should avoid using PPTP.

Newer protocols, like Layer Two Tunneling Protocol (or L2TP), come with a 256-bit encryption key, which is deemed safe for top-secret communications for Windows and MacOS users. However, L2TP may be vulnerable to attacks if configured with shared keys, so you’ll also want to be aware of how you authenticate with the VPN service.

Another popular standard is the OpenVPN protocol, which is highly configurable and secure. It can run on any port and supports both UDP and TCP protocols, making it difficult to block. The downside is that because it is so highly configurable, it may be challenging to set up and often requires third-party software.

In our setup, we’re relying on the IKEv2 (Internet Key Exchange Version 2). The benefit of this standard is that it comes with more robust security than older protocols, supports a fast connection, and is also supported by mobile operating systems in addition to Windows and Mac. Setup is relatively easy, and IKEv2 can reconnect quickly if your VPN connection gets dropped. This last feature is crucial, as the ease of switching and reconnecting to different networks is a big selling point with the new crop of LTE-enabled Always Connected PCs.

Because IKEv2 is based on the Mobility and Multihoming standard, it allows users to switch between Wi-Fi and LTE networks without dropping the VPN connection. However, since IKEv2 is a newer standard, it may not be supported by all VPN providers right now.

Setting up a virtual private network in Windows 10

Step 1: Navigate to the Windows 10 VPN configuration tool by typing VPN into the Windows search bar and select VPN Settings. Alternatively, you can also go to Windows’ Settings menu, click on Network & Internet, and choose VPN on the left column.

Step 2: Click on the + sign to add a VPN connection.

Step 3: A blue popup wizard should appear. Click on the drop-down for VPN provider and choose Windows (built-in).

In the Connection name field, you can name it anything you want. We chose to name this connection with a combination of our VPN provider’s name, the server location, and the server number. In this case, because we are using NordVPN’s service and connecting to a U.S. server with an ID of 2093 from NordVPN’s directory of servers, we opted for NordVPN USA 2093 as my connection name. Being descriptive will help you identify the server from a list in the future if you decide to add multiple server locations.

Each VPN provider publishes their directory of available connections, and you’ll want to consult with your provider on specifics about server addresses. In our case, we chose NordVPN’s U.S.-based server at us2093.nordvpn.com. That will be the address that will go into the Server name or address field.

For better connection speeds and reliability, you’ll want to opt for a server near you. However, if you’re looking to skirt geographic restrictions, you can also choose a server located in another country.

Under VPN Type, choose the connection type that you want to use to connect and authenticate with your VPN service. As outlined in the protocol guide section above, selected IKEv2.

For Type of sign-in info, we chose User name and password. There are different ways you can log in to a VPN and authenticate with the service, including using a smart card, a one-time password, or a certificate. You’ll want to refer to your VPN service for instructions on the best way to log in. Most services will accept a user name and password.

After you’re finished, click Save.

Step 4. Your newly created VPN name should appear in the list now. For most types of connections, you should be done and ready to connect, in which case you’ll want to jump ahead to Step 19 in this section of the guide. However, for an IKEv2 connection, you’ll want to continue to download a certificate and change some additional settings before you can connect.

Your VPN provider will give you instructions on where to download the certificate from its website. We navigated to NordVPN’s certificate download page for this example. After you’ve downloaded the certificate, click it to open it. A security warning will pop up, and you’ll want to click Open.

Step 5. In the first tab of the certificate labeled General, you’ll click Install Certificate located near the bottom.

Step 6. The certificate wizard will appear asking you where you want to install the certificate. Make sure the bubble next to Local machine is selected. Click Next and then click Yes in the following security pop-up.

Step 7. Choose the bubble for Place all certificates in the following store and then click Browse.

Step 8. A pop-up with a directory will appear. Choose Trusted Root Certificates Authorities and click OK.

Step 9. Click Next and then click Finish. Click OK and then click OK again to confirm that the certificate has been installed.

Step 10. Type Control Panel in the Windows season bar. Click on Control Panel to launch it.

Step 11. Click Network and Internet.

Step 12. Click Network and Sharing Center.

Step 13. On the left column, click Change adapter settings.

Step 14. You should see your VPN connection’s name (NordVPN USA 2093) here. Right-click on it and select Properties. Then click on the Security tab.

Step 15: Choose IKEv2 under the Type of VPN if it wasn’t already specified. Under Data encryption, make sure to select Require encryption (disconnect if server declines). Under Authentication, select Use Extensive Authentication Protocol (EAP) and select Microsoft: Secured password EAP-MSCHAPv2. Click OK when done.

Step 19: Now, you’re ready to connect. Click on the Wi-Fi symbol on the right-hand side of the Windows taskbar. At the top, you should see your VPN name. Click on it, and then select Connect. If you haven’t saved your username and password during configuration, you’ll have to enter your username and password to authenticate with the service. Once the service connects, you should be able to enjoy a more secure internet experience.

There is one limitation to note when you’re using a built-in VPN connection tool, like the one that ships with Windows 10. When you configure the service, you’re identifying a particular server for your PC connection. Depending on your needs, you may want to repeat the steps above to add multiple servers to the list.

If, for example, the current server gets too congested, you can disconnect and connect to a different server to see if speeds are faster. Some users will have country-specific servers to skirt geographical limitations for some streaming services and several local servers to quickly and securely browse the web.

Setting up a virtual private network on Windows 7 and 8.1

The Windows VPN configuration tool also works in older versions of Windows like 7 and 8.1, although the steps to use it are a little different.

Step 1: Launch Control Panel. You can navigate to Control Panel in any number of ways, but the easiest way is to type in Control Panel in the Windows search bar.

Step 2: Click on Network and Internet and then Network and Sharing Center.

Step 3: Under the Change your network settings header, click on Setup a new connection or network.

Step 4: A wizard will appear to guide you through the setup. Click on the last option to Connect to a workplace, which will allow you to enter the settings from your VPN provider in the following steps. Then, click Next to continue, followed by Use my internet connection (VPN) in the next prompt.

Step 5: In the Internet address field, you’ll want to consult with your VPN provider to get the server information. Generally, choose the server in your country or one that’s closest to you to get the fastest connection speeds. Alternatively, if you’re trying to mask your location when trying to access region-restricted content, like a foreign country’s Netflix catalog, you can also choose a server in the nation where you want to access or one optimized for streaming. Your VPN provider will have a list of available servers for you to select.

In this example, we’re going to choose a U.S. server from NordVPN, specifically the United States #2093 server. The internet address for this server is located at us2093.nordvpn.com, and that’s what we into the field.

In the Destination name field, you can name your VPN connection anything you want. This part of the process is where the limitation of setting up a VPN through the built-in Windows client comes into play. Whereas NordVPN’s app allows you to jump between servers, you’ll only be able to connect to a single server at a time with Windows.

It’s worth noting that the Destination name should be specific to avoid confusion in the future. We called this connection NordVPN USA 2093. If you want to connect to a NordVPN server in Australia or the U.K. in the future, for example, you’ll have to set up new VPN connections to servers in those countries. Giving the VPN connection a specific name will minimize confusion down the road when choosing which server to connect.

You’ll want to make sure that the box for Remember my credentials is checked if you don’t want to enter your login information every time you connect to the VPN. And depending on how you use and share your computer, you can also check the box Allow other people to use this connection. Click on the Create button when you’re done.

Step 6: With an IKEv2 connection, you’ll need to install a certificate. If this is supported, your VPN provider will tell you where to go to download and install the certificate. For NordVPN, you’ll want to download the file from its site. Save the certificate and then open it after the download is complete. A security warning will popup. Click Open.

Step 7: In the first tab of the certificate labeled General, click Install Certificate located near the bottom.

Step 8: The certificate wizard will appear asking you where you want to install the certificate. Make sure the bubble next to Local machine is selected. Click Next and then click Yes in the following security popup.

Step 9: In this step, you’ll want to choose the location where you want your certificate placed. Select the bubble for Place all certificates in the following store and then click Browse.

Step 10: A pop-up with a directory will appear. Choose Trusted Root Certificates Authorities and click OK.

Step 11: Click Next and then click Finish. Click OK and then again to confirm that the certificate has been installed.

Step 12:Go back to the Network and sharing center again. Click on Change adapter settings on the left-hand column.

Step 13: Right-click on the VPN that you’ve just created and select Properties, then click on the Security tab.

Step 14: Choose IKEv2 under the Type of VPN. Under Data encryption, make sure to select Require encryption (disconnect if server declines). Under Authentication, select Use Extensive Authentication Protocol (EAP) and select Microsoft: Secured password EAP-MSCHAPv2. Click OK when done.

Step 15: Click on the Wi-Fi or wired network symbol on the right-hand side of the Windows taskbar. At the top, you should see your VPN name. Click on it, and then select Connect. You’ll be asked for your username and password, and then you’re on your way to a more secure internet experience.

How to set up a virtual private network on a Mac

Setting up a VPN connection on MacOS is very similar to the process on Windows. You’ll want to have your username, password, server address, and certificates ready if you’re using an IKEv2 to login.

Step 1: You’ll want to download your VPN certificate. Please refer to Step 8 in the Windows section for downloading the certificate and defer to your VPN provider for the specific URL where you can navigate to download your certificate. Once the certificate is downloaded, it will be placed in your Downloads folder on your Mac. Click it to open it.

Step 2: MacOS will then display a new window, asking if you want to Add Certificates. You’ll want to click Add at the bottom right to add the certificate to the login keychain.

Step 3: In the Keychain Access window, you’ll want to go to log in under the Keychains menu on the left-hand side. Your VPN certificate — we’re using NordVPN in this step — will appear. Right-click on the certificate and select Get Info.

Step 4: In this step, you’ll want to choose Always Trust in the dropdown next to When using this certificate. Once you approve the new changes, MacOS will ask you to enter your password to save.

Step 5: You’ll want to go to System Preferences by typing it into the Spotlight search. In System Preferences, select the Network icon.

Step 6: Click on the + (plus) sign at the bottom left to add a new connection. You’ll want to choose VPN for the interface and select IKEv2 for the type. The service name can be anything you want.

Still, you should name it with a combination of your VPN provider’s name, server number, and location to be able to identify the connection quickly. You can refer to Step 7 in the Windows guide for more details. For this step, we chose NordVPN USA 2093 because we connected to NordVPN’s 2093 server, which is located in the U.S.. Click Create after you’re done.

Step 7: You’ll be able to enter the Server Address and Remote ID. You can refer to your VPN provider’s guide for details — NordVPN publishes a list of its servers. For this step, enter us2093.nordvpn.com into both the Server Address and Remote ID fields. Leave Local ID blank.

Step 8: Next, you need to set up your authentication. To do this, navigate to the Authentication Settings. Enter the username and password for the connection on the next screen and click OK.

Check the Show VPN Status in the Menu Bar box, then click Apply. Confirm your choice by clicking OK again on the following screen. This step will enable an icon in the menu bar that looks like a luggage tag and allows for easier access.

Step 9: When you see the luggage tag icon, it’s safe to say that you have successfully achieved your new VPN connection. You can click on the icon in your menu bar, which will prompt you to click on the option “Connect VPN.” This will consequently link you to the virtual private network you have just created. You can now be more confident in your security as all internet activities will pass through your newly established VPN.

Editors' Recommendations