card

Support for IKEv2 in macOS is being discontinued.

17.04.2026
16

IKEv2 (Internet Key Exchange version 2) is a protocol used to establish secure VPN connections.

Simply put, it helps your device securely “negotiate” with the server on how to encrypt data.
As of today, IKEv2 hasn’t completely disappeared from macOS, but the trend is definitely negative - and for VPNs, this is already a problem.

What exactly is happening with IKEv2 on macOS:

  • Apple has not announced a complete removal. It is still built into macOS and supported, but Apple is phasing out older algorithms (SHA-1, 3DES, etc.) and breaking outdated VPN Tracker configurations. As a result, older IKEv2-based VPNs no longer work without an update.
  • Issues in new versions of macOS. Recent releases have seen connection failures and instability in IKEv2 profiles. Apple is tightening its cryptography requirements for macOS, making IKEv2 an increasingly unreliable choice.
  • VPN providers are abandoning IKEv2 en masse due to vulnerabilities in Apple’s implementation, blocking, reduced speeds, and DPI bypass issues compared to newer protocols.

For example: Hide Expert VPN has already announced the deactivation of IKEv2 starting in April 2026, with a complete phase-out by 2027.

The main problem with IKEv2 today is that it is easily detected and blocked (which is important for Russia, China, and other countries).
Proton VPN performs poorly when passing through NAT/filters and lags behind in terms of speed and stability. By 2026, it will be an “outdated standard” rather than the best choice.

Currently, the following are recommended instead of IKEv2:

  • WireGuard - faster, more stable, and better at bypassing blocks. It is now effectively the standard.
  • OpenVPN - a reliable fallback, works better in restricted networks.
  • “Stealth” / obfuscation (if censorship is an issue) - masks VPN traffic, important in countries with DPI

In summary, we can see that IKEv2 has not yet been completely disabled in macOS, but Apple is “slowly moving away” from it, providers are phasing it out, and stability is declining.

Hence, the conclusion is that IKEv2 should no longer be used for new VPN infrastructure, and for older VPN infrastructure, preparations should be made for migration (primarily to WireGuard).