Please make sure the following requirements are met:
When using a native VPN protocol please make sure that your VPN protocol software supports the Internet protocol IPv6 along with IPv4 or run an IPv4 Internet connection only. Many Internet Service Providers connect with the IPv6 protocol or offer both protocols, IPv4 and IPv6, at the same time and as long as a native VPN protocol doesn't support IPv6 you risk data leaks, since an IPv6 connection can bypass the tunneled IPv4 connection. Users of native VPN protocols need to deactivate the IPv6 Internet protocol manually. This can be done either directly in your DSL router or in the Mac OS network settings.
Visit your CyberGhost VPN online account.
Click on the menu entry 'My Devices' and then on button 'Add Device'.
In the list of Operating Systems you can CyberGhost use with, please click on 'Other' to be able to setup all necessary options for the L2TP protocol. When done the screen extends and gives way to 'Create new credentials'. Do it by clicking on the respective button.
Scroll up the page. As you see, the placeholder for a new device is now replaced by 'Linux, Router, etc.'. Click on that button:
Type a name for your new device and activate the wanted extra features, provided with each regular subscription. These features can be (de)activated later on as well.
Scroll down and generate the login and configuration data for the L2TP protocol. FYI: The Layer 2 Tunneling Protocol (L2TP) allows operations of multiple tunnels and can be considered as very safe. For authentication it uses PAP/CHAP, but it lacks its own encryption, which is why CyberGhost uses L2TP in connection with the encryption technology IPSec as 'L2TP/IPSec'
- Protocol: Choose the L2TP protocol.
- Country: Since native protocol connections may only be used with exactly one server you now have to choose the country you want to surf from; the server to be used in this country will be chosen by CyberGhost automatically.
- Server group: Depending on the chosen country as well as the availability of different server types as an attribute of your current plan you can also define a server group to use:
Standard and Premium Server: This is the group of all paid service servers of the country chosen. Subscribers of a Special Edition with limited access can't use regular Premium servers.
NoSpy Server: This is the group of all exclusive NoSpy servers of the country chosen. These servers can only be accessed by those subscribers, who opt for them as an additional feature.
After setting up your connection wishes please note down the following data sets. You will need them to configure your device:
- Server: This is the server address of the country you want to surf from, e.g. '1-ro.cg-dialup.net'. The address includes encrypted information about your plan, the server group chosen and the domain name; the protocol to be used will be detected automatically when connecting to CyberGhost. If you want to connect to different locations, you need to adjust the target destination according to a different country and note down that 2nd, 3rd, 4th ... address as well.
- User name: A solely for protocol usage generated user name. This is NOT your regular CyberGhost account user name.
- Password: A solely for protocol usage generated password. This is NOT your regular CyberGhost account password.
- Pre shared secret: For L2TP connections you also need this additional password.
You start your Mac OS X L2TP/IPSec configuration by first moving to 'System Preferences' and then 'Network'.
In the next window click on the '+' sign in the lower left corner.
Now, select 'VPN'.
In the list of 'Interfaces', choose the wanted VPN protocol (L2TP) as the 'VPN Type' and type in a name for your connection in the 'Service Name' field, e.g. 'VPN (L2TP)'. You might also want to choose a description, which reflects the country of the server you want to surf from and maybe even the server group in use (e.g. ‘CyberGhost L2TP US Standard’).
Lastly, click on 'Create'.
Now mark the new entry in your list of networks on the left side, enter the server address (e.g. '1-ro.cg-dialup.net') and your user name, which is the user name created in step 1.
Click on 'Authentication Settings'.
Activate the option 'Password' (if not already highlighted) and enter the password that has been generated for you in your online account.
DO NOT use your regular account password.
Furthermore you need to type in a 'Shared Secret' which is the ‘Secret Key/PSK' you also noted before ('CyberGhost', in case you forgot).
Click on 'OK' to validate your settings.
Now open the 'Advanced' section on the lower right side of the settings window.
On the 'Options' tab, make sure that all three options under 'Session' are activated. The first ones already are, the third one, 'Send all traffic over VPN', needs to be checked by you. Click on 'OK' to leave the dialog.
Again back in the settings window, check the 'Show VPN status in the menu bar' and click on 'Apply'.
When done you now should see your new VPN connection in the menu bar of your MAC.
To connect to CyberGhost either click on 'Connect' in the 'Network' window ...
... or use the respective entry in the menu bar:
Certain routers need you to activate the L2TP/IPSec protocol. How you can accomplish that task should be documented in your router's manual.