Sweepfor Mac
Free Download

Speed up your Mac

Mac Slow When the VPN Is On? Here's Why

Mac sluggish whenever your VPN is connected? Here's what VPNs actually do to performance on macOS and how to keep your Mac fast with VPN on.

7 min read

You connect to your work VPN. Within seconds, the whole Mac feels heavier. Web pages take longer to load. Slack notifications come through with a delay. Even local apps feel sluggish — apps that have nothing to do with the network. Disconnect the VPN and everything snaps back.

VPN-induced slowness on a Mac is a tangled topic. Some of it is unavoidable physics. Some of it is the VPN client itself misbehaving. And a surprising amount of it is about how the VPN interacts with macOS’s other networking, which has gotten complex.

What a VPN actually does to your Mac

When you connect, three things happen:

  1. A virtual network interface is created (utun0, utun1, etc.)
  2. Your Mac’s routing table is rewritten so traffic flows through the VPN
  3. DNS may or may not be redirected through the VPN’s servers

Then for every packet:

  1. App sends data
  2. macOS routes it through the VPN interface
  3. VPN client encrypts it
  4. Encrypted packet goes through your real network adapter
  5. Returns trip in reverse

The encryption step costs CPU. The routing detour adds latency. And if the VPN interferes with DNS, every name lookup gets slower. All of this is normal. But how much it slows you down varies massively depending on the VPN, the protocol, and what else is running.

There’s a faster waySweep diagnoses what’s eating your performance and clears it in seconds. Try Sweep free →

First test: is it the network or the Mac?

Connect VPN. Run a speed test (fast.com or speedtest.net). Disconnect. Run again.

  • Speed drops 10-30% on VPN — normal, this is the encryption + detour cost
  • Speed drops 50%+ on VPN — VPN server is overloaded, or wrong protocol
  • Speed is fine but Mac feels slow generally — VPN client is using too much CPU

This tells you whether to look at the network or the Mac itself.

Fix 1: Check the VPN protocol

Modern VPN protocols, fastest to slowest:

  • WireGuard — very fast, low CPU
  • IKEv2 — fast, hardware-accelerated on Mac
  • OpenVPN UDP — solid but heavier
  • OpenVPN TCP — much heavier and slower
  • L2TP/IPSec — old, slow, often buggy on Mac
  • SSL VPN (anything browser-based) — slowest

If your VPN client lets you choose, switch to WireGuard or IKEv2 if available. The CPU savings can be 4-5x compared to OpenVPN TCP, which translates directly into less Mac slowdown.

Fix 2: Check what the VPN client is actually doing

Open Activity Monitor. CPU tab. Look for the VPN process. Common ones:

  • NetExtender, Sonicwall — old VPN clients, often heavy
  • Cisco AnyConnect / Secure Client — corporate, surprisingly heavy on Apple Silicon
  • Tunnelblick — open-source OpenVPN front-end, depends on protocol
  • NordVPN, ExpressVPN, etc. — generally light, but their kill switch features can spike CPU
  • Mullvad, ProtonVPN — among the lightest

If your VPN process is using sustained 30%+ CPU, that’s the slowdown. Some clients have known performance bugs that get fixed in updates — make sure yours is current.

Fix 3: Disable the kill switch if you don’t need it

VPN kill switches monitor your network state and immediately cut all traffic if the VPN drops. Useful for privacy. Costly for performance, because the kill switch is constantly checking.

If you’re using the VPN for work (not privacy), the kill switch is probably overkill. Most VPN clients let you toggle it off in settings.

For privacy-focused use cases, keep it on — the trade-off is worth it.

Fix 4: Watch out for split tunneling

Split tunneling routes some traffic through the VPN and some directly to the internet. Configured well, it dramatically improves performance. Configured poorly, it creates routing chaos.

Common bad configs:

  • All web traffic through VPN, but DNS direct (causes lookup failures and retries)
  • Some apps through VPN, others not, with inconsistent rules
  • VPN tries to route traffic that’s already local (your printer, your NAS)

Look in your VPN client’s settings for split tunneling. If it’s available and you trust your VPN provider, configure it so that only what needs to go through the VPN does. Streaming, gaming, large downloads can all skip the VPN with no security loss in most setups.

Tip: Corporate VPN policies often forbid split tunneling for security reasons. Check with IT before changing it on a work Mac.

Fix 5: Check DNS

A surprising amount of “VPN feels slow” is actually DNS. The VPN may be routing your DNS queries to a slow server.

Open Terminal. Run:

dig apple.com

Look at the “Query time” near the bottom. Healthy is under 50 ms. Over 200 ms means slow DNS.

Then disconnect the VPN and run again. If DNS is much faster off VPN, the VPN’s DNS is the issue.

Fixes:

  • Some VPN clients let you set custom DNS (1.1.1.1, 8.8.8.8) — try those
  • Some let you bypass VPN DNS entirely
  • Some don’t, and you’re stuck with what they provide

Fix 6: Restart the VPN connection

VPN connections accumulate state. After a Mac sleeps and wakes a few times, the VPN tunnel can be in a degraded state where it works but slowly. The fix is just disconnecting and reconnecting.

This is dumb but it’s true. Reconnect once a day if you keep your Mac up for long sessions.

Free up RAM in one clickSweep frees inactive memory and pauses the processes hogging your CPU. Get Sweep free →

Fix 7: Check for IPv6 issues

Some VPN clients don’t handle IPv6 properly. They route IPv4 through the VPN but leave IPv6 going direct, or vice versa. The result is half your traffic goes one way and half the other, and apps wait on slow paths.

Quick diagnostic:

  1. System Settings → Network → click Wi-Fi or Ethernet → Details → TCP/IP
  2. Note your IPv6 setting

If your VPN doesn’t claim IPv6 support and your Mac has IPv6 enabled, set IPv6 to “Link-local only” while VPN is connected. This forces all traffic to IPv4 and the VPN handles all of it.

Fix 8: Look at the VPN log

Most VPN clients have a log viewer. Look for:

  • Repeated reconnection attempts
  • DNS failures
  • Routing table conflicts
  • High latency warnings

A VPN that’s silently flapping (connecting, disconnecting, reconnecting) feels much slower than one with a stable tunnel. The log tells you if that’s happening.

Fix 9: Server choice matters more than people think

A VPN server in your city is usually faster than one across the country. Most VPN clients show server load — pick a low-load server geographically close to you. The difference can be 3-5x in speed.

For corporate VPNs, you usually don’t get a choice. For personal VPNs (Mullvad, ProtonVPN, NordVPN), this is worth fiddling with.

Fix 10: Make sure your Mac isn’t already overloaded

If your Mac was already running hot before connecting the VPN, the VPN’s CPU overhead pushes it over the edge into thermal throttling. Symptoms:

  • Fans spool up the moment VPN connects
  • Mac feels sluggish system-wide, not just for network operations
  • Battery drains noticeably faster

The fix isn’t VPN-specific — it’s general Mac cleanup. Quit unused apps, close Chrome tabs, free inactive RAM, clear cache buildup. A Mac that has headroom handles a VPN’s overhead without flinching.

The wider Mac state matters

VPNs amplify whatever’s wrong with the rest of your Mac. A clean Mac with the same VPN feels noticeably faster than a cluttered one. The biggest cleanup wins relevant to VPN performance:

  • Free RAM (so the VPN client and its encryption have headroom)
  • Clean caches (browser caches especially — they get hit harder over a VPN)
  • No leftover network configurations from old VPNs you uninstalled
  • Removal of orphaned LaunchAgents and login items

VPN clients are notorious for leaving behind launch agents, kernel extensions, and config files when uninstalled. macOS doesn’t clean any of it up. If you’ve installed and uninstalled three VPN clients over the years, leftover bits are probably still there in ~/Library/LaunchAgents/, /Library/LaunchDaemons/, and /etc/.

Sweep’s app uninstaller catches these — it removes apps plus all the leftover preferences, caches, support files, and launch items that ordinary drag-to-trash leaves behind. Combined with its general cleanup scan, it’s the fastest way to make sure old VPN cruft isn’t slowing your current setup. Notarized by Apple, free download.

Don’t restart — cleanSweep clears the buildup that’s actually slowing your Mac. No reboot needed. Free for macOS →

When the VPN is just bad

Some VPN clients are genuinely poorly written for Mac. If you’ve tried everything and the VPN still tanks performance, the answer might be:

  • Switch VPN providers (for personal use)
  • Push back on IT to support a modern protocol like WireGuard (for work)
  • Use a different VPN client with the same provider (some support both proprietary and open-source clients)

If your work mandates Cisco AnyConnect on a 2018 Intel MacBook Air, you have my sympathy. Some combinations are just painful.

A note on macOS network extensions

In Sonoma 14 and Sequoia 15, VPN clients use macOS Network Extensions, which run as separate sandboxed processes. This is more secure but does add some overhead. It’s the price of the modern security model — you can’t disable it, and you wouldn’t want to.

The takeaway: a VPN on Sonoma/Sequoia inherently has more overhead than a VPN on older macOS. That’s by design.

← Back to all guides