IKEv2 is one of the most popular VPN protocols due to its stability, speed, and security. Expanding upon the strengths of its predecessor (IKEv1), IKEv2 is nowadays a strong and reliable choice when it comes to encrypting data.
As you probably know already, it is fundamentally important to secure your data when connected to the Internet, and it is equally important to use the right tools. When it comes to VPN, the communication protocol is the foundation stone of online security. If the VPN protocol implements strong encryption algorithms and high-level security policies, you may use it with confidence. IKEv2 is, from the public knowledge available at this time, a VPN protocol that you may trust.
This article explains what IKEv2 is, how this VPN protocol works, how to set IKEv2 up on your devices, and how it compares with other VPN protocols. We will also look at some of the advantages and disadvantages of the IKEv2 protocol.
What is IKEv2? The Transylvanian story.
Bats know, probably better than humans, that they need to exercise regularly to be in shape. Unfortunately, the bats from Castlevania know this all too well as they have to face (more precisely, have to run fast from) the Megabats, their unfriendly neighbors.
One early morning TomBat and AnonymousBat, the two bat friends, took their bikes and headed towards the woods surrounding Vlad’s castle. As you can imagine, cycling is not a popular sport among bats, but TomBat and AnonymousBat have joined Vlad in his cycling rounds, and they started to like pedaling.
After an hour of intensive and joyful pedaling in the middle of the forest, TomBat had to stop. Something was wrong. Indeed, it was: his bike had a flat tire. TomBat had a moment of panic when he remembered that he had forgotten his repairing kit at home. The situation didn’t look joyful anymore. The perspective of getting back on foot (so to speak) was not pleasant.
Fortunately, TomBat was not alone and AnonymousBat had his own repairing kit. In ten minutes they were back on the road.
Not long after, it was TomBat’s turn to return the favor to AnonymousBat. When they felt a little bit exhausted, TomBat pulled out a chocolate bar from his backpack. It was the best chocolate you may find in Castlevania, made by TomBat girlfriend, PonyBat. With renewed forces, they were able to get back safely and happy.
The moral of the story: don’t go into the woods alone; a friend may help when you need it, and, together, you are both safer.
IKEv2 and IPSec are two good friends that help each other and work together to make VPN communication great. So let’s find out more about the IKEv2/IPSec VPN protocol.
What is IKEv2, and how does IKEv2 work?
IKEv2 (Internet Key Exchange version 2), the successor of IKEv1, is a VPN protocol developed by Microsoft and Cisco that uses the authentication suite IPSec to secure communication between a VPN client and a VPN server. Sometimes it is called IKEv2/IPSec.
IKEv2/IPSec generates encryption keys, providing high-level data security. For those interested in more technical details, IKEv2/IPSec uses the AES-256-GCM cipher for encryption. Additionally, it has several important advantages over other VPN protocols (explained in detail below).
The IKEv2/IPSec protocol uses the Diffie-Hellman key exchange algorithm to secure the communication tunnel. IKEv2 establishes a security association (SA) to check that the VPN client (your device) and the VPN server use the same encryption keys and algorithms. Once the security association is validated, IPSec creates the tunnel and initiates the secure communication.
Other important IKEv2 technical details:
- The IKEv2 uses UDP packets and port 500.
- It supports Perfect Forward Secrecy (PFS).
- IKE builds upon the Oakley Key Determination Protocol and ISAKMP for defining data exchange methods.
- IKE uses X.509 certificates for the authentication process.
- Open-source implementation exists, such as strongSwan, OpenIKEv2, and Openswan.
Why IKEv2 & IPSec?
IKEv2 and IPSec are different technologies that work great when combined.
IPSec (Internet Protocol Security) is a network protocol suite that provides secure tunneling between devices over an Internet Protocol network. It is used for encrypting data in virtual private networks (VPNs).
IPSec can use various mechanisms for authentication and key exchange to create security associations. One of these mechanisms is the Internet Key Exchange (IKE and IKEv2).
As IPSec is secure and reliable. IKEv2 is fast, stable, and provides rapid re-connection in case of dropouts. IKEv2/IPSec expose the best of both into a great VPN protocol.
IKEv1 vs. IKEv2 – The main differences
IKEv2 is the upgraded version of IKEv1 and this translates into faster, safer, and more efficient communication:
- IKEv2 consumes less bandwidth than IKEv1.
- IKEv2 has built-in NAT traversal (IKEv1 doesn’t).
- IKEv2 supports MOBIKE (Mobility and Multi-homing Protocol) make it more stable.
- IKEv2 supports EAP (Extensible Authentication Protocol) authentication, for safer communication.
- IKEv2 can detect whether a tunnel is still alive and it has the Keep Alive option enabled by default.
- As IKEv2 uses a lower number of Security Associations (SA) required per tunnel, it reduces the required bandwidth.
- IKEv2 supports Asymmetric authentication.
Thus, you should choose IKEv2 over IKEv1 any time you can.
The IKEv2 was adopted and can be set up on all major operating systems (including Windows, macOS, iOS, Android, Linux) and various devices (routers, SmartTVs).
Due to its security features and stability, many VPN providers (e.g., NordVPN) use IKEv2 as the default protocol in their apps.
Advantages and disadvantages of IKEv2
Before setting up an IKEv2 VPN connection, you should take a minute and read about this VPN protocol’s pros and cons.
Advantages of using IKEv2
IKEv2 has some important benefits:
- It is secure as it supports multiple high-end ciphers for maximum protection.
- It is fast, despite implementing strong encryption.
- It is stable, as it allows users to switch between connections without dropping the protection. The efficient auto-reconnect feature is one of the most important features of IKEv2.
- It is supported on a wide variety of devices.
Disadvantages of using IKEv2
There is not much negative to say about IKEv2. One common complaint is that IKEv2 traffic can be easily blocked by firewalls, as it runs only on port 500 on UDP.
How to set up IKEv2 on your devices
Several options are available when it comes to setting IKEv2 on your device. The simplest is to install a VPN app that support the IKEv2 protocol, but, if you need to connect to your own VPN server, then you should go for the manual setup.
Additionally, you may set up IKEv2 on a router (some routers offer access to the IKEv2 protocol) and connect the devices you need to get the traffic encrypted directly to the router.
Manual IKEv2 setup
IKEv2 is one of the standard VPN protocols that can be set up on most operating systems from the VPN built-in modules. More precisely, you may set up IKEv2 (as well as L2TP or IPSec) without installing any additional app.
Firstly, you need to know the IKEv2 server name or IP address and the username/password for authentication (you may also use a certificate or use no authentication). You may obtain this info either from a VPN service provider or from the VPN network administrator. The third option is to have your own VPN server to connect to.
The manual IKEv2 setup consists of creating a VPN connection on your operating system of choice and filling in the connection settings. For example, on macOS you should perform the following steps:
- Open System Preferences and click on the Network.
- Click on the “+” button from the left side of the window to Create a new service.
- For the Interface, select VPN.
- Further, choose IKEv2 as the VPN Type.
- Enter the connection name and click on the Create button.
- Start the VPN configuration: enter the VPN server address (name or IP) to both the Server Address textbox and to the Remote ID field. You may let the Local ID textbox empty.
- Next, click the Authentication Settings … button.
- You may choose the authentication method (Username, Certificate, or None). For Username fill in the username and password. For the Certificate choose a machine authentication certificate that is already installed on your machine.
- Finally, click the Apply button and then Connect.
Use VPN client apps
As IKEv2 is a fast and secure protocol, many VPN providers use it in their own apps, besides OpenVPN (TCP or UDP), WireGuard, or L2TP. Some even recommend IKEv2 as the default, automatic protocol, as is the case with Surfshark. Another great VPN service that we recommend and that uses IKEv2 in its apps is NordVPN.
IKEv2 on routers
Unfortunately, IKEv2 is not largely supported by routers, unlike PPTP or L2TP. However, support for IKEv2 Wi-Fi routers is expanding as some VPN providers invest in such solutions. A great example is ExpressVPN and the routers they offer.
Do you need more info on how to use a VPN on a router? Take a look at our comprehensive article!
IKEv2 alternative protocols
IKEv2 is one of the strongest VPN protocols that you may use to encrypt your online communication. However, you should know what are the differences between IKEv2 and other VPN protocols.
OpenVPN is probably the most popular VPN protocol due to its over features and performance. It offers excellent encryption options, great speed, and it can be easily integrated into third-party security solutions. Plus, it is open-source, unlike IKEv2.
IKEv2 offers a similar level of protection and encryption, but it surpasses OpenVPN on the followings:
- High-speed throughput.
IKEv2 is usually faster than OpenVPN, but it is a little bit behind in terms of compatibility.
Overall, you may use both IKEv2 and OpenVPN with confidence.
WireGuard is a new and elegant protocol that seems to be the future of VPN. It is open-source, secure, and easy to use.
Both protocols (IKEv2 and Wireguard) are safe and really fast, but if you want a more modern approach, you should go with Wireguard.
L2TP/IPSec (Layer 2 Tunneling Protocol)
As L2TP/IPSec offers acceptable speed and great encryption, it may be a good option for encrypting your VPN channels. L2TP is paired with IPSec in the same manner IKEv2 and IPSec work together. However, there are signs that L2TP/IPSec is no longer secure, as Snowden has claimed that the NSA has hacked it.
IKEv2/IPSec is faster than L2TP/IPSec since L2TP/IPSec is more resource-intensive due to its double encapsulation feature and takes longer to negotiate a VPN tunnel.
Another aspect in favor of IKEv2 is stability. Switching from one network to another is a smooth process with IKEv2, while L2TP may let you disconnected.
It is difficult to compare IKEv2 and Softether, as the latter is more than a VPN protocol. However, if we refer only to the protocol itself, Softether and IKEv2 are both secure.
Softether has some important advantages as it is open-source and it runs on port 443 (HTTPS), and, consequently, it is more difficult to be blocked.
SSTP (Secure Socket Tunneling Protocol)
SSTP is a secure VPN protocol mostly available on Windows devices. It uses SSL 3.0, and it is quite speedy.
SSTP and IKEv2 offer a similar level of encryption, but SSTP is more firewall resistant as it uses port 443. SSTP is only built-in on Windows operating system, unlike IKEv2 that is available on multiple platforms and devices (iOS, Android, macOS, Linux, etc.).
PPTP is an outdated protocol and you should not use it unless you have no other choice available. It has multiple security-related issues. However, it is really fast. But, you should always go for IKEv2 if you have to choose between these two.
What is IKEv2? Summary.
The IKEv2 VPN is a strong, secure, stable, and fast VPN protocol. IKEv2 has no significant downsides, and you may use it confidently anytime you need to encrypt your online communication.
As explained, IKEv2 is easy to set up, and it is available on VPN apps offered by most VPN providers. And, it is very suitable for usage on mobile devices due to its stability when switching networks.
Do you want to learn more about the IKEv2 Protocol and other VPN-related issues? Subscribe to our newsletter (below). You will make a Transylvanian baby-bat very happy. 😃