In the VPN world, IKEv2 is shorthand for IKEv2/IPsec, one of the most popular VPN protocols around. IKEv2 in itself is a key management protocol (generation, exchange, and use of keys that help your device and a VPN server recognize each other) that is used together with IPsec. IPSec is the protocol that provides security when tunneling and transporting data. Put the two together, and you have one of the best VPN protocols up to date.
Have you ever been confused by the terms used to describe VPNs? Perhaps you’ve heard the term IKEv2 (Internet Key Exchange version 2) – but nobody ever explained to you what it is? In that specific case, you’re in luck – this article is meant to introduce you to IKEv2 and what it means for you as a VPN user.
What is IKEv2?
IKEv2 (or IKEv2/IPsec) handles the security association (the negotiations of what kind of security will be used) between your device and the VPN server, and IPsec carries all the data transmission.
IKE builds upon the Oakley Key Determination Protocol and ISAKMP, both of which define widely accepted methods for two devices to exchange data needed to create security keys (for encrypting data) via an unsecured connection.
IKEv2 then uses X.509 certificates (a standard of identifying that a public key belongs to you) for the devices to introduce themselves. Then they create a “shared secret” via a Diffie–Hellman key exchange algorithm, which is best explained here.
All of this means that IKEv2 works on publicly tested and widely accepted standards of cryptographic security.
Why are IKEv2 and IPsec always together?
IKEv2 was joined to IPSec by a joint effort between Microsoft and Cisco. The merging of IKEv2 and IPsec is one of the secrets of its speed.
IKEv2 runs in the user space, which grants it access to data storage. It allows it to easily retrieve any configuration data required for a security association.
On the other hand, IPsec runs in the kernel, the deep layer of the computer systems that controls everything. It allows it to process data at much greater speeds.
Working together, IKEv2 uses a few data packets to establish a security association with the server. It then takes all the data – the IP addresses, the security measures used, the ports utilized in the connection – and gives it to IPsec, which then uses the security associations to encrypt the traffic.
What does IPsec do exactly? I’m glad you asked – we have a great article explaining the basics of IPsec VPNs. It also goes on to explain why it’s usually referred to as IKEv2 rather than the full name IKEv2/IPsec (in short, it’s because IKEv2 was implemented in 2005 – a much newer development than IKEv1 and IPsec of 1995).
What’s the difference between IKEv1 and IKEv2?
Now, you might be wondering what’s so special about the different versions. Well, there are quite a few differences between IKEv1 and IKEv2, the specifics of which mostly matter to people running VPNs. To boil it down, here are the four most important things:
- IKEv2 runs faster and more efficiently due to the pruning and optimization of some of the processes.
- IKEv2 consumes less bandwidth.
- IKEv2 has built-in NAT (Network address translation) traversal.
- IKEv2 supports EAP (Extensible Authentication Protocol), making it safer.
Does IKEv2 have security issues?
The short answer is no.
A VPN protocol’s security comes down to implementation and issues inherent to the protocol itself. That being said, IKEv2 has no known vulnerabilities on its own.
So, if your VPN provider configures IKEv2 properly, it will not have security issues.
How does IKEv2 compare to other protocols?
Naturally, there are other protocols besides IKEv2, and people always want to know how they compare with one another.
There’s a lot of misinformation regarding VPN protocols on the internet – mainly that the protocols themselves can be compared. Here’s what really sums up the VPN protocol speed and security:
- A protocol with no known vulnerabilities is considered secure.
- Your VPN connection speed mostly depends on:
- Your internet service quality.
- The quality of your device.
- VPN server throughput and load.
- Your proximity to the VPN server.
At the end of the day, how any VPN protocol performs depends on how your device interacts with the VPN server configuration. So, use a provider you trust and a VPN protocol that works best for you!
“WireGuard” is a registered trademark of Jason A. Donenfeld
Should you use IKEv2?
IKEv2 is a widely trusted and accepted VPN protocol. Working tandem with IPsec provides access to quality VPN connections on many platforms. Even better: its connectivity makes it the most attractive to mobile users, who should always be mindful of their resources. That’s why it’s one of the protocol choices available to Surfshark VPN users – why not become one yourself and check it out?