Although IKEv2 has been around for over a decade, unlike other VPN protocols, it is not yet supported by many devices. Let’s discuss both the advantages and disadvantages of IKEv2, and find out if this is the best VPN protocol for you.
IKEv2 is primarily a tunneling protocol. It only becomes a VPN protocol when used with an authentication standard—at this time, it’s IPSec. IKEv2 stands for Internet Key Exchange version 2; it came out in 2005 while the first version was released in 1988. Note though that IKEv2 is not really an upgrade, and it is not backward compatible with IKEv1.
— James van den Berg ☁ 🚀 (@JamesvandenBerg) July 12, 2017
Among the features of IKEv2 are built-in DoS protection, NAT-T, and EAP authentication. All these make IKEv2 a highly secure and reliable VPN protocol. Jointly developed by Microsoft and Cisco, IKEv2 is the protocol used to set up SAs (security associations) in the IPSec suite.
Pros and cons of IKEv2
The most attractive feature of IKEv2 is its ability to reconnect your VPN automatically after being disconnected from the Internet. This is a valuable feature since every VPN user’s worst nightmare is IP leaking. Who can forget the hacker who forgot to turn on his VPN and revealed their IP address while on Twitter? The mistake only happened once, but it led to an indictment for hacking and interfering with the US election.
— KFire TV News (@kodionfiretv) April 15, 2018
You may have your eyebrows raised right now, we know. For crying out loud, what kind of person forgets to turn on their VPN? Well, if this happened to a seasoned hacker, this could happen to anyone. That is why IKEv2 is very popular right now―it can prevent mistakes like this for your completely legitimate needs.
IKEv2 makes use of multihoming technology, making it possible for users to switch networks without ever dropping their VPN connection. This is great when you are on the go, and you are constantly switching between your mobile data and a wireless network.
Moreover, IKEv2 is considered one of the fastest VPN protocols, mainly because it has a networking technique called NAT-T (Network Address Translation-Transversal). With NAT-T, IKEv2 can connect faster to a network that has a firewall.
Lastly, IKEv2’s security is unquestionable since it refuses to perform any further actions until the identity of the requester is verified. This is done with the use of server certificate authentication. DoS (denial of service) and MITM (man-in-the-middle) attacks are therefore prevented with IKEv2.
While IKEv2 is secure, reliable, and fast, it is not widely supported by VPN providers because of two major disadvantages:
- Trust issues: There are allegations that the NSA has been trying to weaken IPSec among other encryption systems. Since IKEv2 is commonly paired with IPSec to work as a VPN protocol, IKEv2 may weaken if the NSA succeeds in this regard. The companies behind IKEv2―Microsoft and Cisco―may also have corporate interests in building vulnerabilities around this protocol, especially upon the government’s request. It’s not even new at all…
— Trevor Timm (@trevortimm) July 11, 2013
- Narrow support: Most VPN providers are hesitant in including IKEv2 mainly due to its limitation in terms of supported devices. It works great on Blackberry and iOS phones since these systems have IKEv2 native support. Windows 7, Windows Server 2008, Cisco routers, and macOS devices also natively support IKEv2, but other devices have not followed suit.
However, since this technology is becoming popular, the demand for it will definitely increase. Hopefully, this will prompt developers to make IKEv2 natively available for commonly used devices such as Android and other routers.
Like any development in technology, IKEv2 has its own set of disadvantages (aside from the advantages) which help determine if it is the right VPN protocol for you.
IKEv2 VPN providers
We went back to our list of top VPN providers and found out that most of them already support the IKEv2 VPN protocol. This doesn’t surprise us at all. The providers on our list are premium VPN providers who are always on top of the game in terms of features and technology standards. Here are five of them.
The team behind IPVanish has over 20 years of experience in VPN technology. This provider is number one on our list because it has the most stable connection. Its anti-logging policy is real. It offers unlimited server switching, bandwidth, and P2P support.
StrongVPN was one of the first players in the VPN industry, and its long experience is evident in the quality of its VPN service. The provider’s virtual private network is large, with more than 53,000 IP addresses on 684 servers in 24 countries.
- VyprVPN (for iOS only)
— VyprVPN (@VyprVPN) June 5, 2017
Although VyprVPN does not allow P2P connections, its VPN service is of high quality. VyprVPN is considered one of the top-notch VPN providers, and one of its impressive features is its proprietary encryption technology called Chameleon. However, VyprVPN’s IKEv2 support is limited to iOS devices only.
- ExpressVPN (named L2TP/IPsec)
ExpressVPN has advanced features such as the kill switch, IP leak prevention, zero-knowledge DNS servers, and IPv6 leak prevention. All these features make it a premium VPN provider. ExpressVPN also has virtual server locations for countries where it’s difficult to establish a stable connection. The provider still uses L2TP/IPSec implementation for its IKEv2 protocol so you can choose L2TP/IPSec as the VPN protocol.
— HideIpVPN (@hideipvpn) June 7, 2017
HideIPVPN is among our top 10 VPN providers, although its network is not as huge as the other providers on our list. What impressed us is that HideIPVPN is clear about allowing P2P. Moreover, it has all the features of a good VPN provider, like DNS leak protection, application kill switch, and the ability to sort servers according to speed.
The rest of the VPN providers on our top ten are probably just waiting for the right amount of requests before they consider adding IKEv2 support. If there is enough demand, more VPN providers will certainly look into IKEv2 for VPN applications.
IKEv2 vs. other VPN protocols
There are four other VPN protocols to choose from, and we’re going to discuss each of them briefly:
- PPTP: Point-to-Point Tunneling Protocol was developed for dial-up networks, making it a popular choice for corporate VPN networks. It’s also available on almost all devices and VPN providers. It is easy to set up since there’s no need for additional software. Microsoft developed PPTP, but some security issues have clouded its reliability. For instance, it took only two days to crack PPTP using un-encapsulated MS-CHAP v2 Authentication. Microsoft had fixed this, but the company has also recommended using a different VPN protocol.
- L2TP: The Layer 2 Tunneling Protocol doesn’t have the same vulnerabilities as PPTP, but it has speed issues since it encapsulates data twice. It relies on IPSec as the authentication suite, and both L2TP and IPSec are developed by Microsoft. L2TP also uses a limited number of ports, making it easy to block via port blocking.
- SSTP: Secure Socket Tunneling Protocol is owned by Microsoft, and uses SSL 3.0. This makes the VPN traffic look like it’s coming from a regular browser. SSTP can also use TCP port 443, which helps it avoid VPN blocking. However, SSL 3.0 is vulnerable to the POODLE attack, making SSTP, and other software and browsers that use SSL 3.0, vulnerable.
- OpenVPN: This is currently the VPN standard used by most commercial VPNs; most devices support it. VPN providers recommend using OpenVPN as much as possible because it is highly customizable and considered the most secure among the protocols. OpenVPN is open-source and therefore does not have any corporate interest, unlike other protocols. Another advantage of OpenVPN is that it works on any port (TCP or UDP). Therefore, it is not easily blocked by a VPN blocker.
Most VPN providers will give you the freedom to choose any of these VPN protocols to use. Generally, they recommend either OpenVPN or IKEv2.
Which protocol is the best?
It is a close battle between IKEv2 and OpenVPN. IKEv2 is more secure than other VPN protocols because of its auto-reconnect capability. Thus, it’s more effective in protecting the privacy and identity of Internet users. It’s also relatively faster, although several factors impact VPN speed. However, IKEv2 is supported mostly by new mobile devices only.
On the other hand, OpenVPN is supported by all devices and has been a VPN standard for years. It’s secure and isn’t clouded by any corporate interests because it is open-source.
Ultimately, more important than the VPN protocol is the VPN provider you choose. No matter how good, secure, and fast a VPN protocol is, the VPN provider has the final say. Two factors to consider when choosing a VPN provider:
- Logging policy: Most VPN providers only track necessary data such as bandwidth usage and which server you connect to. However, these data are not user-identifiable. If a VPN provider logs and stores even a small amount of personal details, then it will be easy to track a user. This logging practice defeats the purpose of a VPN.
— RYAN M~W – BLM (@ryanttb) April 7, 2017
- The number of server locations: Server location affects speed—the more choices you have, the better. No matter how fast the VPN protocol is, if the provider only has a few server locations or if the server locations aren’t strategic, then there will still be latency issues.
Make sure you check these factors when you do your research before selecting a VPN provider and the VPN protocol to use. Read our reviews of some of the best providers below to find out the VPN provider’s logging policy, how big or small their networks are, how to reach their customer support, and if their services are worth their rates.
[affilioProvider max=”3″ top=”n” cat=’home’]