VPN protocols: IKEv2
Find out the strengths and weaknesses of IKEv2 as a VPN protocol.
30-day money-back guarantee
What is IKEv2?
IKEv2 stands for Internet Key Exchange Version 2. This VPN protocol is also referred to as IKEv2/IPsec, but as IKEv2 is never implemented without the IPsec encryption layer, it is generally shortened to just IKEv2. It is considered more lightweight and stable than OpenVPN while retaining some customizability. But it is only available over UDP, which is blocked by some firewalls.
IKEv2 is one of the newest protocols and has significant strengths, particularly its speed. It’s well-suited for mobile devices across all platforms.
ExpressVPN recommends you to use Lightway as your VPN protocol, with OpenVPN and IKEv2 also solid choices. While L2TP/IPsec still offers encryption, there may be ways for an attacker to decrypt the VPN session.
Pros
- More secure than L2TP/IPsec
Cons
- Slower than OpenVPN
How to configure your VPN to IKEv2
How does IKEv2 work?
IKEv2 authenticates both your device and the VPN server and negotiates what kind of security will be used between these two entities, in a process known as security association. It will generate the same encryption keys used to encrypt and decrypt all the data that flows through the VPN tunnel.
IKE works on widely accepted data-encryption methods, such as ISAKMP, SKEME, or OAKLEY.
How to set up IKEv2/IPsec
When you use the ExpressVPN app, there is no need to set up IKEv2 or any other VPN protocol. If IKEv2 is available to you, it will appear on the selection of protocols for you to choose in the settings.
Subscribe to ExpressVPN on the order page.
Download and install ExpressVPN for Mac or iOS.
Go into the settings and choose IKEv2.
Use the internet as normal.
If you need help, the ExpressVPN Support Team is available via live chat and email.
IKEv2 advantages and disadvantages
Advantages
- One of the speediest VPN protocols. Faster than L2TP and PPTP.
- Highly secure as it encrypts with high-end cyphers, including AES and Camellia, and 256-bit encryption algorithms.
- Offers a strong and stable connection, allowing users to stay on the VPN connection when switching between networks.
- The only VPN protocol that is supported on BlackBerry devices.
Disadvantages
- IKEv2 uses UDP Port 500, which may cause a firewall or a network admin to prevent the VPN from working.
- Only natively supported on Mac and iOS—but not Windows, Android, or Linux.
IKEv1 vs. IKEv2
Both IKEv1 and IKEv2 are built on IKE, the protocol used to set up a security association. But IKEv2 provides a better VPN experience:
IKEv2 offers a more stable and consistent VPN connection than IKEv1—due to its support of MOBIKE (Mobility and Multi-homing Protocol).
Using encryption keys for both ends of the VPN connection, IKEv2 is more secure than IKEv1.
With its built-in NAT traversal, IKEv2 establishes a connection much faster than IKEv1.
IKEv2 takes up less bandwidth and less data overhead.
IKEv2 vs. other types of VPN protocols
IKEv2 vs. IPsec
IKEv2 itself is a tunneling protocol and paired with IPsec for its capability to secure internet traffic. IKEv2 and IPsec work together to form a VPN protocol—which means there's no need to compare the two.
IKEv2 vs. L2TP/IPsec
IKEv2 and L2TP/IPsec provide the same level of security as they both work around IPsec. IKEv2 is, however, supported by fewer systems and software, though this shouldn’t be a main concern to most users.
IKEv2 vs. OpenVPN
Both IKEv2 and OpenVPN offer a similar level of protection and security. In terms of speed, IKEv2 should be faster than OpenVPN due to its lower CPU usage. OpenVPN is, however, less likely to be blocked by firewalls when you connect via TCP.
IKEv2 vs. WireGuard
Similar to IKEv2, WireGuard’s traffic may be blocked by firewalls, as it only uses UDP, which may be blocked by your network’s admins. However, WireGuard is still under development and still has to go through many security audits.
Other VPN protocols
In addition to offering a standard set of protocols, ExpressVPN built Lightway to outdo them all in speed, reliability, and security. Give it a try to see for yourself. Learn more about Lightway.
If you’re still not sure which VPN protocol to choose, simply let the ExpressVPN app automatically select the best one for you.
Frequently asked questions
Is IKEv2 secure?
IKEv2 is one of the most secure VPN protocols. It supports 256-bit encryption, while working with leading cryptographic algorithms like Camellia, AES, and Blowfish.
Is IKEv2 fast?
Yes. Indeed, IKEv2 is one of the fastest VPN protocols out there. As it runs on UDP, it uses port 500, which keeps latency low. Its efficient response/request message exchange process also leads to a faster VPN connection.
What port is IKEv2?
IKEv2 uses UDP port 500 for the initial key exchange and port 4500 for communication.
What are IKEv2 Phase 1 and Phase 2 message exchanges?
IKEv2, like IKEv1, operates in two phases. During Phase 1, the devices identify and negotiate with each other to agree on the common settings to use. Phase 2 is when they find out how to encrypt and authenticate the traffic. IKEv2 uses a shorter four-message sequence to offer a simpler exchange flow, resulting in a speedier VPN connection.
How to set up IKEv2 on iPhone?
You can download ExpressVPN from the App Store and use IKEv2 as the protocol to connect with just a few taps. iPhones have a built-in IKEv2 client but still require you to put in the setup credentials from a VPN provider. It’s also not easy to set up. So use the ExpressVPN app directly for a faster, more seamless connection experience.
Learn more about using a VPN
Security and privacy
Try the best VPN
Enjoy our risk-free 30-day money-back guarantee: If you’re not satisfied using ExpressVPN, contact Support within 30 days and get a full refund. It’s that simple.