Although IKEv2 has been around for over a decade, unlike other
IKEv2 is primarily a tunneling protocol. It only becomes a
— James van den Berg ☁ ? (@JamesvandenBerg) July 12, 2017
Among the features of IKEv2 are built-in DoS protection, NAT-T, and EAP authentication. All these make IKEv2 a highly secure and reliable
Pros and cons of IKEv2
The most attractive feature of IKEv2 is its ability to reconnect your
— KFire TV News (@kodionfiretv) April 15, 2018
You may have your eyebrows raised right now, we know. For crying out loud, what kind of person forgets to turn on their
IKEv2 makes use of multihoming technology, making it possible for users to switch networks without ever dropping their
Moreover, IKEv2 is considered one of the fastest
Lastly, IKEv2’s security is unquestionable since it refuses to perform any further actions until the identity of the requester is verified. This is done with the use of server certificate authentication. DoS (denial of service) and MITM (man-in-the-middle) attacks are therefore prevented with IKEv2.
While IKEv2 is secure, reliable, and fast, it is not widely supported by
- Trust issues: There are allegations that the NSA has been trying to weaken IPSec among other encryption systems. Since IKEv2 is commonly paired with IPSec to work as a
VPNprotocol, IKEv2 may weaken if the NSA succeeds in this regard. The companies behind IKEv2―Microsoft and Cisco―may also have corporate interests in building vulnerabilities around this protocol, especially upon the government’s request. It’s not even new at all…
— Trevor Timm (@trevortimm) July 11, 2013
- Narrow support: Most
VPNproviders are hesitant in including IKEv2 mainly due to its limitation in terms of supported devices. It works great on Blackberry and iOS phones since these systems have IKEv2 native support. Windows 7, Windows Server 2008, Cisco routers, and macOS devices also natively support IKEv2, but other devices have not followed suit.
However, since this technology is becoming popular, the demand for it will definitely increase. Hopefully, this will prompt developers to make IKEv2 natively available for commonly used devices such as Android and other routers.
Like any development in technology, IKEv2 has its own set of disadvantages (aside from the advantages) which help determine if it is the right
We went back to our list of top
The team behind IPVanish has over 20 years of experience in
StrongVPN was one of the first players in the
- VyprVPN (for iOS only)
— VyprVPN (@VyprVPN) June 5, 2017
Although VyprVPN does not allow P2P connections, its
- ExpressVPN (named L2TP/IPsec)
ExpressVPN has advanced features such as the kill switch, IP leak prevention, zero-knowledge DNS servers, and IPv6 leak prevention. All these features make it a premium
— HideIpVPN (@hideipvpn) June 7, 2017
HideIPVPN is among our top 10
The rest of the
IKEv2 vs. other
There are four other
- PPTP: Point-to-Point Tunneling Protocol was developed for dial-up networks, making it a popular choice for corporate
VPNnetworks. It’s also available on almost all devices and VPNproviders. It is easy to set up since there’s no need for additional software. Microsoft developed PPTP, but some security issues have clouded its reliability. For instance, it took only two days to crack PPTP using un-encapsulated MS-CHAP v2 Authentication. Microsoft had fixed this, but the company has also recommended using a different VPNprotocol.
- L2TP: The Layer 2 Tunneling Protocol doesn’t have the same vulnerabilities as PPTP, but it has speed issues since it encapsulates data twice. It relies on IPSec as the authentication suite, and both L2TP and IPSec are developed by Microsoft. L2TP also uses a limited number of ports, making it easy to block via port blocking.
- SSTP: Secure Socket Tunneling Protocol is owned by Microsoft, and uses SSL 3.0. This makes the
VPNtraffic look like it’s coming from a regular browser. SSTP can also use TCP port 443, which helps it avoid VPNblocking. However, SSL 3.0 is vulnerable to the POODLE attack, making SSTP, and other software and browsers that use SSL 3.0, vulnerable.
- OpenVPN: This is currently the
VPNstandard used by most commercial VPNs; most devices support it. VPNproviders recommend using OpenVPN as much as possible because it is highly customizable and considered the most secure among the protocols. OpenVPN is open-source and therefore does not have any corporate interest, unlike other protocols. Another advantage of OpenVPN is that it works on any port (TCP or UDP). Therefore, it is not easily blocked by a VPNblocker.
Which protocol is the best?
It is a close battle between IKEv2 and OpenVPN. IKEv2 is more secure than other
On the other hand, OpenVPN is supported by all devices and has been a
Ultimately, more important than the
- Logging policy: Most
VPNproviders only track necessary data such as bandwidth usage and which server you connect to. However, these data are not user-identifiable. If a VPNprovider logs and stores even a small amount of personal details, then it will be easy to track a user. This logging practice defeats the purpose of a VPN.
— RYAN M~W – BLM (@ryanttb) April 7, 2017
- The number of server locations: Server location affects speed—the more choices you have, the better. No matter how fast the
VPNprotocol is, if the provider only has a few server locations or if the server locations aren’t strategic, then there will still be latency issues.
Make sure you check these factors when you do your research before selecting a
[affilioProvider max=”3″ top=”n” cat=’home’]