Your IP: Unknown · Your Status: Unprotected Protected

IKEv2/IPsec: Definition and Features

Jun 29, 2020 · 3 min read

IKEv2/IPsec: Definition and Features

NordVPN uses IKEv2/IPsec as the default protocol on macOS and iOS apps. For our users, it really matters what protocol is keeping them safe behind the scenes. But what is IKEv2/IPsec, and why does NordVPN support it?

What is a VPN protocol?

A VPN protocol is the system that establishes the secure connection between your device and the VPN’s server. This is done first by verifying the authenticity of the user’s device and the VPN server, and then generating an encryption key that can be used by both.

This system allows data to be encrypted, sent between the device and the server, and then decrypted safely. No matter how good a VPN is, it can’t provide genuine security if it doesn’t use a strong protocol.

What is IKEv2/IPSec?

IKEv2 stands for Internet Key Exchange version 2. It’s just one of many VPN protocols, but it has some particular strengths that set it apart (more on these later).

The IKEv2 protocol is built around an authentication suite called IPSec, and works best when coupled with this system. We refer to this winning combination as IKEv2/IPSec.

Within this combination, IKEv2 is the mechanism that generates encryption keys, ensuring safe data-flow between your device and the NordVPN server you’re connected to.

IKEv2/IPsec VS OpenVPN

IKEv2/IPSec is one in a long line of protocols, each building and expanding upon the strengths of predecessors. Where early options like Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP/IPsec) struggled to balance both speed and security, their successor, OpenVPN, excelled on both fronts.

OpenVPN is one of the best protocols now available, which is why it plays an integral role in NordVPN applications. However, there are some points on which IKEv2/IPSec surpasses even OpenVPN. This is largely thanks to its three defining features:

  • High-speed throughput.
  • Enhanced stability.
  • Auto-reconnection.

This state-of-the-art protocol is faster and more stable than OpenVPN, and it offers a ground-breaking auto-reconnect feature that improves both security and ease-of-use. This means that it will automatically resume your VPN’s connection, even when your device switches from one internet source to another.

For the technically minded, IKEv2/IPsec uses the AES-256-GCM cypher for encryption, coupled with SHA2-384 for integrity. This is combined with Perfect Forward Secrecy (PFS), using 3072-bit Diffie Hellmann keys.

The benefits of IKEv2/IPSec

  • Auto-reconnect: IKEv2/IPsec offers an efficient reconnect function when your internet connection is interrupted.
  • Strong encryption: IKEv2/IPSec is an advanced protocol that encrypts with high-security cyphers for maximum protection.
  • Supported across multiple devices: IKEv2/IPsec is supported across a wide variety of devices, including previously unsupported smartphones, connected homeware, and a range of routers.
  • Stability: IKEv2/IPsec offers enhanced stability, providing a strong connection, and allowing users to switch between internet connections without losing their protection.
  • Speed: Where many protocols struggle to maintain a seamless internet experience, IKEv2/IPSec offers high-speed data transfer and makes browsing with a VPN a faster, more enjoyable experience.

IKEv2 vs IPSec: the differences

When searching for the best VPN protocols, it’s tempting to pit different options against each other. In reality, IKEv2 and IPSec both work best when combined, and are not usefully comparable. In fact, IPSec’s authentication suite already uses IKEv2 within its own collection of protocols.

IPSec is a popular system for a reason: it’s secure and reliable, and its operations are invisible to third-parties. Likewise, IKEv2 is a great basis for stability, rapid data-flow, and connection hopping.

Seeing the strength of this privacy partnership, NordVPN uses IKEv2/IPSec to provide the best of both features, so users can enjoy a safer, more streamlined experience.


Christina Craig
Christina Craig successVerified author

Christina is a community manager and the heart, the voice and the soul of NordVPN. She is always up for a conversation with our community of users and blog readers.


Subscribe to NordVPN blog