What is IKEv2/IPsec?
Recently, NordVPN began rolling out the support for IKEv2/IPsec as one of their VPN services. But for those of us not so much in the know, there are two main questions:
What exactly is IKEv2/IPsec?
Why is NordVPN supporting it now?
In order to answer these questions, we first need to quickly go over some other security protocols used in the VPN service and supported by NordVPN.
IKEv2/IPsec and Other Security Protocols
PPTP (Point-to-Point Tunneling Protocol) was one of the first security protocols introduced. It is very easy to set up and relatively fast due to cipher suites used in encryption, which are, however, considered very weak nowadays and therefore isn’t a recommended option by NordVPN.
L2TP/IPsec (Layer 2 Tunneling Protocol) is just as quick and easy as PPTP. L2TP does not provide any encryption on its own, which is why it’s used with Internet Protocol Security (IPsec). It is much more secure than PPTP, but has it’s own issues too. NordVPN supports this only as a fallback, where there is a real need for a legacy protocol. L2TP/IPsec uses a combination of a shared secret and also user’s own credentials for the authentication, therefore absolute privacy using L2TP/IPsec cannot be guaranteed, as there is always a potential for someone to intercept traffic, although highly unlikely. Use with caution and only as a temporary solution, or if privacy is not one of the main concerns.
OpenVPN is mature, secure and robust open-source protocol that works with a wide variety of cryptographic algorithms, although NordVPN only support AES256. We use OpenVPN in our Android app, also in Windows and macOS apps. Highly recommended as the daily VPN protocol by NordVPN.
SSTP (Secure Socket Tunnelling Protocol) is a proprietary standard used by Microsoft and offers similar advantages to OpenVPN. Because it’s integrated into Windows, it is much easier to set up for Windows users.
IKEv2/IPsec (the latest addition in NordVPN protocols) is also protected by IPsec, just as L2TP is, however IKEv2/IPsec significantly increases security and privacy of the user by employing very strong cryptographic algorithms and keys. NordVPN uses NGE (Next Generation Encryption) in IKEv2/IPsec. The ciphers used to generate Phase1 keys are AES-256-GCM for encryption, coupled with SHA2-384 to ensure integrity, combined with PFS (Perfect Forward Secrecy) using 3072-bit Diffie Hellmann keys. IPsec then secures the tunnel between the client and server using the strong AES256. This is the protocol, which provides the user with peace of mind security, stability and speed. For these reasons, it is highly recommended by NordVPN and has been adopted as a default in the iOS app and will soon be available on other platforms.
Main reasons for introducing the new IKEv2/IPsec protocol
NordVPN is committed to providing our customers with variety of options to ensure their privacy and security when browsing the net. IKEv2/IPsec is an advanced security protocol which offers the latest
IKEv2/IPsec offers improved ability to reconnect when an internet connection is interrupted.
Supported by many devices
IKEv2/IPsec will allow our customers to set up NordVPN on many more devices, this includes a variety of router options and even some devices we did not support earlier, including Blackberry phone.
IKEv2/IPsec offers great stability especially for those that hop between wifi and mobile data usage. Greater service stability will ensure that even if you hop between hotspots – you can be connected to the VPN service.
IKEv2/IPsec can offer faster throughput and as a result could be quite beneficial for improving app speeds.
What this all boils down to is a spectacularly secure, stable and speedy protocol that is highly effective for any VPN user.
So, where and when can you find this protocol?
IKEv2 now available by default on the latest iOS app (now available on the App Store). Coming soon to other apps. Set-up instructions and tutorials for other devices are coming soon.
Know of any other benefits of IKEv2/IPsec you’d like to share? Let us know in the comments below!