NordVPN uses IKEv2/IPsec as the default protocol on macOS and iOS apps. For our users, it really matters what protocol is keeping them safe behind the scenes. But what is IKEv2/IPsec, and why does NordVPN support it?
A VPN protocol is the system that establishes the secure connection between your device and the VPN’s server. This is done first by verifying the authenticity of the user’s device and the VPN server, and then generating an encryption key that can be used by both.
This system allows data to be encrypted, sent between the device and the server, and then decrypted safely. No matter how good a VPN is, it can’t provide genuine security if it doesn’t use a strong protocol.
IKEv2 stands for Internet Key Exchange version 2. It’s just one of many VPN protocols, but it has some particular strengths that set it apart (more on these later).
The IKEv2 protocol is built around an authentication suite called IPSec, and works best when coupled with this system. We refer to this winning combination as IKEv2/IPSec.
Within this combination, IKEv2 is the mechanism that generates encryption keys, ensuring safe data-flow between your device and the NordVPN server you’re connected to.
IKEv2/IPSec is one in a long line of protocols, each building and expanding upon the strengths of predecessors. Where early options like Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP/IPsec) struggled to balance both speed and security, their successor, OpenVPN, excelled on both fronts.
OpenVPN is one of the best protocols now available, which is why it plays an integral role in NordVPN applications. However, there are some points on which IKEv2/IPSec surpasses even OpenVPN. This is largely thanks to its three defining features:
This state-of-the-art protocol is faster and more stable than OpenVPN, and it offers a ground-breaking auto-reconnect feature that improves both security and ease-of-use. This means that it will automatically resume your VPN’s connection, even when your device switches from one internet source to another.
For the technically minded, IKEv2/IPsec uses the AES-256-GCM cypher for encryption, coupled with SHA2-384 for integrity. This is combined with Perfect Forward Secrecy (PFS), using 3072-bit Diffie Hellmann keys.
When searching for the best VPN protocols, it’s tempting to pit different options against each other. In reality, IKEv2 and IPSec both work best when combined, and are not usefully comparable. In fact, IPSec’s authentication suite already uses IKEv2 within its own collection of protocols.
IPSec is a popular system for a reason: it’s secure and reliable, and its operations are invisible to third-parties. Likewise, IKEv2 is a great basis for stability, rapid data-flow, and connection hopping.
Seeing the strength of this privacy partnership, NordVPN uses IKEv2/IPSec to provide the best of both features, so users can enjoy a safer, more streamlined experience.