Home
What is a VPN
Protocols
IKEv2 vs IKEv1: What are the differences? | ExpressVPN

Differences between IKEv2 and IKEv1

IKEv2 and IKEv1 are both VPN protocols, but there are key differences. We discuss which one you should use.

30-day money-back guarantee

Devices with ExpressVPN, an IKEv2 protocol speech bubble, and an IKEv1 protocol speech bubble.

What is the difference between a Proxy and a VPN? Computer screen with a shield with a checkmark on it.

What are IKEv2 and IKEv1?

IKEv2 and IKEv1 are the two iterations of IKE, which stands for Internet Key Exchange—a protocol used to set up a secure communication channel between two networks.

IKEv2 is an enhanced version of IKEv1. Although IKEv2 and IKEv1 are quite similar at their core, IKEv2 was designed to be more secure, more reliable, and faster than IKEv1.

IKEv2 is supported on the ExpressVPN apps for Mac and iOS. IKEv1 is not available on any ExpressVPN app. Instead, we recommend Lightway, a VPN protocol that we built from the ground up, for a faster, more secure, more reliable connection.

Get ExpressVPN

Key Differences between IKEv2 and IKEv1

While IKEv2 and IKEv1 both stem from IKE, IKEv2 outperforms IKEv1 with faster speeds, greater security, and higher reliability.

Speed: IKEv2 offers faster speeds than IKEv1. IKEv2’s built-in support for NAT traversal makes going through firewalls and establishing a connection much faster. Also, IKEv2 supports Mobility and Multi-homing Protocol (MOBIKE), which gives you almost instant reconnection when switching between Wi-Fi and your mobile network. In terms of bandwidth, IKEv2 consumes less of it than IKEv1 as it requires fewer security associations to establish a VPN tunnel.

Security: IKEv2 is much more secure than IKEv1. IKEv2 uses leading encryption algorithms and high-end ciphers such as AES, Camellia, and ChaCha20. IKEv2 also uses encryption keys for both sides while IKEv1 doesn’t, making it more secure.

Together with its support for EAP, a highly secure authentication method generally used on corporate networks, IKEv2’s security makes it one of the most secure VPN protocols.

Reliability: IKEv2 is more reliable, as all communications consist of pairs of messages as Request and Response, while IKEv1 doesn’t work the same way. IKEv2’s support for MOBIKE also makes your connection more resistant to network changes.

FAQ: About IKEv1 vs. IKEv2

Which is better: IKEv1 or IKEv2?

IKEv2 is better than IKEv1. IKEv2 supports more features and is faster and more secure than IKEv1.

IKEv2 uses leading encryption algorithms and high-end ciphers such as AES and ChaCha20, making it more secure than IKEv1. Its support for NAT-T and MOBIKE also makes it faster and more reliable than its predecessor.

Is IKEv1 still secure?

IKEv1 is prone to security vulnerabilities and other system issues due to its overall complicated structure and lack of mobile support. There’s no reason to use IKEv1 when IKEv2 proves to be more secure and reliable. Choose IKEv2 over IKEv1 whenever possible.

Is IKEv2 compatible with IKEv1?

No, IKEv1 and IKEv2 are not compatible. This means a device using IKEv1 won’t be able to establish a VPN tunnel with another device using IKEv2.

Does IKEv2 support aggressive mode?

No, IKEv2 doesn’t support aggressive mode. IKEv1 uses aggressive mode and main mode to establish an exchange during the phase 1 negotiation. IKEv2 combines these modes into a single four-message sequence for a much simpler and more efficient exchange.