IKEv2 and IKEv1 are the two iterations of IKE, which stands for Internet Key Exchange—a protocol used to set up a secure communication channel between two networks.
IKEv2 is an enhanced version of IKEv1. Although IKEv2 and IKEv1 are quite similar at their core, IKEv2 was designed to be more secure, more reliable, and faster than IKEv1.
IKEv2 is supported on the ExpressVPN apps for Mac and iOS. IKEv1 is not available on any ExpressVPN app. Instead, we recommend Lightway, a VPN protocol that we built from the ground up, for a faster, more secure, more reliable connection.
While IKEv2 and IKEv1 both stem from IKE, IKEv2 outperforms IKEv1 with faster speeds, greater security, and higher reliability.
Speed: IKEv2 offers faster speeds than IKEv1. IKEv2’s built-in support for NAT traversal makes going through firewalls and establishing a connection much faster. Also, IKEv2 supports Mobility and Multi-homing Protocol (MOBIKE), which gives you almost instant reconnection when switching between Wi-Fi and your mobile network. In terms of bandwidth, IKEv2 consumes less of it than IKEv1 as it requires fewer security associations to establish a VPN tunnel.
Security: IKEv2 is much more secure than IKEv1. IKEv2 uses leading encryption algorithms and high-end ciphers such as AES, Camellia, and ChaCha20. IKEv2 also uses encryption keys for both sides while IKEv1 doesn’t, making it more secure.
Together with its support for EAP, a highly secure authentication method generally used on corporate networks, IKEv2’s security makes it one of the most secure VPN protocols.
Reliability: IKEv2 is more reliable, as all communications consist of pairs of messages as Request and Response, while IKEv1 doesn’t work the same way. IKEv2’s support for MOBIKE also makes your connection more resistant to network changes.
IKEv2 is better than IKEv1. IKEv2 supports more features and is faster and more secure than IKEv1.
IKEv2 uses leading encryption algorithms and high-end ciphers such as AES and ChaCha20, making it more secure than IKEv1. Its support for NAT-T and MOBIKE also makes it faster and more reliable than its predecessor.
IKEv1 is prone to security vulnerabilities and other system issues due to its overall complicated structure and lack of mobile support. There’s no reason to use IKEv1 when IKEv2 proves to be more secure and reliable. Choose IKEv2 over IKEv1 whenever possible.
No, IKEv1 and IKEv2 are not compatible. This means a device using IKEv1 won’t be able to establish a VPN tunnel with another device using IKEv2.
No, IKEv2 doesn’t support aggressive mode. IKEv1 uses aggressive mode and main mode to establish an exchange during the phase 1 negotiation. IKEv2 combines these modes into a single four-message sequence for a much simpler and more efficient exchange.