What is IKE protocol?
Internet Key Exchange or IKE is an IPsec based tunnelling protocol that provides a secure VPN communication channel, and defines automatic means of negotiation and authentication for IPsec security associations in a protected manner. The first version of the protocol (IKEv1) was introduced in 1998, and the second (IKEv2) came out 7 years later. There are a number of differences between IKEv1 and IKEv2, not the least of which is the reduced bandwidth requirements of IKEv2.
Features and technical details
The goal of IKE is to independently produce the same symmetric key for the communicating parties. This key serves to encrypt and decrypt the regular IP packets, used to transfer data between VPN peers. IKE builds a VPN tunnel by authenticating both sides, and reaching an agreement on methods of encryption and integrity. The outcome of an IKE negotiation is a Security Association (SA).
IKE is based on the underlying security protocols, such as the Internet Security Association and Key Management Protocol (ISAKMP), A Versatile Secure Key Exchange Mechanism for Internet (SKEME), and the Oakley Key Determination Protocol. ISAKMP specifies a framework for authentication and key exchange, but does not define them. SKEME describes a versatile key exchange technique, which provides a quick key refreshment. Oakley allows authenticated parties to exchange keying material across an insecure connection using the Diffie–Hellman key exchange algorithm. This method provides a perfect forward secrecy for keys, identity protection, and authentication.
The IKE protocol uses UDP port 500 that is perfect for network applications in which perceived latency is critical, such as gaming, voice and video communications. Moreover, the protocol does not involve the overhead, associated with Point-to-Point protocols (PPP). This makes IKE faster than PPTP and L2TP. While supporting AES 128, AES 256 and 3DES ciphers, IKE is considered to be a very secure protocol.
VPN Unlimited uses the IKEv1 protocol for iOS and macOS devices by default. In case you want to share the VPN protection to other devices via WIFI, you can still use the Profile installation mode on your Mac.
- Faster than PPTP and L2TP
- Supports high-grade encryption methods
- Easy to setup
- Uses UDP port 500 that can cause blocks from some firewalls
- Supports not many platforms