How to Get a Faster, More Secure, and Reliable VPN? Enable IKEv2!
Updated on July 13, 2021: From now on, traffic filtering, malware protection, and suspicious DNS activity blocking are available as a part of the separate DNS Firewall app.
Internet security and online privacy are dynamically developing spheres. They are a battlefield of a constant arms race. On one side, you have all sorts of cyber-criminals trying to cash in on unsuspecting netizens. On the other side, there are various protection companies striving to fend the malefactors off.
Today, we are proud to run out the newest piece of heavy artillery in VPN Unlimited arsenal. Meet IKEv2 in our latest 4.15 update for macOS. Read on to learn about it and how you, the user, will benefit from this innovation!
About Key Exchange protocols
Internet Key Exchange (IKE) is a tunneling technology used in security association with IPsec protocol suite (you can find more technical details about it here). In a nutshell, IKE is used to make a shared connection unhackable by encrypting it and to generate cryptographic keys. It is a popular solution for establishing and securing a VPN connection.
Until recently, VPN Unlimited utilized IKEv1. However, as progress forges ahead, certain flaws and vulnerabilities of this version became apparent. To be abreast of the times and to keep providing our clients with the best, up-to-date levels of privacy and protection, we decided to transfer to the nextgen version of the protocol, IKEv2. Despite it being quite a complicated technology to install on servers, the benefits it bestows upon our users are absolutely worth the extra effort.
So, what improvements exactly will VPN Unlimited users notice after the update
- Security. IKEv2 employs server certificate authentication, which means it won’t perform any actions until it determines the requester’s identity. This derails most of the man-in-the-middle and DoS attacks attempts. Additionally, this protocol supports various encryption standards like AES 256 and 3DS, making it go well together with our strict security principles.
- Reliability. IKE had a drawback that was quite troublesome for VPN users. If you tried to switch to a different internet connection (like from WiFi to mobile internet) with VPN on, it would disrupt the VPN connection and would require a reconnection. Though not too inconvenient in terms of how little time it takes, it has certain undesirable consequences like your IP getting changed and performance drops. Thanks to the reliability measures implemented in IKEv2, this issue has been fixed.
- Speed. Its well minded architecture and effective message exchange system allow for better performance. Also, its connection speed is significantly higher, not least because of NAT traversal which makes passing through firewall and establishing a connection much faster.
- Enhanced mobile support. IKEv2 implements a MOBIKE technology, which allows it to be used by mobile and multihomed users. It is also one of the few protocols that support Blackberry devices.
- Bug fixes. The new iteration of IKE fixes some of the known issues, for example the one with Connect on Demand. It used to occur after a device went to a sleep mode or internet connection was switched. IKE could end up in a loop with both the device and the server expecting the other to initiate some action. Which, obviously, never happened, and it looked like there is no internet connection whatsoever. IKEv2 resolves this problem thanks to the use of sequence numbers and acknowledgements. By the way, we are grateful to all of our users who pointed out this problem on our website – your feedback was extremely helpful for us!
As a side note
Some of our users were curious about a new type of system notifications they have started receiving after this update.
For your information, this is an additional system check that occurs thanks to the advanced security levels of the IKEv2 protocol. Neagent or NEIKEv2Provider (the name depends on your macOS version) is a service for establishing secure VPN connection. Upon connecting, it requests access to the KeyChain password management system to receive authorization data for VPN connection establishment. This is required so that the system can check if any profile data have been changed since the last time.
If you click Allow, the system will only save the password for the duration of a current session, and will request it again during reconnection. For your convenience, we recommend that you choose the Always Allow option. This way VPN Unlimited will remember your password and will not bother you with this notification again (until, of course, you decide to change the password).
As you can see, IKEv2 is an awesome update with lots of benefits for both you, the users, and us, the developers. When combined with our service’s ability to distribute your VPN coverage to up to 5 devices under 1 account (in basic configuration), it provides a great opportunity for extended protection. We definitely hope you will enjoy your enhanced VPN Unlimited experience. Give it a try, download VPN Unlimited and get a free 7-day trial to check out its awesomeness!