When I was looking to replace my OpenVPN server for a cloud based VPN one thing I wanted was to use the OS native VPN solution. Everything pointed me to L2TP/IPSec, I am wondering why I would choose IKEv2 over that.
First off, IKEv2 is IPSec. IPSec tunnels are either IKEv1 or IKEv2.
The advantages:
* It has a streamlined/faster key negotiation protocol. IKEv2 tunnels can be established in a fraction of the time it takes for IKEv1 negotiation, especially when negotiating multiple SAs.
* More robust integrity algorithms which can detect and re-establish a tunnel faster.
* It supports EAP, so in client/server mode (vs. tunnel mode) you can attach it to an AAA server to assign IP addresses and do user authentication, making L2TP and shared secrets unnecessary. (Note that when using IKEv2 for IPSec tunnels, one still must use either a shared secret or certificates for authentication.)
The advantages:
* It has a streamlined/faster key negotiation protocol. IKEv2 tunnels can be established in a fraction of the time it takes for IKEv1 negotiation, especially when negotiating multiple SAs.
* More robust integrity algorithms which can detect and re-establish a tunnel faster.
* It supports EAP, so in client/server mode (vs. tunnel mode) you can attach it to an AAA server to assign IP addresses and do user authentication, making L2TP and shared secrets unnecessary. (Note that when using IKEv2 for IPSec tunnels, one still must use either a shared secret or certificates for authentication.)