IKEv2

The software supports IKEv2, which is an enhancement of the IKEv1 protocol. All IKEv2 communications consist of pairs of messages: a request and a response. The IKEv2 protocol uses a non-reliable transport protocol (UDP using ports 500). The pairs of exchanges allows ensuring of reliability to the IKEv2 protocol, as there is an expected response for each request.

IKEv2 provides a number of improvements over IKEv1, including the following:

IKEv2 OCSP validation

Confirmation of certificate reliability is essential to achieve the security assurances public key cryptography provides. One fundamental element of such confirmation is reference to certificate revocation status. IKEv2 enables the use of Online Certificate Status Protocol (OCSP) for in-band signaling of certificate revocation status. The IKEv2 supports the authentication methods as pre shared key and digital certificate. It allows the verification of the digital certificate sent by the peer whether it is revoked or not. This is done through a method by sending the digital certificate to the OCSP server. The OCSP server in turn verifies the certificate status and sends the response back. Based on the response from OCSP server, the device validates the certificate.