IPSec ensures secure and private communications over Internet Protocol (IP) networks by authenticating and encrypting IP packets between two end points.

31-Day Money Back Guarantee
what is ipsec

What is IPsec?

Internet Protocol Security, also commonly known as IPSec, is a framework of open standards developed by the Internet Engineering Task Force (IETF) to provide cryptographically-based security to network traffic. Besides protecting one or more data flows between IPSec peers, it also enables data origin authentication, confidentiality, integrity and anti-replay.

Offering support for both IPv4 and IPv6, IPSec is widely deployed when it comes to the implementation of Virtual Private Networks (VPN). As such, the terms IPSec VPN or VPN over IPSec refer to the process of establishing VPN connections using IPSec protocol. It is a common method for creating a virtual, encrypted link over the unsecured Internet.

Key Features of IPSec VPN

Anti-Replay Protection

IPSec provides protection against replay attacks by assigning a unique sequence number to each packet. If a packet with a duplicate sequence number is detected, it is considered replayed and dropped.

Data Origin Authentication

Hash message authentication code (HMAC) algorithms verify that the packets you receive are unchanged and sent by your peer.

Perfect Forward Secrecy

PFS in an IPSec VPN service enhances the security of your VPN connection by ensuring a unique session key is created for each negotiation.


IPSec works below the transport layer, so it is transparent to users and applications. Therefore, you do not need to make any changes to software when implementing it on your router or firewall.

Dynamic Re-Keying

The process of re-keying at set intervals means you can bid farewell to manual reconfiguration of secret keys and stay protected against most interception and impersonation attacks.


Since packets are encrypted by the sender before transmission, rest assured that sensitive data will only reach its intended recipient.

IPSec VPN Comparison

IPSec (IKEv2, L2TP) vs SSL (OpenVPN, SSTP)

The following is an in-depth comparison between SSL and IPSec protocols

Encryption 256-bit 256-bit 256-bit 256-bit 128-bit
Security OpenVPN can be considered extremely secure when used in conjunction with robust cipher and ephemeral keys Can be considered as secure as OpenVPN when used in conjunction with robust cipher and ephemeral keys Latest VPN protocol which implements IPSec and is highly secure IPSec over L2TP, when properly implemented, has no major known vulnerabilities PPTP implementation has several known security vulnerabilities
Stability Stable Connection Stable, but more so on Windows Highly stable and consistent connection once established Stable Connection Unstable and may disconnect frequently
Speed Great speed across long distances and on connections with high latency Faster than PPTP and L2TP Faster than other VPN protocols due to MOBIIKE support, which makes it stable and resilient L2TL/IPSec is still fast, despite tunneling overhead, due to high encryption/decryption efficiency. Fastest VPN protocol because of basic encryption
Supported OS Windows OS iOS (Manual) Android Mac OS X (Manual) And More... Windows OS iOS (Not Supported) Android (Not Supported) MAC OS X And More... Windows OS iOS Android (Manual) Mac OS X (Manual) BlackBerry (Manual) Windows OS iOS (Manual) Android (Manual) Mac OS X (Manual) And More... All Platforms (Manual)
Conclusion Good speed, strong security, native support for most OS. Safer and faster than PPTP and L2TP, ideal for Windows OS, can easily bypass firewalls Fast speed, strong security, the only VPN protocol supported by Blackberry Easy-to-setup, stable, and secure Highly recommended for speed, but isn’t the best option for security

PureVPN offers support for all major VPN protocols and platforms.

Get PureVPN

31-Day Money Back Guarantee

Pros & Cons of IPSec VPN Protocol


  • Native compatibility for all major devices.
  • Extremely secure as it uses a variety of ciphers such as 3DES, AES, and AES-256.
  • Highly stable, especially when switching networks or reconnecting after a dropped connection.
  • Operates at network level – no need to worry about application dependence!


  • It can easily be blocked by restrictive firewalls.
  • Not the fastest protocol – L2TP/IPSec encapsulates data twice, which slows down the connection.
  • Requires significant bandwidth and processing time.

How to Select the Best VPN Protocol?

Automatic Selection

Ease of use is one of our cornerstones. PureVPN apps can automatically choose the VPN protocol best suited for your connection. All you have to do is connect and we take care of the rest for you.

Manual Selection

Alternatively, you also have the option of using a different protocol for your VPN connection. We’d advise that you take a look at our VPN comparison chart for a better understanding of what each brings to the table. Still uncertain? It is advised that you try these VPN protocols in the following order:

  • OpenVPN
  • IKEv2
  • SSTP
  • L2TP
  • PPTP
  • IPSec

Frequently Asked Questions

IPSec VPN uses tunneling to establish a private connection through which all your data is passed through. Unlike other protocols that function at application layer, IPSec operates at network layer and this allows it to encrypt the entire packet.

A variety of encryption algorithms are employed for this very purpose, but we can drill them down to two main mechanisms – they’ve been described below! That said, PureVPN’s IPSec uses AES (Advanced Encryption Standard) along with other technologies to keep your data safe.
IPSec relies on the following core protocols for encoding your information to ensure security:

  • IPSec Authentication Header (AH)
    The protocol ensures a digital signature is placed on each packet to protect your data and network from interference. This means the contents cannot be altered without discovery and also allows the recipient to verify whether the received packets were actually sent by the originator or not. AH also keeps you protected from replay attacks.

  • Encapsulating Security Payload (ESP)
    Where AH prevents a packet from being tampered, ESP is responsible for encrypting the packets and making them unreadable. The complete payload of a packet is encrypted via an ESP header, ESP trailer, and ESP authentication block.
Both of these protocols work together to provide authentication, security, and privacy.
For Android and Windows devices, IPSec can be used with L2TP and IKEv2 protocols. When it comes to iOS and Mac devices though, you can only select to use IPSec alone.
More often than not, IPSec VPN ports are open in firewall. However, if it is not, you can make it work by opening UDP port 500 (to allow ISAKEP traffic to be forwarded through your firewalls) and permitting IP protocol IDs 50 (to allow ESP traffic to be forwarded) and 51 (to allow AH traffic to be forwarded) on firewall filters – both inbound and unbound.
While it is technically possible to setup IPSec over IPv6, PureVPN is not currently supporting IPSec over IPv6.
  • 31 Guarantee 31-Day Money-Back
  • One-click
  • 3 Million+
    Satisfied Users
  • 24x7x365
    Customer Support