Implementations
IKE is supported as part of the IPsec implementation in Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008. The ISAKMP/IKE implementation was jointly developed by Cisco and Microsoft.
Microsoft Windows 7 and Windows Server 2008 R2 fully support IKEv2 (RFC 4306) as well as MOBIKE (RFC 4555) through the VPN Reconnect feature (also known as Agile VPN).
There are several open source implementations of IPsec with associated IKE capabilities. On Linux, Openswan and strongSwan implementations provide an IKE daemon called pluto, which can configure (i.e., establish SAs) to the KLIPS or NETKEY kernel-based IPsec stacks. NETKEY is the Linux 2.6 kernel's native IPsec implementation.
The Berkeley Software Distributions also have an IPsec implementation and IKE daemon, and most importantly a cryptographic framework (OpenBSD Cryptographic Framework, OCF), which makes supporting cryptographic accelerators much easier. OCF has recently been ported to Linux.
A significant number of network equipment vendors have created their own IKE daemons (and IPsec implementations), or license a stack from one another.
There are a number of implementations of IKEv2 and some of the companies dealing in IPsec certification and interoperability testing are starting to hold workshops for testing as well as updated certification requirements to deal with IKEv2 testing. ICSA Labs held its latest IKEv2 Interoperability Workshop in Orlando, FL in March 2007 with 13 vendors from around the world.
The following open source implementations of IKEv2 are currently available:
- OpenIKEv2,
- strongSwan,
- Openswan,
- IKEv2,
- Racoon and Racoon2 from the KAME project,
- iked from the OpenBSD project.
Read more about this topic: Internet Key Exchange