These are all backwards compatible things. The cool things are happening at IKEv2, and the management tools and required features will push users to v2. Sure static v1 site to site will remain in place until 3des or hmac-md5 is broken (and they'd still not upgrade)
Just make sure people don't implement support for tcp in v1 :) Sent from my iPhone > On Mar 16, 2016, at 08:39, Yoav Nir <ynir.i...@gmail.com> wrote: > > >> On 16 Mar 2016, at 2:27 PM, Paul Wouters <p...@nohats.ca> wrote: >> >> >>> >>> Or perhaps we need the IKEv1 considered harmful draft / >>> ikev1-diediediediedie... >> >> I don't think that will help. I've seen how reluctant people are to change >> their 10 year old working VPN. >> >> IKEv1 is dying pretty quickly now, thanks to mobile phones. > > Really? Granted, it’s been a couple of years since I’ve checked the VPN > capabilities of an iPhone, but I remember it having L2TP (using IKEv1) and > XAuth (A Cisco extension to IKEv1). We have some people from Apple in the > working group who are talking about IKEv2 on the phone, but I don’t think > they’re removing the support for L2TP or XAuth. > > Android IIRC also has the L2TP with IKEv1. Not sure what else. > > Windows Mobile? You can add your own, or you have the usual Windows PPTP, > L2TP (again with IKEv1) and IKEv2. > > Who’s killing IKEv1? > > Yoav > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
