IKEv2 supports more modern cryptography algorithms than IKEv1 and therefore offers higher security.

With the Post-Quantum Pre-Shared Key (PPK) option, IKEv2 can simultaneously authenticate the connection via certificate and provide protection against attacks with quantum computers. In IKEv1, only one or the other is possible.

IKEv2 requires only 4 consecutive messages for connection establishment compared to 9 for IKEv1. Connection establishment in IKEv2 is therefore faster.

With pre-shared key authentication, the key in IKEv2 is not tied to a fixed IP address or the same for all peers, as it is in IKEv1, but can be selected using an IKE ID.

In IKEv2, the configured IP networks for the tunnels do not have to match exactly, but can be narrowed if necessary during connection establishment.

IKEv2 supports changing IP addresses during operation via MOBIKE.

Due to the tight coupling of IKE_SA and CHILD_SA in IKEv2, regular re-authentication of the IKE_SA may lead to a short interruption of the connection. In IKEv1, Phase 1 and 2 can, by contrast, be renewed independently of each other.