Enable Post-Quantum Encryption on Cloudflare IPsec Tunnels: A Step-by-Step Guide

Introduction

As quantum computing advances accelerate the timeline for breaking classical public-key cryptography, organizations must act now to protect their wide-area network (WAN) traffic from harvest-now-decrypt-later attacks. Cloudflare has made post-quantum encryption generally available for its IPsec tunnels using the new hybrid ML-KEM standard (FIPS 203). This guide walks you through configuring post-quantum encryption on Cloudflare IPsec, ensuring your site-to-site connections are resilient against future quantum threats. We’ve tested interoperability with Fortinet and Cisco branch connectors, so you can start securing your WAN with existing hardware.

What You Need

• A Cloudflare account with the IPsec WAN Network-as-a-Service subscription (or Cloudflare One SASE platform).
• Branch connectors (routers or firewalls) from Fortinet, Cisco, or other vendors that support the IETF draft draft-ietf-ipsecme-ikev2-mlkem for hybrid ML-KEM.
• Firmware or software versions on your branch connectors that include ML-KEM (FIPS 203) support (check vendor documentation).
• Access to the Cloudflare dashboard or API for configuring IPsec tunnels.
• Basic understanding of IPsec VPNs, IKEv2, and key exchange mechanisms.

Step-by-Step Configuration Guide

Step 1: Verify Your Cloudflare IPsec Setup

Before enabling post-quantum features, ensure your existing IPsec tunnels are operational. Log into the Cloudflare dashboard, navigate to Network > IPsec, and review your tunnel configurations. Confirm that you are using IKEv2 (the protocol supporting hybrid key exchange). If you’re still on legacy IKEv1, plan a migration to IKEv2 first, as post-quantum extensions require it.

Step 2: Choose Your Post-Quantum Algorithm – Hybrid ML-KEM

Cloudflare’s implementation uses hybrid ML-KEM, which combines classical Diffie-Hellman (ECDH) with the post-quantum ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism). This hybrid approach ensures backward compatibility while adding quantum resistance. Unlike TLS counterparts that required separate software stacks, IPsec’s hybrid design was standardized by the IETF in draft-ietf-ipsecme-ikev2-mlkem. No special hardware is needed – ML-KEM runs efficiently on standard processors.

Step 3: Update Branch Connector Firmware

For seamless interoperability, your branch connectors (e.g., Fortinet FortiGate, Cisco IOS/IOS-XE) must support the hybrid ML-KEM draft. Contact your vendor for firmware versions that include this feature. For example:

• Fortinet: FortiOS 7.4+ includes IKEv2 ML-KEM support.
• Cisco: IOS-XE 17.13+ (or later) with crypto suites for ML-KEM.

Install the updates on all participating branch devices.

Step 4: Configure the Cloudflare IPsec Tunnel with Post-Quantum Encryption

In the Cloudflare dashboard, create or edit an IPsec tunnel. Under the Encryption Settings section, enable Post-Quantum Encryption and select Hybrid ML-KEM (FIPS 203) as the key exchange method. If your tunnel uses IKEv2, this option automatically modifies the proposal payload to include the ML-KEM transform. Save the configuration – Cloudflare will push the new cryptographic parameters to its edge.

Step 5: Configure Branch Connector to Use Hybrid ML-KEM

On your branch device, configure the IPsec tunnel to match the Cloudflare settings. This typically involves:

• Setting IKEv2 version.
• Specifying the authentication method (preshared key or certificates).
• Adding the ML-KEM key exchange algorithm to the proposal list (e.g., ikev2 proposal mlkem768).
• Ensuring the classical Diffie-Hellman group (e.g., 14 or 19) is also included for hybrid fallback.

Refer to your device’s CLI or GUI documentation for exact syntax. Test connectivity with a ping across the tunnel.

Step 6: Validate the Post-Quantum Handshake

To confirm post-quantum encryption is active, check the IKEv2 security associations (SAs) on both ends. Look for key exchange identifiers indicating ML-KEM usage. On Cloudflare, you can view tunnel status in the dashboard – it will show Post-Quantum: Enabled. On your branch connector, issue a command like show crypto ikev2 sa detailed and verify that the Key Exchange field lists ML-KEM-768 (or similar). If you see only classical Diffie-Hellman, review your configurations.

Step 7: Monitor and Update Regularly

Post-quantum encryption is still evolving. IETF drafts may become standards, requiring algorithm updates. Cloudflare aims to provide backward compatibility, but you should regularly check for firmware upgrades from your branch vendor and Cloudflare’s release notes. Enable logging on your IPsec tunnels to monitor any negotiation failures or performance impacts – ML-KEM adds minimal overhead, but older hardware might see slight CPU increases.

Tips for Success

• Start with a test tunnel: Before rolling out to production, test post-quantum encryption on a single tunnel to validate interoperability.
• Understand harvest-now-decrypt-later risks: Adversaries can capture encrypted traffic today and decrypt it once quantum computers become powerful. Enabling post-quantum encryption now future-proofs your data.
• Combine with other security measures: Post-quantum encryption for IPsec is a key layer, but ensure your WAN also uses proper authentication, access control, and monitoring.
• Check vendor roadmaps: Not all hardware supports ML-KEM yet. If your branch connectors don’t, consider interim solutions like using a Cloudflare Magic Transit or waiting for vendor updates.
• Stay informed: The quantum computing landscape is rapidly changing. Cloudflare has moved its full post-quantum target to 2029 – keep an eye on industry announcements for new standards.

By following these steps, you can protect your WAN against future quantum attacks while maintaining compatibility with your existing network infrastructure. The age of post-quantum IPsec has arrived – seize it.