You are currently viewing L2TP/IPSec

L2TP/IPSec

  • Post author:
  • Post comments:0 Comments
  • Post last modified:2021-02-25
  • Reading time:4 mins read

L2TP/IPSec

Layer 2 tunneling protocol (L2TP) doesn’t actually provide any encryption or authentication – it’s simply a VPN tunneling protocol that creates a connection between you and a VPN server. It relies on the other tools in the IPSec suite to encrypt your traffic and keep it private and secure. This protocol has a few convenient features, but certain issues prevent it from being a leading VPN protocol.

Pros

  • Security. Ironically, L2TP not offering any security at all makes it fairly secure. That’s because it can accept a number of different encryption protocols, making the protocol as secure or lightweight as you need it to be.
  • Widely available. L2TP is available on almost all modern consumer systems, meaning that admins will have no trouble finding support and getting it running.
  • The setup process is easy.
  • It does support multithreading for improved performance.

Cons

  • Potentially compromised by the NSA. Like IKEv2, L2TP is usually used with IPSec, therefore it presents the same previously mentioned vulnerabilities.
  • Slow. The protocol encapsulates data twice, which can be useful for some applications but makes it slower compared to other protocols that only encapsulate your data once.
  • Has difficulties with firewalls. Unlike other VPN protocols, L2TP doesn’t have any clever ways to get through firewalls. Surveillance-oriented system administrators use firewalls to block VPNs, and people who configure L2TP themselves are an easy target.
  • The NSA might have weakened the protocol, making it less secure.

When to use it?

You can use L2TP to securely shop online and perform banking operations. It is also beneficial when you want to connect several company branches into one network.

L2TP is a VPN protocol that doesn’t offer any encryption or protection from the traffic that passes through the connection. For this reason, it’s usually paired with IPSec, which is an encryption protocol.

It’s an extension of the PPTP protocol and utilizes a process called double encapsulation (which led to its initial rise in popularity). The first encapsulation establishes a PPP connection, while the second contains IPSec encryption.

It does have support for AES-256 encryption algorithms, which are some of the most secure. But, the stronger encryption protocols you use the slower your performance will be.

This protocol is built into most desktop and mobile operating systems, which makes it easier to implement. But, it can only use UDP port 500 for a connection, which makes it pretty easy to block by NAT firewalls. So, additional configuration is needed if this is going to be used behind a firewall.

It does have an advantage in that this style of connection prevents the data from being accessed between the sender and receiver. So, this can help to prevent any middle-man hacking attempts.

IPSec encryption is secure. Yet, both Edward Snowden and John Gilmore, a founding member of the EFF, suggest that the protocol has been deliberately weakened by the NSA.

It’s a slower connection because traffic must first be converted into the L2TP form, and you have an additional layer of encryption on top of that. It’s not as an efficient solution as OpenVPN, but it is easy to set up.

L2TP/IPSec Wikipedia Page

Layer 2 tunneling protocol (L2TP) doesn’t actually provide any encryption or authentication – it’s simply a VPN tunneling protocol that creates a connection between you and a VPN server. It relies on the other tools in the IPSec suite to encrypt your traffic and keep it private and secure. This protocol has a few convenient features, but certain issues prevent it from being a leading VPN protocol.

Learn More

Leave a Reply