What is L2TP VPN, and how does this protocol work?

Last updated on August 18th, 2021 in

What is L2TP VPN, and how does this protocol work?

what is l2tp vpn

Many of us have wondered at some point “what is L2TP VPN?”, so we hope to provide some much-needed help to those of you who are interested to learn about VPN protocols and which one is best for your needs.

We will be evaluating L2TP, a VPN protocol that has been widely used over the years. Security, speed, compatibility are very important aspects when choosing a VPN protocol and we will try to cover them all in this article.

What is L2TP VPN?

VPNs can work in multiple ways by using various protocols. Each protocol offers different combinations of speed, compatibility, and security features. L2TP is the short form for layer 2 tunneling protocol. It is a tunneling protocol that serves the purpose of supporting virtual private networks. 

The protocol was launched as an extension of the point-to-point protocol (PPTP). L2TP is basically made as a combination of Microsoft’s PPTP and Cisco’s L2F (layer 2 forwarding protocol).

The L2TP protocol was launched in 1999 and is described in RFC 2661. A newer version of the protocol appeared in 2005 through RFC 3931 and was named L2TPv3. 

L2TP technical details

Now that we have a background idea of what L2TP is, let’s dig into some of the more technical aspects of this protocol. 

How does the L2TP protocol work?

Basically, L2TP offers a means for virtual private networks to function. However, the L2TP protocol alone does not offer encryption security for your data packets. For this reason, it often pairs up with the IPSec protocol, which ensures good encryption and security for your internet activities. 

Therefore, don’t be surprised if you encounter the term L2TP/IPSec. As in the case of IKEv2, these two protocols have been found to work better together, with L2TP providing the means for the VPN connection and IPSec ensuring the security features. 

By using PPP, L2TP is able to support the link-layer tunnel which connects the client, the L2TP Access Concentrator (LAC) with the L2TP network server (LNS). Thus, the tunnel basically connects the user to the VPN server. This process can be accomplished solely by L2TP, however, as previously mentioned, there will not be any security for your connection until it is paired up with IPSec.

The tunnel is effectively set up using control packets sent from one end to the other. A tunnel can extend across a whole PPP session or only over one segment out of a two-segment session. Due to this fact, there are actually 4 different tunneling models which can be used by the L2TP protocol.These are:

  1. The compulsory tunnel - incoming call. In this case, the user has no influence over the connection that is being established. 
  2. The compulsory tunnel - remote dial
  3. The voluntary tunnel. In this case, the tunnel is formed due to a request from the user by means of the L2TP protocol. 
  4. The L2TP multi-hop connection. In this case, the tunnel is formed by the redirection of information from both sides.

In order for the L2TP connection to be set up, a back-and-forth transfer of a high number of control packets takes place between the client (LAC) and the server (LNS). 

The data packets themselves go through a rather distinct process in the L2TP protocol. It is perhaps one of the fewer protocols that actually encapsulates the data packets two times. The first encapsulation is done by the point-to-point protocol (PPP). Afterward, the IPSec protocol also encapsulates them, as well as encrypting the packets before shipping them towards their destination. 

While this double encapsulation can be seen as a means of providing better security for the information transported, it does pose some problems with regard to the speed of the connection. This happens because it requires time to encapsulate and encrypt each packet, and then decapsulate and decrypt the packet upon arrival.  

How L2TP works together with IPSec

Basically, the process involves three main steps. 

  1. ESP (encapsulating security payload) is used in transport mode. 
  2. The IPSec connection is configured. Oftentimes the IKE protocol is used for this purpose. Basically, IPSec provides the channel which allows for authentication information to be shared between the two points of contact. 
  3. Once this connection is set up, it is used for establishing the L2TP tunnel. The setup, or negotiation, happens through the SA. 

After these three steps have been completed, the L2TP/IPSec tunnel has finally been established. Thus, data packets can now begin to be encapsulated and encrypted by IPSec, and are then sent through the tunnel. The L2TP frame is encapsulated into a UDP packet and afterwards encapsulated again in an IP packet through IPSec. 

L2TP security, speed, compatibility and the setup process

Now that we’ve passed through the intricate processes of the L2TP protocol, and hopefully we have a better understanding of how it works, it may be a good idea to look into some of the more important aspects. Below I will present some quick details about L2TP’s speed, security, and other relevant aspects. 

Is L2TP/IPSec secure?

The L2TP/IPSec protocol does provide the AES - 256-bit encryption, which is currently considered one the best encryption options available. It is almost impossible for even the best computers available today to break this encryption. 

The protocol also provides double encapsulation of the data packets. You should bear in mind however that the L2TP protocol on its own provides no element of security. Consequently, you should make sure the L2TP protocol you use is combined with IPSec. 

How good is the speed offered by L2TP?

The speed offered by the L2TP protocol alone is absolutely unmatched. However, as mentioned previously, the layer 2 tunneling protocol provides absolutely no protection for your internet data by itself. 

When paired with IPSec, the speed provided changes quite a lot. While it definitely isn’t turtle-slow, it slightly lacks the responsiveness offered by other protocols such as PPTP or SoftEther. This may be partly due to the double encapsulation process through which the data packets have to go through with the L2TP protocol. While the speed offered is not frustratingly low, be warned, it is advisable that your device has a good CPU. 

To conclude this section, basically, the speed offered by L2TP/IPSec is also not on the top of the fastest VPN protocols list. 

L2TP compatibility

In this aspect, the L2TP protocol does equal, or even surpass, the compatibility of its rival protocols. Being pre-installed on most operating systems, the L2TP protocol is compatible with Android and iOS operating systems as well as Windows, Mac, and Linux. 

Perhaps a disadvantage in this aspect is that the L2TP protocol does not benefit from the advantages of being open-source, as opposed to OpenVPN or SoftEther. But even so, it is easily available on most devices. 

L2TP setup process

L2TP scores pretty well in this aspect. With it readily available on most devices, all it takes is tweaking some settings. If you already have a VPN subscription and want to use L2TP, you just need to check if the protocol is offered by your provider. Once again, make sure it comes as a bundle with the IPSec protocol. Otherwise, it is completely insecure. 

Also worth mentioning is the fact that the setup can either be done manually or automatically through the VPN client. Most VPN providers nowadays, including HideIPVPN, offer the option to access this connection type without the need of any additional tweaks.

L2TP versus other VPN protocols

layer 2 tunneling protocol
Ok, so we now have a good idea about what L2TP has to offer. But what good is knowing this information if we have no idea how this protocol compares to the other options available. For this reason, I will provide a quick comparison with some of the other major VPN protocols.  

L2TP/IPSec vs OpenVPN

Although L2TP/IPSec also offers the same encryption standard, it is affirmed that the protocol has possibly been compromised. 

Furthermore, the speed offered by L2TP slightly disappoints due to its double encapsulation process. Therefore, objectively, OpenVPN is undoubtedly the better option. 

L2TP is also easier to get blocked by NAT firewalls unless a couple of pretty delicate tweaks are made. OpenVPN can use any port, including the HTTPS port 443, making it a lot harder, if not impossible to block.

L2TP/IPSec vs PPTP

While L2TP/IPSec offers 256-bit encryption, it is well known that PPTP can only offer 128-bit. Due to this huge difference, L2TP/IPSec is far superior to PPTP when it comes to security.

However, L2TP does suffer with regard to speed. Due to the double encapsulation process, L2TP is quite resource-heavy, and therefore a lot slower than PPTP.  Last but not least, L2TP is basically an improvement over PPTP, so the choice should be pretty easy to make, especially if you’re looking for online security.

L2TP/IPSec vs IKEv2/IPSec

With regards to security, both IKEv2 and L2TP use the IPSec protocol. However, IKEv2 has also seen open-source applications, thus allowing users to benefit from even further updates. 

L2TP is slower than IKEv2 and doesn’t considerably exceed it with regard to compatibility. That being said, IKEv2 might be the better option rather than L2TP due to its speed, MOBIKE feature, and the fact that it does have open-source implementations. 

L2TP/IPSec vs SoftEther

While at first glance L2TP and SoftEther seem to be tied when it comes to security since they both use AES-256 encryption, the scale does slightly tip on SoftEther’s side due to the fact that it is open-source.

In terms of speed, again, SoftEther seems to be the better of the two. The same cannot be said when it comes to the setup process though. L2TP is a much simpler option, especially because using SoftEther involves installing additional software on your device, even if the VPN client offers it as a protocol option. 

L2TP/IPSec vs SSTP

Due to the lack of double encapsulation, SSTP is considered to be the faster choice. On top of this, since SSTP uses the HTTPS port 443, it is a lot more difficult to block with a firewall than L2TP.

When it comes to compatibility though, L2TP is a clear winner. 

Bottom line

To sum things up, I believe it would be fair to say that the L2TP/IPSec protocol does not top the list for best VPN protocols. While it seems to offer decent security, rumors of it having been cracked do cause doubts. Moreover, the speed of this protocol definitely leaves much to be desired, mostly due to its double encapsulation feature. Having said this, protocols such as OpenVPN are probably a better option.   

If L2TP ticked all your boxes and you decided that it is the best protocol for your needs, you’ll be happy to learn that HideIPVPN does support this VPN protocol.

Moreover, we are particularly proud of the level of performance our VPN servers offer both in terms of speed and security (we use AES-256 encryption, unanimously approved by experts as being the best choice for VPNs).

If you’re looking for a VPN provider with a great selection of server locations and VPN protocols, a friendly and professional customer support team, and amazing prices, HideIPVPN could be exactly what you’re looking for!

what is l2tp vpn

Many of us have wondered at some point “what is L2TP VPN?”, so we hope to provide some much-needed help to those of you who are interested to learn about VPN protocols and which one is best for your needs.

We will be evaluating L2TP, a VPN protocol that has been widely used over the years. Security, speed, compatibility are very important aspects when choosing a VPN protocol and we will try to cover them all in this article.

What is L2TP VPN?

VPNs can work in multiple ways by using various protocols. Each protocol offers different combinations of speed, compatibility, and security features. L2TP is the short form for layer 2 tunneling protocol. It is a tunneling protocol that serves the purpose of supporting virtual private networks. 

The protocol was launched as an extension of the point-to-point protocol (PPTP). L2TP is basically made as a combination of Microsoft’s PPTP and Cisco’s L2F (layer 2 forwarding protocol).

The L2TP protocol was launched in 1999 and is described in RFC 2661. A newer version of the protocol appeared in 2005 through RFC 3931 and was named L2TPv3. 

L2TP technical details

Now that we have a background idea of what L2TP is, let’s dig into some of the more technical aspects of this protocol. 

How does the L2TP protocol work?

Basically, L2TP offers a means for virtual private networks to function. However, the L2TP protocol alone does not offer encryption security for your data packets. For this reason, it often pairs up with the IPSec protocol, which ensures good encryption and security for your internet activities. 

Therefore, don’t be surprised if you encounter the term L2TP/IPSec. As in the case of IKEv2, these two protocols have been found to work better together, with L2TP providing the means for the VPN connection and IPSec ensuring the security features. 

By using PPP, L2TP is able to support the link-layer tunnel which connects the client, the L2TP Access Concentrator (LAC) with the L2TP network server (LNS). Thus, the tunnel basically connects the user to the VPN server. This process can be accomplished solely by L2TP, however, as previously mentioned, there will not be any security for your connection until it is paired up with IPSec.

The tunnel is effectively set up using control packets sent from one end to the other. A tunnel can extend across a whole PPP session or only over one segment out of a two-segment session. Due to this fact, there are actually 4 different tunneling models which can be used by the L2TP protocol.These are:

  1. The compulsory tunnel - incoming call. In this case, the user has no influence over the connection that is being established. 
  2. The compulsory tunnel - remote dial
  3. The voluntary tunnel. In this case, the tunnel is formed due to a request from the user by means of the L2TP protocol. 
  4. The L2TP multi-hop connection. In this case, the tunnel is formed by the redirection of information from both sides.

In order for the L2TP connection to be set up, a back-and-forth transfer of a high number of control packets takes place between the client (LAC) and the server (LNS). 

The data packets themselves go through a rather distinct process in the L2TP protocol. It is perhaps one of the fewer protocols that actually encapsulates the data packets two times. The first encapsulation is done by the point-to-point protocol (PPP). Afterward, the IPSec protocol also encapsulates them, as well as encrypting the packets before shipping them towards their destination. 

While this double encapsulation can be seen as a means of providing better security for the information transported, it does pose some problems with regard to the speed of the connection. This happens because it requires time to encapsulate and encrypt each packet, and then decapsulate and decrypt the packet upon arrival.  

How L2TP works together with IPSec

Basically, the process involves three main steps. 

  1. ESP (encapsulating security payload) is used in transport mode. 
  2. The IPSec connection is configured. Oftentimes the IKE protocol is used for this purpose. Basically, IPSec provides the channel which allows for authentication information to be shared between the two points of contact. 
  3. Once this connection is set up, it is used for establishing the L2TP tunnel. The setup, or negotiation, happens through the SA. 

After these three steps have been completed, the L2TP/IPSec tunnel has finally been established. Thus, data packets can now begin to be encapsulated and encrypted by IPSec, and are then sent through the tunnel. The L2TP frame is encapsulated into a UDP packet and afterwards encapsulated again in an IP packet through IPSec. 

L2TP security, speed, compatibility and the setup process

Now that we’ve passed through the intricate processes of the L2TP protocol, and hopefully we have a better understanding of how it works, it may be a good idea to look into some of the more important aspects. Below I will present some quick details about L2TP’s speed, security, and other relevant aspects. 

Is L2TP/IPSec secure?

The L2TP/IPSec protocol does provide the AES - 256-bit encryption, which is currently considered one the best encryption options available. It is almost impossible for even the best computers available today to break this encryption. 

The protocol also provides double encapsulation of the data packets. You should bear in mind however that the L2TP protocol on its own provides no element of security. Consequently, you should make sure the L2TP protocol you use is combined with IPSec. 

How good is the speed offered by L2TP?

The speed offered by the L2TP protocol alone is absolutely unmatched. However, as mentioned previously, the layer 2 tunneling protocol provides absolutely no protection for your internet data by itself. 

When paired with IPSec, the speed provided changes quite a lot. While it definitely isn’t turtle-slow, it slightly lacks the responsiveness offered by other protocols such as PPTP or SoftEther. This may be partly due to the double encapsulation process through which the data packets have to go through with the L2TP protocol. While the speed offered is not frustratingly low, be warned, it is advisable that your device has a good CPU. 

To conclude this section, basically, the speed offered by L2TP/IPSec is also not on the top of the fastest VPN protocols list. 

L2TP compatibility

In this aspect, the L2TP protocol does equal, or even surpass, the compatibility of its rival protocols. Being pre-installed on most operating systems, the L2TP protocol is compatible with Android and iOS operating systems as well as Windows, Mac, and Linux. 

Perhaps a disadvantage in this aspect is that the L2TP protocol does not benefit from the advantages of being open-source, as opposed to OpenVPN or SoftEther. But even so, it is easily available on most devices. 

L2TP setup process

L2TP scores pretty well in this aspect. With it readily available on most devices, all it takes is tweaking some settings. If you already have a VPN subscription and want to use L2TP, you just need to check if the protocol is offered by your provider. Once again, make sure it comes as a bundle with the IPSec protocol. Otherwise, it is completely insecure. 

Also worth mentioning is the fact that the setup can either be done manually or automatically through the VPN client. Most VPN providers nowadays, including HideIPVPN, offer the option to access this connection type without the need of any additional tweaks.

L2TP versus other VPN protocols

layer 2 tunneling protocol
Ok, so we now have a good idea about what L2TP has to offer. But what good is knowing this information if we have no idea how this protocol compares to the other options available. For this reason, I will provide a quick comparison with some of the other major VPN protocols.  

L2TP/IPSec vs OpenVPN

Although L2TP/IPSec also offers the same encryption standard, it is affirmed that the protocol has possibly been compromised. 

Furthermore, the speed offered by L2TP slightly disappoints due to its double encapsulation process. Therefore, objectively, OpenVPN is undoubtedly the better option. 

L2TP is also easier to get blocked by NAT firewalls unless a couple of pretty delicate tweaks are made. OpenVPN can use any port, including the HTTPS port 443, making it a lot harder, if not impossible to block.

L2TP/IPSec vs PPTP

While L2TP/IPSec offers 256-bit encryption, it is well known that PPTP can only offer 128-bit. Due to this huge difference, L2TP/IPSec is far superior to PPTP when it comes to security.

However, L2TP does suffer with regard to speed. Due to the double encapsulation process, L2TP is quite resource-heavy, and therefore a lot slower than PPTP.  Last but not least, L2TP is basically an improvement over PPTP, so the choice should be pretty easy to make, especially if you’re looking for online security.

L2TP/IPSec vs IKEv2/IPSec

With regards to security, both IKEv2 and L2TP use the IPSec protocol. However, IKEv2 has also seen open-source applications, thus allowing users to benefit from even further updates. 

L2TP is slower than IKEv2 and doesn’t considerably exceed it with regard to compatibility. That being said, IKEv2 might be the better option rather than L2TP due to its speed, MOBIKE feature, and the fact that it does have open-source implementations. 

L2TP/IPSec vs SoftEther

While at first glance L2TP and SoftEther seem to be tied when it comes to security since they both use AES-256 encryption, the scale does slightly tip on SoftEther’s side due to the fact that it is open-source.

In terms of speed, again, SoftEther seems to be the better of the two. The same cannot be said when it comes to the setup process though. L2TP is a much simpler option, especially because using SoftEther involves installing additional software on your device, even if the VPN client offers it as a protocol option. 

L2TP/IPSec vs SSTP

Due to the lack of double encapsulation, SSTP is considered to be the faster choice. On top of this, since SSTP uses the HTTPS port 443, it is a lot more difficult to block with a firewall than L2TP.

When it comes to compatibility though, L2TP is a clear winner. 

Bottom line

To sum things up, I believe it would be fair to say that the L2TP/IPSec protocol does not top the list for best VPN protocols. While it seems to offer decent security, rumors of it having been cracked do cause doubts. Moreover, the speed of this protocol definitely leaves much to be desired, mostly due to its double encapsulation feature. Having said this, protocols such as OpenVPN are probably a better option.   

If L2TP ticked all your boxes and you decided that it is the best protocol for your needs, you’ll be happy to learn that HideIPVPN does support this VPN protocol.

Moreover, we are particularly proud of the level of performance our VPN servers offer both in terms of speed and security (we use AES-256 encryption, unanimously approved by experts as being the best choice for VPNs).

If you’re looking for a VPN provider with a great selection of server locations and VPN protocols, a friendly and professional customer support team, and amazing prices, HideIPVPN could be exactly what you’re looking for!

« Back

VPN Trial

24 hours
Hide your IP.
Encrypt your traffic.
Enjoy your privacy.
Start Now

Smart DNS Trial

7 days
196 Unblocked websites.
Unlimited devices.
Original ISP speed.
Start Now