The Layer 2 Tunneling Protocol (L2TP) launched in 1999 is an update on the Point to Point Tunneling Protocol (PPTP). It is a combination of the two protocols, the PPTP of Microsoft and the Layer 2 Forward (L2F) of Cisco. L2TP is one of the most widely used protocol to create a VPN connection between your device and a remote VPN server. This VPN connection through an encrypted tunnel transmits your data securely over a public medium such as the Internet.
The L2TP consists of two main components such as LAC (L2TP access concentrator) and LNS (L2TP network server). The LAC physically can terminate a call, while the LNS is in charge of the transmission of the PPP packets.
The layer 2 tunneling protocol is a session layer protocol. Moreover, this protocol supports two tunnels namely, the compulsory tunnel and the voluntary tunnel.
What is Layer 2 Tunneling Protocol?
L2TP is a VPN protocol designed to create a Virtual Private Network (VPN) connection. It primarily carries Layer 2 traffic over an Internet Protocol (IP) network such as the internet. The L2TP makes use of a User Datagram Protocol (UDP).
Layer two tunneling protocol is often used with an IPSec Protocol to create a VPN connection. This is because it does not possess an encryption feature of its own for encrypting the IP packets.
It is built-in into the modern laptops and mobiles which is one of the reasons why it is so much common in use. It supports all Windows operating systems along with MacOS, iOS, and Android Platforms.
Layer 2 Tunneling Protocol uses the 3DES encryption algorithm. It is considered one of the safest protocols to create a VPN connection.
How does a Layer 2 Tunneling Protocol function?
Layer 2 Tunneling Protocol is an extension of the PPP model. It allows the layer 2 point to point-links (L2) and the PPP endpoint to reside on different devices. These various devices are connected through a network such as the Internet.
Usually, you would have to establish an L2 connection with an access concentrator. The access concentrator then tunnels the PPP data packets to the NAS. This method enables the processing of the PPP packets to be distanced entirely from the termination of the L2 circuit.
Now, an L2TP connection would consist of two components namely a tunnel and a session. The tunnel would provide a reliable transport mechanism between two L2TP Control Connection Endpoint (LCCE’s). The tunnel carries only control packets.
The Session meanwhile remains within the tunnel. It only carries user data. A Single tunnel may contain within it many sessions. The user data in these multiple sessions are kept separate by a session identifier number. The session identifier number is present in the L2TP headers which encapsulate the data packets.
Which are the two types of tunnels in L2TP?
As mentioned above,Layer 2 Tunneling Protocol has two types of tunnels namely the compulsory tunnel and the voluntary tunnel.
With a Compulsory tunnel, a remote server initiates a connection with your Internet Service Provider (ISP). The ISP then is responsible for establishing an L2TP connection between your device and the network.
Although the ISP creates a connection, it is up to you to secure it using the VPN. For the Compulsory tunnel, the support of the ISP is a must.
A Voluntary Tunnel, however, requires you to establish a connection, typically through a VPN Client Software on your computer. As a consequence, you send the IP data packets to the ISP which forwards it into the public network.
As the name suggests, for a Voluntary tunnel, it isn’t a must to have the support of the ISP.
What are the advantages and disadvantages of an L2TP?
- The L2TP mentioned above is present on almost every modern device. So it supports a wide range of operating systems.
- Moreover, there is very little technical expertise or knowledge required for configuring it.
- Additionally, it is much more secure and strongly encrypted than its predecessor the PPTP because of the double encapsulation of the data packets.
- It is cost effective as the overhead cost after implementation is very less.
- Recent improvements in technology have meant that even a secure protocol such as the L2TP is proving to be breakable.
- Moreover, as L2TP provides double encapsulation, it faces the problem of being slightly slower than other protocols.
L2TP / IPSec VPN
As discussed above, L2TP does not provide any confidentiality of the data packets. For that reason, IPSec is used in combination with L2TP to create a VPN connection. The L2TP/IPSec uses a limited amount of ports.
This may cause problems when it is used behind NAT firewalls. Moreover, the dependence on limited ports may also make it easy to block.
The L2TP/ IPSec contains double encapsulation which slows the connection down. However, the encryption/decryption process occurs in the kernel. Additionally, the L2TP/IPSec VPN allows multi-threading, a feature which is not possessed by OpenVPN protocol.
One of the other problems that people poorly configure the L2TP/ IPSec VPN. They use pre-shared keys which are downloaded from the internet. The pre-shared keys are only used for authentication. So, even if they get into the wrong hands, the data remains encrypted because of the AES encryption.
However, the attacker could use the pre-shared key to access the VPN server. Then, he could eavesdrop on the encrypted internet traffic and in extreme cases even inject some malicious data into the connection.