L2TP VPN – Everything About Layer 2 Tunneling Protocol

The Layer 2 Tunneling Protocol (L2TP) launched in 1999 is an update on the Point to Point Tunneling Protocol (PPTP). It is a combination of the two protocols, the PPTP of Microsoft and the Layer 2 Forward (L2F) of Cisco. L2TP is one of the most widely used protocol to create a VPN connection between your device and a remote VPN server. This VPN connection through an encrypted tunnel transmits your data securely over a public medium such as the Internet.

The L2TP consists of two main components such as LAC (L2TP access concentrator) and LNS (L2TP network server). The LAC physically can terminate a call, while the LNS is in charge of the transmission of the PPP packets.


The layer 2 tunneling protocol is a session layer protocol. Moreover, this protocol supports two tunnels namely, the compulsory tunnel and the voluntary tunnel.

What is Layer 2 Tunneling Protocol?

L2TP is a VPN protocol designed to create a Virtual Private Network (VPN) connection. It primarily carries Layer 2 traffic over an Internet Protocol (IP) network such as the internet. The L2TP makes use of a User Datagram Protocol (UDP).

Layer two tunneling protocol is often used with an IPSec Protocol to create a VPN connection. This is because it does not possess an encryption feature of its own for encrypting the IP packets.

It is built-in into the modern laptops and mobiles which is one of the reasons why it is so much common in use. It supports all Windows operating systems along with MacOS, iOS, and Android Platforms.

Layer 2 Tunneling Protocol uses the 3DES encryption algorithm. It is considered one of the safest protocols to create a VPN connection.

How does a Layer 2 Tunneling Protocol function?

Layer 2 Tunneling Protocol is an extension of the PPP model. It allows the layer 2 point to point-links (L2) and the PPP endpoint to reside on different devices. These various devices are connected through a network such as the Internet.

Usually, you would have to establish an L2 connection with an access concentrator. The access concentrator then tunnels the PPP data packets to the NAS. This method enables the processing of the PPP packets to be distanced entirely from the termination of the L2 circuit.

Now, an L2TP connection would consist of two components namely a tunnel and a session. The tunnel would provide a reliable transport mechanism between two L2TP Control Connection Endpoint (LCCE’s). The tunnel carries only control packets.

The Session meanwhile remains within the tunnel. It only carries user data. A Single tunnel may contain within it many sessions. The user data in these multiple sessions are kept separate by a session identifier number. The session identifier number is present in the L2TP headers which encapsulate the data packets.

Which are the two types of tunnels in L2TP?

As mentioned above,Layer 2 Tunneling Protocol has two types of tunnels namely the compulsory tunnel and the voluntary tunnel.

Compulsory Tunnel

With a Compulsory tunnel, a remote server initiates a connection with your Internet Service Provider (ISP). The ISP then is responsible for establishing an L2TP connection between your device and the network.

Although the ISP creates a connection, it is up to you to secure it using the VPN. For the Compulsory tunnel, the support of the ISP is a must.

Voluntary Tunnel

A Voluntary Tunnel, however, requires you to establish a connection, typically through a VPN Client Software on your computer. As a consequence, you send the IP data packets to the ISP which forwards it into the public network.

As the name suggests, for a Voluntary tunnel, it isn’t a must to have the support of the ISP.

What are the advantages and disadvantages of an L2TP?


  • The L2TP mentioned above is present on almost every modern device. So it supports a wide range of operating systems.
  • Moreover, there is very little technical expertise or knowledge required for configuring it.
  • Additionally, it is much more secure and strongly encrypted than its predecessor the PPTP because of the double encapsulation of the data packets.
  • It is cost effective as the overhead cost after implementation is very less.


  • Recent improvements in technology have meant that even a secure protocol such as the L2TP is proving to be breakable.
  • Moreover, as L2TP provides double encapsulation, it faces the problem of being slightly slower than other protocols.


As discussed above, L2TP does not provide any confidentiality of the data packets. For that reason, IPSec is used in combination with L2TP to create a VPN connection. The L2TP/IPSec uses a limited amount of ports.

This may cause problems when it is used behind NAT firewalls. Moreover, the dependence on limited ports may also make it easy to block.

The L2TP/ IPSec contains double encapsulation which slows the connection down. However, the encryption/decryption process occurs in the kernel. Additionally, the L2TP/IPSec VPN allows multi-threading, a feature which is not possessed by OpenVPN protocol.


One of the other problems that people poorly configure the L2TP/ IPSec VPN. They use pre-shared keys which are downloaded from the internet. The pre-shared keys are only used for authentication. So, even if they get into the wrong hands, the data remains encrypted because of the AES encryption.

However, the attacker could use the pre-shared key to access the VPN server. Then, he could eavesdrop on the encrypted internet traffic and in extreme cases even inject some malicious data into the connection.


You May Also Like

IPVanish VPN – Ultimate Guide and Research-Based Review

IPVanish VPN is based out of the United States. Released in 2012, It is a relatively new VPN but still one of the best VPNs.

ExpressVPN Review – Secure, Fastest And the Best VPN Service

ExpressVPN is one of the leading choices when it comes to VPN. It has many features which differentiate it from the rest and stand out in a crowd.

SurfShark Review – Relatively New VPN but with Excellent Features

SurfShark is a relatively new VPN in the market but is quickly becoming the most popular one, courtesy its speed and the features provided. With SurfShark VPN you can connect unlimited devices to one account simultaneously.

Best VPN for Torrenting – VPN Ensures Security and Privacy

VPN not only hides your identity but it also encrypts the data. So you get security as well as privacy while torrenting.

NordVPN review – Empowering You To Choose The Best

VPN is about security and privacy which is a vital need of today. NordVPN is one of the most commonly heard names among the VPN users in the cyberspace. Here is the review of NordVPN, updated as of 2019 with comprehensive details and important features. Empower yourself.

More Articles Like This