What Is Layer Two Tunneling Protocol (L2TP)?

Last Updated: July 22, 2021

VPNs (Virtual Private Networks) have different features that help provide more security, a stronger internet network, or enhanced speed for users. Many people don’t bother too much about how VPNs work, but some still wonder about the mechanics of a VPN.

A VPN uses one or several VPN protocols for its functionality. You could see a VPN protocol as a set of rules  VPNs use to establish a secure virtual network. There are many VPN protocols today, but in this article, we’ll be discussing L2TP (Layer Two Tunneling Protocol). L2TP is very popular, and most VPN providers implement it. We’ll tell you all you need to know about what L2TP is, how it works, benefits, drawbacks, and more. 

What Is L2TP?

L2TP, or Layer Two Tunneling Protocol, is a computer tunneling protocol that VPNs and Internet Service Providers (ISPs) use. VPNs take advantage of its connectivity, and ISPs use it to facilitate VPN operations.

L2TP was officially published in 1999. Microsoft and Cisco developed it as an upgrade of the Point-to-Point Tunneling Protocol (PPTP). L2TP is a merger of Microsoft’s PPTP and Cisco’s L2F (Layer 2 Forwarding) protocol.

Although the protocol was designed to improve PPTP and L2F, it is not perfect on its own. L2TP is usually paired with another protocol to get the most of its potential. The most common pair is L2TP/IPSec. IPSec is used to ensure that data packets are secure.

There are so many security possibilities with L2TP/IPSec. For example, you can use them with the most efficient encryption keys like the military-grade AES 256 and the 3DES algorithm. This doesn’t mean that L2TP isn’t secure on its own. The protocol uses double encapsulation, but it is more resource-intensive.

L2TP is usually connected through the TCP port 1701, but L2TP/IPSec uses different ports for various purposes: It uses the 4500 for NAT, the UDP port 500 for Internet Key Exchange (IKE) 1701 for L2TP traffic.

How Does L2TP Work?

L2TP tunneling happens between two endpoints on the internet: the L2TP Access Concentrator (LAC) and the L2TP Network Server (LNS). So, the first process in the tunneling process is creating a connection between the two endpoints. With the link active, a PPP layer is enabled and encapsulated. Afterward, it is sent across the web.

In the next step, the PPP connection is initiated by the end-user via the ISP. Once that happens, the LAC accepts the connection, which establishes the PPP link. After that, a free slot within the network is allocated, and the request moves on to the LNS.

When the connection has been thoroughly authenticated and accepted, a virtual PPP interface is created. Once this is successfully achieved, the link frames can pass through the tunnel freely. At the LNS endpoint, the L2TP encapsulation is removed before it begins to process the accepted frames.

L2TP vs. Other VPN Protocols

As we said earlier, several other VPN protocols exist. At this point of the article, we’ll be comparing L2TP to a couple of other VP protocols:

L2TP vs. PPTP

L2TP was designed to succeed PPTP, so it generally has more improved attributes. To begin with, L2TP is a lot more secure than PPTP because it’s usually paired with IPSec. Also, L2TP supports 256-bit encryption, while PPTP uses 128-bit encryption. Additionally, PPTP uses weak MPPE ciphers, while L2TP supports highly secure ciphers like military-grade AES encryption.

PPTP is faster than L2TP because it is more lightweight, but it is unstable. Firewalls can easily block PPTP. L2TP, however, bypasses such firewalls because it runs over UDP. Furthermore, VPN providers configure the L2TP protocol to ensure that NAT firewalls don’t block it. Speaking of security, PPTP has been cracked by the NSA, and it has also been alleged that L2TP has been cracked, but there’s no evidence of that yet.

Finally, L2TP was developed by Microsoft in collaboration with Cisco, while PPTP was developed by Microsoft alone. Because L2TP doesn’t belong to Microsoft alone, many people believe it is more trustworthy and secure.

L2TP vs. IKEv2

IKEv2 is a tunneling protocol based on IPSec. Thus, it offers the same level of security you’ll get from L2TP. But unlike L2TP, there are no rumors about IKEv2 being compromised by the NSA.

In terms of stability, IKEv2 is the better protocol because of its Mobility and Multihoming Protocol (MOBIKE) which helps the protocol withstand network changes. If you’re using a VPN that uses IKEv2, you can switch your network from a WiFi connection to mobile data (and vice versa) without your VPN connection crashing. IKEv2 can also automatically resume working after your VPN connection is suddenly interrupted by a power outage or network drop.

Microsoft and Cisco also developed IKEv2, but it is usually a preferred option and more trusted because it offers open-source versions.

L2TP vs. OpenVPN

L2TP and OpenVPN are both highly secure protocols, but OpenVPN takes a front seat because it’s open-source, uses SSL 3.0, and can be configured for extra protection. However, its extra security causes slower connection speeds.

OpenVPN is more stable than L2TP because it can use any port it prefers, including the HTTPS port 443. This means that its connections could appear as HTTPS traffic, making it more difficult for an ISP or network admin to block OpenVPN with a firewall. On the other hand, L2TP cannot get through NAT firewalls unless you configure it correctly (which is a complex process if you’re not experienced).

OpenVPN is compatible with many platforms, but it doesn’t usually have built-in support like L2TP does. This makes it an even longer process to set up OpenVPN connections on devices. However, if you subscribe to a VPN that supports OpenVPN connections, you’ll barely have to do anything because the provider has already set it up.

L2TP vs. SSTP

Microsoft developed SSTP (Secure Socket Tunneling Protocol), but L2TP is a more trusted protocol because Cisco was involved in its development. SSTP uses 3.0 and can use port 443 (the port reserved for HTTPS traffic).

L2TP is often considered to be slower than SSTP because of its double encapsulation. It is also better than SSTP in terms of cross-platform compatibility. SSTP is a built-in feature on Windows devices, but you can set it up on Android, Linux, and Routers. Meanwhile, L2TP is built-in in most operating systems, and you can also set it up on many other platforms.

L2TP vs. WireGuard

L2TP/IPSec and WireGuard are both very secure protocols, but WireGuard utilizes more recent algorithms that third parties can’t manipulate. Also, WireGuard is open-source.

Both protocols are stable, but it is more likely for a network admin or firewall to block L2TP/IPSec because it only uses three ports (UDP 500, UDP 4500, and ESP IP Protocol 50). If you don’t pair L2TP with IPSec, it uses only UDP 1701. On the other hand, WireGuard can use so many UDP ports.

WireGuard is faster than L2TP/IPSec because it doesn’t encapsulate data twice as L2TP does. It also uses fewer resources. However, you can use both protocols on most operating systems. Whichever of them your VPN provider uses, you can be sure about your safety. However, if you had to choose between the two, you should go with WireGuard because it’s faster and better for privacy.

L2TP vs. SoftEther

In terms of security, both L2TP and SoftEther can use 256-bit encryption and a strong AES encryption cipher. Unlike L2TP, SoftEther is open-source, and it uses SSL 3.0. It is also a very stable protocol and a good substitute for OpenVPN.

One interesting thing about SoftEther is that it is both a protocol and a VPN server. The VPN server supports L2TP/IPSec and many other protocols. The SoftEther protocol is also faster than L2TP despite its high security. Its developers focused more on high-speed throughput. Meanwhile, L2TP was programmed with narrowband telephone lines in mind.

Both protocols are compatible with most platforms, but SoftEther is harder to set up. Even if you use a VPN provider that uses the SoftEther protocol, You’ll still have to install SoftEther on your device.

L2TP vs. IPSec

Although L2TP is usually paired with the IPSec protocol, some VPN providers offer IPSec protocol alone. IPSec provides online security through encryption, while L2TP doesn’t have any form of encryption. Also, L2TP is easier to block with a firewall than IPSec because of its lack of encryption.

The advantage L2TP has over IPSec is that it can transport other protocols. L2TP/IPSec and IPSec offer similar security, but L2TP/IPSec is slower and more resource-intensive because of its double encapsulation.

Advantages of L2TP

Here are some advantages of L2TP:

1. It offers outstanding online security when paired with the IPSec protocol.

2. L2TP has built-in support on Windows and macOS, and it also works on other operating systems.

3. L2TP provides reliable connectivity.

4. It is easy to set up on its own or as L2TP/IPSec.

Disadvantages of L2TP

L2TP is not flawless. Some of its disadvantages include:

1. L2TP is not a secure protocol on its own because it lacks encryption.

2. It uses resource-intensive double encapsulation, which reduces connection speed.

3. L2TP connections can be blocked by NAT firewalls and network admins if it’s not manually configured to bypass them.

Conclusion

L2TP is an effective protocol when it is paired with another protocol. If you use it alone, you’ll be exposed to security and privacy threats. L2TP is a built-in feature on most operating systems, and it is easy to set up and use. It can also provide fast connections under the right circumstances. Generally, L2TP is a great protocol, and it does okay when compared with other protocols.