The Short History of the L2TP protocol<\/h2>\n\n\n\n
L2TP was built upon Microsoft\u2019s Point-to-Point Tunneling Protocol (PTPP), and it\u2019s employed by internet service providers (ISPs) to enable VPN connections.<\/p>\n\n\n\n
As a series of digital communication procedures, L2TP is only used to offer tunneling capabilities. It gathers user data via private transportation and sends it over public networks. In combination with IPSec, a Layer 3 protection protocol, L2TP provides confidentiality and encryption for VPN functionality.<\/p>\n\n\n\n
L2TP was developed by Microsoft and Cisco with the goal to use it as a replacement for the PTPP. It was published in 1999\/2000 as the RFC 2661 protocol.<\/p>\n\n\n\n
The technology behind this protocol relied on two older tunneling protocols used for establishing a point-to-point connection. The first protocol was Microsoft\u2019s Point-to-Point Tunneling Protocol (PPTP), while the second was Cisco\u2019s Layer 2 Forwarding Protocol (L2F).<\/p>\n\n\n\n
In 2005, a new protocol version, L2TPv3, provided enhanced encapsulation, more security options, and carried data links in new ways.<\/p>\n\n\n\n L2TP allows for tunneling L2 traffic via an IP network or L3 network. L2 and L3 here refer to the second and third levels in a seven-layer OSI, a telecommunication and computer standardization model. L2 is the Data Link layer, while L3 is the Network Layer. L3 works atop L2, which runs over L1, the Physical Layer.<\/p>\n\n\n\n It all starts when L2TP connection is established between the protocol\u2019s two endpoints – the L2TP Access Concentrator (LAC) and the L2TP Network Server (LNS). Once these two are connected and the L2TP tunnel is created, a PPP link layer is enabled, encapsulated, and sent over the internet.<\/p>\n\n\n\n After this, the PPP connection is established by the end-user with the ISP. When the LAC accepts this connection, the PPP link is up and running. A free slot within the network is assigned, and the request moves on to the LNS.<\/p>\n\n\n\n When this connection is fully authorized and active, a virtual PPP interface appears and the passage of link frames through the tunnel can begin. The LNS accepts the frames, removes their encapsulation, and processes them further as regular frames.<\/p>\n\n\n\n There are two primary components of L2TP: a tunnel and a session. The tunnel allows secure transport between two L2TP control connection endpoints. Through it, you can only send and receive control packets.<\/p>\n\n\n\n The other significant component – the session – is responsible for carrying user data through the tunnel. One tunnel can contain more than one session. In that case, session identifier numbers keep user data separate.<\/p>\n\n\n\n L2TP by itself uses no encryption or authentication methods despite being an evolutionary step forward from PPTP. L2TP\u2019s primary purpose is to establish a VPN tunnel<\/a>. For encryption, it has to be bundled with other technologies, such as IPSec.<\/p>\n\n\n\n IPSec is a strong security protocol that employs a robust AES encryption cipher. This protocol also relies on double encapsulation as an additional method of data protection.<\/p>\n\n\n\n As for IPSec\u2019s level of security, the Snowden leaks have revealed that the NSA was trying to crack or weaken this protocol as part of its Bullrun program. While none of these allegations have been proved to be accurate, it is something every VPN user should take into account when thinking about their data security and choosing their VPN protocol.<\/p>\n\n\n\n The L2TP\/IPSec VPN connection starts with the IPSec security association (SA) negotiation that usually goes through Internet key exchange (IKE) and UDP port 500. This connection needs a shared password, an X.509 international telecommunication certificate, or a public key.<\/p>\n\n\n\n Afterward, this protocol creates an Encapsulated Security Payload (ESP) that allows devices on both sides to determine where the data comes from. Then L2TP creates a tunnel between the connection endpoints, and data is packed twice: originally by L2TP, then by the IPSec protocol.<\/p>\n\n\n\n To enhance security, most VPNs will offer L2TP bundled with IPSec.<\/p>\n\n\n\n An L2TP connection needs to go through a router to access the web and transfer its traffic. Passthrough is a router feature you can use to activate or deactivate L2TP traffic on your router.<\/p>\n\n\n\n Another instance where this technology is used is with Network Address Translation (NAT). This feature allows many internet-connected devices attached to a single network to use a single IP address and connection. The issue is that NAT doesn\u2019t work well with L2TP. However, enabling L2TP Passthrough on your router will solve this problem.<\/p>\n\n\n\n Before we move on to comparisons of L2TP with other VPN protocols, we\u2019ll sum up some of its main pros and cons.<\/p>\n\n\n\n On the one hand:<\/p>\n\n\n\n On the other hand, however:<\/p>\n\n\n\n Both Windows and Mac operating systems provide native support for L2TP, making it a widely accessible VPN protocol. And precisely because of this, L2TP is still often offered by various VPN services.<\/p>\n\n\n\n As one of the best VPN services, ExpressVPN supports L2TP as a legacy protocol for Windows and macOS. L2TP provided us with low ping – which is great for competitive multiplayer games – and up to 65 Mbps, which was enough for quick downloads.<\/p>\n\n\n\n The protection measures ExpressVPN uses include the powerful AES 256-bit and wolfSSL encryption, along with SHA512 hash authentication and 4096-bit DHE-RSA keys.<\/p>\n\n\n\n PrivateVPN is another VPN that offers L2TP protocol support. It has over 200 available servers, and you can reach decent download speeds with it, with our test machine reaching 60 Mbps, although that speed might vary depending on the location of the server.<\/p>\n\n\n\n PrivateVPN allows for P2P file sharing, with unlimited bandwidth and a no-logs policy that preserves user privacy. This VPN provider recommends using the L2TP protocol as the best way to browse the internet from China without getting blocked by the Great Firewall.<\/p>\n\n\n\n Private Internet Access offers L2TP\/IPSec protocol support with UDP and TCP connections. The connection speeds were excellent overall. PIA comes with a daemon that removes all traces of your connection data, latest encryption tools, and blockers for malware, ads, and more.<\/p>\n\n\n\n L2TP on its own is not enough to protect your data. Hence most VPN companies offer it in combination with IPSec. Let\u2019s check how it fares in comparison to other popular protocols.<\/p>\n\n\n\n As its successor, L2TP has better security than PPTP thanks to its IPSec pairing. PPTP uses 128-bit encryption and inferior Microsoft Point-to-Point Encryption (MPPE), while L2TP\/IPSec has 256-bit encryption and military-grade AES ciphers.<\/p>\n\n\n\n Additionally, we know that the NSA managed to crack PPTP, while the same can\u2019t be said with certainty about L2TP, although there are some allegations that it happened.<\/p>\n\n\n\n Performance-wise, PPTP is significantly quicker than L2TP. It\u2019s also less stable, since blocking it with firewalls is extremely easy. On the other hand, L2TP uses UDP, and VPN providers can modify the protocol to avoid L2TP being blocked by firewalls.<\/p>\n\n\n\n IKEv2 is another tunneling protocol based on IPSec, which is why many VPN companies offer it in an IKEv2\/IPSec combo. However, IKEv2 is more secure than L2TP\/IPSec thanks to several factors.<\/p>\n\n\n\n First of all, IKEv2 hasn\u2019t been – to the best of our knowledge – cracked by the NSA.<\/p>\n\n\n\n Just like L2TP, IKEv2 was created by Microsoft and Cisco. However, there is an open-source version of this tunneling protocol many users consider more trustworthy.<\/p>\n\n\n\n Thanks to the Mobility and Multihoming Protocol (MOBIKE), IKEv2 is more stable and reliable than L2TP. MOBIKE makes this protocol resistant to network changes: You can switch from a Wi-Fi connection to your data plan without losing the VPN connection.<\/p>\n\n\n\n OpenVPN takes the lead in this comparison, thanks to the fact it\u2019s open-source, employs SSL 3.0, and you can configure it for more protection. The off-trade is that all this protection makes OpenVPN slower than L2TP.<\/p>\n\n\n\n![\"vpn](\"https:\/\/trinity-core.s3.us-west-1.amazonaws.com\/dataprot\/assets\/62160661a9697.jpeg\")
<\/figure>\n\n\n\nHow It Works<\/h2>\n\n\n\n
![\"l2tp](\"https:\/\/trinity-core.s3.us-west-1.amazonaws.com\/dataprot\/assets\/6216067208239.png\")
<\/figure>\n\n\n\nComponents of an L2TP Configuration<\/h3>\n\n\n\n
L2TP\/IPSec Combination for Enhanced Security<\/h3>\n\n\n\n
L2TP Passthrough<\/h3>\n\n\n\n
Benefits and Drawbacks of L2TP<\/h2>\n\n\n\n
\n
\n
Top 3 VPNs Offering the L2TP Protocol<\/h2>\n\n\n\n
1. ExpressVPN<\/h3>\n\n\n\n
2. PrivateVPN<\/h3>\n\n\n\n
3. PIA<\/h3>\n\n\n\n
How Does L2TP Stack Up to Other Protocols?<\/h2>\n\n\n\n
L2TP vs. PPTP<\/h3>\n\n\n\n
L2TP vs. IKEv2<\/h3>\n\n\n\n
L2TP vs. OpenVPN<\/h3>\n\n\n\n