How Does L2TP Work

How Does L2TP Work?

Layer 2 Tunneling Protocol (L2TP) is one of the well-known VPN protocols for a number of reasons, one of them being its legacy. L2TP has been in use for more than 20 years. Although it has been superseded by other VPN protocols that are faster, more reliable, and provide better security, it remains supported by modern operating systems and devices. Where iProVPN has chosen IKEv2 as the default VPN protocol, it features L2TP as a choice for users where compatibility may be an issue with newer protocols.

L2TP’s History

Communication between computers over networks occurs through standards. They provide a set of rules that computers can recognize and support for compatibility and reliability. Using protocols, two computers built on different architectures can communicate together.

Layer 2 Tunneling Protocol (L2TP) was developed by Cisco and Microsoft and dates back to 1999 – over two decades ago. It serves as a successor to the Point-to-Point Tunneling Protocol (PPTP). The most immediate change from PPTP is improved security. PPTP is not a secure protocol and should only be used where other protocols do not work for you.

How Does L2TP Work?

The L2TP protocol is a tunneling protocol; it does not provide encryption and authentication on its own. Tunneling is the process of encapsulating data packets into a wrapper that can be sent across the internet.

Because L2TP does not inherently have encryption capabilities, it is used in conjunction with IPsec for the security aspect. IPsec is a robust VPN protocol with support for various cipher suites. Using IPsec for authentication also allows the use of certificates. Authentication is an important part of the VPN connection process, which proves the server’s identity. For example, only a rogue VPN server with the certificate would be able to impersonate the real VPN server.

When it comes to encryption, IPsec allows L2TP access to encryption standards such as Advanced Encryption Standard (AES), which is one of the best and popular symmetric key encryption protocols in use today. So you can use up to 256-bit AES encryption to protect data packets against sniffing.

Adding to the cipher suite are message authentication protocols such as SHA that ensure the integrity of data packets. Hashing is used to ensure that messages are not altered during transmission.

Differences Between L2TP/IPsec and OpenVPN

L2TP/IPsec vs. OpenVPN is one of the common questions among VPN users. OpenVPN is much more modern and includes tunneling, authentication, and encryption capabilities; it’s a complete VPN protocol.

What gives L2TP/IPsec a slight edge over OpenVPN is that it can be configured relatively easily. It has native support in operating systems such as Windows, macOS, Android, and iOS. However, as other protocols such as OpenVPN, IKEv2, and Wireguard provide better security while being fast in speed, there is even less reason to use L2TP/IPsec now.

One major drawback of L2TP is its double encapsulation technique, which slows things down.

Under the hood, OpenVPN is an SSL-based VPN, which has its own set of advantages. OpenVPN is open-source, giving it much credit in the VPN community since anyone can peek at the source code and identify any vulnerabilities that could be exploited. Whereas L2TP is a proprietary protocol that was developed over two decades ago during a time when the internet and computing, in general, was a different place, and it’s believed to have been cracked by the NSA as hinted by whistle-blower Edward Snowden.

Where OpenVPN uses certificate-based authentication, L2TP can use both pre-shared key (PSK) and certificates. Pre-shared keys are a password that you use to connect with the VPN server. It does not involve complex key exchange algorithms like Diffe-Helman Exchange to generate and negotiate keys for a session, which are essential to encrypt communication between the client and the VPN server.

Although pre-shared keys cannot expose data that has already between exchanged between the client and the VPN server, it can allow a third party to impersonate a VPN server.

Pros and Cons of L2TP


  • Native support in many operating systems does not require much configuration.
  • Can be paired with IPsec for authentication and encryption.


  • Considered obsolete.
  • Can be blocked by firewalls easily.
  • It is believed that NSA has exploited vulnerabilities in the protocol.
  • Double encapsulation slows down performance.

Conclusion – Should You Use L2TP?

If security is not a concern and you simply want to create a virtual private network for remote access or use a VPN server as a proxy, L2TP will do the job. It’s secure enough to provide basic security. But if you want a faster and modern VPN protocol, then options such as OpenVPN and Wireguard exist that are more difficult to block by firewalls.

Start Browsing Privately!

iProVPN encrypts your data for protection against hackers and surveillance. Unblock your favorite streaming platforms instantly with the best VPN for streaming.

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *