L2TP VPN

L2TP is one of those terms that sound like a Jpop band that you run into on the hunt for a good VPN provider. But what does this acronym that’s four letters short of being a decent password mean? This article will explain!

What is L2TP?

L2TP – Layer 2 Tunneling Protocol – is a tunneling protocol used in creating VPN connections. However, it only provides tunneling – bundling up data for private transportation over public networks. For VPN functionality, it uses IPsec, which provides encryption and confidentiality.

How does L2TP work?

How does L2TP work?

As a standard, Layer 2 Tunneling Protocol – protocol being a set of procedures that direct digital communication processes – was first proposed in 2000. L2TP builds upon two older tunneling protocols: Layer 2 Forwarding Protocol by Cisco and (ancient and unsecure) PPTP by Microsoft. 

Tunneling bundles up data for transmission over a network – think of putting an envelope into another envelope. This allows running protocols over networks that can’t support them (as the data of the former is packed in a way that’s friendly to the latter) – or transmitting private data securely. L2TP handles the tunneling part.

It remains in use due to being implemented on Windows platforms since Windows 2000, on Mac since Mac OS X 10.3, as well as having a wide variety of Linux versions.

What is L2TP/IPsec?

Naturally, tunneling wouldn’t be worth much if the data wasn’t encrypted. That’s why L2TP is used together with IPsec. By itself, IPsec appeared in 1995, and it can carry out the steps needed to create a VPN tunnel. However, L2TP borrows only the security features. 

IPsec carries out the security association, where your device and the VPN server agree on what security and encryption tools to use. It then creates the Encapsulated Security Payload, which lets the devices on either end know that the data really comes from where it claims to come from. L2TP then establishes the tunnel. Eventually, the data is bundled twice: first by L2TP, then by IPsec. 

Is L2TP secure?

Is L2TP secure?

There have been allegations that the NSA compromised L2TP encryption to some level. However, that issue only seems to arise when the communication is secured with a weak pre-shared password. So, in the end, the security depends on how well the VPN provider set it up. 

A bigger, more pertinent issue is speed. L2TP encapsulates data twice, which requires more device resources. It also increases “encryption overhead” – that is, how much bandwidth is used strictly for security purposes, which slows down your internet connection. 

Lastly, it is said that L2TP can be a bit bothersome to set up, but this is not an issue for the users. If you’re looking for a VPN to unlock content and have a bit of privacy online, a VPN provider will have prepared a client that does all the setup business for you. 

How do I set up an L2TP VPN?

First of all, we do not recommend setting up an L2TP VPN connection due to its inferiority to other VPN protocols available at this time. However, if you do wish to do this manually, you will need:

  • A VPN provider that supports L2TP connections to get a  VPN server address
  • Follow these instructions depending on what device you’re trying to set the VPN up on:

Once again, we advise you to consider other options! 

L2TP vs. Other VPN protocols

At the end of the day, how does L2TP stack up against other VPN protocols

Protocol
When compared to L2TP, it’s...
PPTP
...strictly worse.
IKEv2
... more secure, definitely faster, especially on mobile devices.
OpenVPN
...definitely more secure, probably faster.
Wireguard
...strictly better.
Shadowsocks
...a lot better suited for overcoming the Great Chinese Firewall.

L2TP: should you use it?

All things considered, L2TP is a VPN protocol that doesn’t offer much aside from the platforms it’s implemented on. And when it comes to choosing ready-made VPN packages, the providers have moved on for newer, better things. Instead of staying with L2TP, why not choose a VPN with easy access to IKEv2, OpenVPN, Wireguard, and even Shadowsocks?

Get yourself a modern VPN

Get Surfshark