What is L2TP, and is it a reliable protocol to use?
L2TP is a tunneling protocol in charge of crafting VPN tunnels. Each VPN on the market is a blend of protocols, techniques, and mechanisms. Their primary aim is to encrypt users’ internet traffic, rendering it unreadable. However, encryption is only a fragment of the bigger picture. Even if a VPN encrypts data, it still needs to build a tunnel for the data to traverse through. Thus, tunneling protocols are responsible for delivering the data to its destination and returning the response safely. L2TP is one of these protocols establishing a connection between the VPN server and your device.
What is L2TP?
L2TP (Layer 2 Tunneling) is a popular VPN tunneling protocol. Its original aim was to replace PPTP, a vulnerable protocol no longer in mainstream use. The creators of L2TP were Microsoft and Cisco. And the final product took the best out of Microsoft’s PPTP and Cisco’s L2F (Layer 2 Forwarding).
Hence, L2TP refers to a set of rules for transporting data from one point to another. Even though L2TP surpasses PPTP, it cannot do much alone. It needs a partner, a trusted sidekick, to rely on for encryption.
Therefore, L2TP usually takes IPSec as an ally. The latter is a protocol designed exclusively for prioritizing confidentiality, integrity, and authentication of communications. And these factors are precisely what L2TP lacks. The L2TP/IPSec combination is usually responsible for creating tunnels and encrypting the packets between the endpoints.
Despite being a relatively safe protocol, you might not encounter L2TP frequently. Many VPN providers opt for more modern protocols as their primary choices. However, some applications might still offer L2TP/IPSec as a manually configured option. Words of caution should accompany such options.
While L2TP/IPSec is relatively secure, its key benefits are in anonymization and location change. This combination is not the best-in-class when it comes to fighting censorship or unjust internet restrictions.
How does L2TP/IPSec work?
Due to security gaps in L2TP, it usually pairs with IPSec. Let’s review how both of them work together.
- The IPSec performs a procedure called security association (SA). It is the agreement between two network entities on shared security attributes. Then, they can establish secure communications. This dialogue typically occurs via IKE and over UDP port 500.
- Now, it is time for Encapsulating Security Payload (ESP). It is a component of the IPSec suite, and its purpose is to encrypt and authenticate packets. Thus, this procedure allows two entities to communicate via a secure channel. Nevertheless, no data exchange (or tunneling) happens at this point.
- So far, it was IPSec doing most of the work. Now, L2TP steps in and builds a tunnel between the two entities. The latter refers to the VPN client and the VPN server. Also, L2TP uses UDP port 1701.
- Finally, IPSec encapsulates the L2TP packets between the entities. With the secure connection established, the VPN client and the VPN server can communicate safely.
Pros and cons of using L2TP
L2TP has been around for a long time (published in 2000). However, its usage has significantly decreased. Now, even if providers offer L2TP/IPSec, users need to configure manually. By default, VPNs support their connections via other protocols. Let’s find out why.
- The L2TP protocol can be highly secure when used in conjunction with IPSec.
- It is highly compatible, working on operating systems like Windows and macOS by default.
- L2TP (and L2TP/IPSec) are relatively easy to set up due to their high compatibility.
- More firewall-friendly as it runs over UDP protocol.
- L2TP is much safer than PPTP. Thus, it is always best to choose L2TP between the two.
- L2TP does not offer the best performance. It uses more CPU, meaning that such VPN connections can be slower.
- This protocol is better at securing data than evading geo-restrictions and censorship. It is because L2TP communicates via UDP, and such communications are easier to block.
- Experts have doubts about the reliability of L2TP. The NSA may have weakened the standard. However, it is a speculation, not a fact.
- Other protocols like WireGuard, OpenVPN, and IKEv2/IPSec have showcased robust security with minimal speed drops. Thus, these three options are typically better than L2TP/IPSec.
Does Atlas VPN use L2TP?
We agree that L2TP/IPSec has its benefits, no severe vulnerabilities, and is theoretically safe. However, its contribution is less impressive than other modern protocols available.
For instance, WireGuard offers a fine blend of security and speed. The lightweight protocol supports one of the fastest connections and uses superior techniques (like ChaCha20 and Blake2). IKEv2/IPSec is also a widely trusted protocol, especially useful to mobile users. For instance, it makes it easy to jump between mobile data and Wi-Fi without losing the VPN connection.
Therefore, we currently offer WireGuard and IKEv2/IPSec. Both of these protocols are highly secure and will provide the robust protection you need.
Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.