L2TP is a tunneling protocol derived from PPTP (Point-to-Point Tunneling Protocol) created by Microsoft and L2F (Layer 2 Forwarding) protocols created by Cisco. The IETF working group documented this protocol with RFC 2661.
What is L2TP used in VPN Connection, and How Does It Work?
L2TP is a technology developed for tunneling network traffic over PPP-inactive connections using UDP port 1701. Additionally, PPP, POTS, and ISDN are used for remote dial-up connections.
With this protocol, data transfer is also defined for a wide variety of data package types, including X.25, Frame Relay, and ATM. In addition, PPP, PAP, and CHAP have authentication mechanisms for telephony connection setups and support the use of these authentication protocols such as RADIUS.
This protocol is widely used to provide remote connectivity to corporate networks. However, since there is no encryption in this connection traffic, IPSec is used to ensure network security.
Therefore, because IPSec security is used over this protocol, it is often referred to as IPSec over L2TP.
IPSec (Internet Protocol Security) is a protocol set that authenticates, encrypts, and provides security for IP traffic in a communication session.
IPSec also uses mutual authentication protocols between local and remote destinations for each session, using cryptographic keys for sessions in network traffic.
PPTP has a simpler encapsulation system and uses the RC4 encryption algorithm, which is a price-cheaper in terms of processor/CPU load.
L2TP, on the other hand, has a much more complex encapsulation system of up to 6 layers, thanks to IPSec tunneling, which usually uses 3DES and AES encryption algorithm.
When hardware-based 3DES encryption is implemented in an environment, it offers greater security and is also more effective. However, when this encryption process is used with software, it puts an additional load on the operating system and can reduce performance.
Derived from PPTP and L2F protocols, L2TP/IPSec protocol basically uses a double encapsulation method. Its use with IPSec is standardized by RFC 3193.
The first encapsulation creates the PPP connection, while the second encapsulation creates true IPSec encryption. This method is more secure than PPTP but runs slower as it first processes traffic to L2TP and then adds an additional security layer to this format.
When used with L2TP, AES encryption algorithm, it creates very strong data traffic. The point to note here is that this protocol does not provide an encryption security system on its own.
A layer 2 tunnel is created by encapsulating a packet frame and UDP packet, which creates the encapsulation of source and destination addresses within an IP packet that defines both ends of the tunnel.
How Does It Work?
The process of creating a VPN connection with the L2TP/IPsec protocol includes the following steps;
IPsec SA (Security Association) is usually provided through IKE (Internet Key Exchange). In this process, a shared password, public keys, or X.509 certificates are used on both devices by making UDP port 500.
ESP (Encapsulating Security Payload) communication is provided in transport mode. The IP protocol number for ESP is 50.
Until this step, a secure channel is created, but not a tunnel.
The process of setting up a layer 2 tunnel between SA endpoints begins.
Once IPsec is done through the SA’s secure channel in encryption, IPsec begins encapsulating packets between endpoints.
In this case, the original source and destination IP addresses are encrypted within the packet because the data traffic is hidden within the IPsec packet.
A secure channel is created by transporting PPP packets with IP protocol. Thus, the confidentiality of all data in this channel is ensured.
As a result, IPsec first provides a secure channel, then L2TP creates a tunnel.