We may earn affiliate commissions for the recommended products. Learn more.
What is Layer 2 Tunnel Protocol (L2TP) and do you need it?: A Summary
L2TP, or Layer 2 Tunneling Protocol, is an older VPN protocol used to create secure data tunnels, though it requires IPSec for encryption. Initially popular in the early 2000s, L2TP offered basic security by establishing a tunnel, with IPSec handling data encryption through AES-256, but it has been largely phased out in favor of more advanced protocols like OpenVPN and IKEv2. L2TP’s inability to encrypt on its own, coupled with limited firewall evasion and slower speeds due to IPSec overhead, make it a less reliable choice for modern VPN needs.
Despite these limitations, L2TP has some advantages: it is widely compatible across devices and relatively easy to set up with IPSec. However, it is now considered outdated and vulnerable, as it does not match the security, speed, or flexibility of newer VPN protocols like OpenVPN, which uses SSL/TLS for encryption and excels at bypassing firewalls, or IKEv2, which offers stable connections and quick reconnections, especially on mobile devices.
While L2TP/IPSec remains in use for some legacy systems, modern VPN providers generally recommend more secure protocols to ensure privacy and stability in diverse network environments.
L2TP — Layer 2 Tunnel Protocol is one of the oldest VPN protocols and was used to create secure tunneling for data transfer. It was used by VPN providers in the early 2000s but has been retired with the development of modern protocols like WireGuard and OpenVPN.
Like IKEv2, L2TP also uses the IPsec technology to transfer data securely because it does not encrypt data by itself. The combination of both makes data secure and ensures its transfer through a VPN tunnel. This article will discuss everything you need to know about the L2TP VPN protocol, its advantages & disadvantages, and whether you should use it in 2024.
L2TP is a VPN protocol whose job is to create a secure tunnel between two points. The idea behind it was to create a secure passage through which data can be transported, the basic functionality of a VPN in today’s world.
L2TP can create a tunnel for data transportation, but it can’t encrypt your data. This is where the functionality of IPsec kicks in. L2TP and IPsec complement each other, where L2TP creates a secure connection between your devices and the VPN server, and IPsec encrypts the data.
IPsec controls the data that has to be transmitted between two points and encrypts it with a cryptographic key. However, the encryption done by IPsec is secured using AES-256 encryption combined with SHA2-384. Furthermore, IKEv2/IPsec applies Perfect Forward Secrecy (PFS) with 3072-bit Diffie-Hellman keys.
How does L2Tp work?
The Layer 2 Tunneling Protocol works like a VPN where it creates a tunnel to transfer data between your device and the server. It uses IPsec to encrypt data before it reaches its destination.
Your data passing through L2Tp/IPsec is first broken into small packets and then encrypted by IPsec encryption. L2Tp then encapsulates these data packets to pass through the tunnel using a public network.
The L2Tp protocol unpacks these packets, and IPsec decrypts this data upon reaching the endpoint (receiving end). The decrypted packets are now accessible to the VPN server and LAN connected to it.
Is L2Tp safe?
L2Tp was used for the first time back in 1999 and originated by the combination of two protocols, Cisco’s Layer 2 Forwarding Protocol (L2F) and Microsoft’s Point-to-Point Tunneling Protocol (PPTP).
L2Tp was used by most VPN providers in the early 2000s, but due to its nature and lack of encrypting data, it was discontinued, and modern VPN protocols took its place. In comparison with modern VPN protocols, L2TP is unsafe, and I won’t recommend it.
That is because both complement each other. L2Tp creates a secure connection between your device and the VPN server, and IPsec encrypts the data into packets that are decrypted upon reaching their destination.
What are the pros and cons of using L2TP?
Earlier in this article, I mentioned that L2TP was first introduced in 1999, making it one of the oldest VPN protocols. However, the VPN protocol has not been obsolete and is still used by many to share files. Here are the pros and cons of using the L2TP VPN protocol.
Pros
Broad Compatibility: Works seamlessly with a range of devices and OS, including Windows, MacOS, Linux, iOS, Android, and routers, when paired with IPsec.
Supports Multiple Protocols: Handles both IPv4 and IPv6, offering flexibility in securing data across various protocol types.
PPP Features Integration: Utilizes PPP for tunneling, adding layers of authentication, encryption (with IPsec), and data compression.
Dual Tunneling Options: Offers both user-initiated (voluntary) and network-initiated (compulsory) tunneling modes for versatile connectivity.
Cons
Reduced Speed: Double encapsulation of data leads to slower transmission speeds, making L2TP a slower protocol.
Limited Security: L2TP only creates a tunnel without encrypting data, making it vulnerable to data breaches unless paired with IPsec.
Firewall Limitations: Often struggles to bypass firewalls, making it less effective against network restrictions.
Complex Setup: Requires pairing with IPsec for encryption, resulting in a more complicated setup than newer protocols.
What is L2TP Passthrough?
L2TP passthrough is a router feature that allows L2TP traffic to pass through the network’s NAT, enabling a VPN client to connect to a VPN server over the internet. When the passthrough feature is disabled, the router’s security settings might block L2TP traffic, preventing the VPN connection.
This feature forwards the traffic between a client and the server and does not process the VPN traffic.
L2Tp compared with other VPN protocols
L2TP has its own advantages and disadvantages, which are mentioned above. Here is an in-depth comparison of L2TP with other VPN protocols.
L2Tp vs PPTP
PPTP and L2Tp were both introduced in 1999, and both are now outdated and retired VPN protocols. Here is a head-to-head comparison between them.
Feature
PPTP
L2TP
Encryption
128-bit encryption, offering basic security
No encryption on its own; combined with IPSec for security
Speed
Faster due to lightweight encryption
Slower due to additional security layers with IPSec
Security
Weak security, vulnerable to attacks
Moderately secure with IPSec, less prone to vulnerabilities
Firewall Evasion
Easily blocked by firewalls
Better but wont bypass VPN blocks & firewalls.
Compatibility
Compatible with older devices and platforms
Widely compatible with most modern devices
Stability
Stable but may disconnect with IP changes
Generally stable and reliable performance
Setup
Quick and simple to set up
Easy to set up, especially with IPSec support
L2Tp vs IKEv2
IKEv2 has many better points than L2Tp; it is fast, secure, and is preferred for mobile devices. Both VPN protocols use IPsec for data encryption.
Here is a comparison between the two VPN protocols.
Feature
L2TP
IKEv2
Encryption
No encryption by itself; combined with IPSec for security
Works with IPSec for strong, built-in encryption
Speed
Moderate, slower than IKEv2 due to additional overhead
Generally faster due to efficient handling of IP packets
Security
Moderate security, relies on IPSec for encryption
High security, designed to work securely with IPSec
Network Stability
Stable but may struggle with network switching
Very stable, quickly reconnects if the network changes
Firewall Evasion
Limited, can struggle with firewall traversal
Limited as well, sometimes requires third-party software
Compatibility
Widely compatible with many platforms
Broad support, especially on mobile, but may need third-party software
Setup
Relatively easy to set up, commonly used with IPSec
Easy setup with VPN clients, especially on mobile
L2Tp vs OpenVPN
OpenVPN is one of the best VPN protocols in today’s world and is used by most modern VPN providers. It is fast, secure, easy to use and best to use in countries where using a VPN is illegal.
On the other hand, L2TP has been retired from the VPN industry and has vulnerabilities. I recommend using OpenVPN instead.
Here is the head-to-head comparison between them.
Feature
L2TP
OpenVPN
Encryption
No encryption on its own; relies on IPSec for security
Uses SSL/TLS for robust, flexible encryption
Speed
Moderate speed, may slow down with high-latency connections
Generally faster on high-latency and low-power devices
Security
Moderate security with IPSec, limited flexibility
High-level security, trusted for privacy and reliability
Firewall Evasion
Limited, struggles with restrictive firewalls
Excellent; can be configured to run on any port
Compatibility
Natively supported on most platforms
Requires third-party software, widely available on major platforms
Configuration Flexibility
Less flexible, limited configuration options
Highly flexible, supports custom configurations
Setup
Relatively easy to set up
Requires setup with third-party VPN client
Conclusion
So far, I have discussed the L2TP protocol and its security. We have also discussed the mechanism behind the protocol and why it became obsolete. Additionally, I have compared L2TP with modern protocols so you can better understand its merits and demerits.
I hope you find this guide informative and will share it with others. For more informative articles, check out VPN for What’s Homepage.
Frequently Asked Questions
L2TP is a VPN protocol used to create secure data tunnels, often combined with IPSec for encryption to enhance security.
L2TP VPN is a VPN connection that is established using L2TP secure tunneling and IPsec for data encryption.
L2TP does not offer encryption but uses IPsec for data encryption. Microsoft and modern VPN providers have discontinued it due to its lack of security.
L2TP uses IPsec for data encryption. It cant encrypt data and can only create VPN tunnel for data transportation.
L2TP is considered more secure than PPTP because it uses IPsec to encrypt data. On the other hand, PPTP is known for its security weaknesses.
While many commercial VPNs have discontinued support for the L2TP VPN protocol, several providers still offer it in 2025. Here is a list of VPN services that support the L2TP protocol:
Mustafa is a cybersecurity analyst and a co-founder of VPN for What. Since 2017, Mustafa has gained international experience, working with governments, NGOs, and the private sector as a cybersecurity and VPN expert and advisor.