L2TP - Layer 2 Tunneling Protocol =================================== .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is L2TP (Inside VPN)?** L2TP (Layer 2 Tunneling Protocol) is commonly used in combination with IPsec to create secure VPN tunnels. L2TP handles the tunneling of data, while IPsec provides encryption and authentication, making the combination a secure and widely supported VPN solution. Think of it as a secure pipeline where L2TP builds the tunnel and IPsec locks it with encryption and integrity checks. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is L2TP important inside VPN?** * **Secure Tunneling** – When paired with IPsec, it ensures both tunneling and encryption. * **Cross-Platform Compatibility** – Supported by most operating systems and VPN clients. * **Layer 2 Flexibility** – Can tunnel non-IP protocols over IP networks. * **Widely Used** – Common in enterprise VPNs and personal VPN services. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How L2TP works (in simple steps):** * A user initiates a VPN connection using L2TP. * IPsec establishes a secure encrypted channel. * L2TP creates a tunnel within the encrypted IPsec connection. * Data is encapsulated and encrypted before transmission. * The VPN server decrypts and decapsulates the data and forwards it to the destination. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is L2TP used (inside VPN)?** * **Corporate VPNs** – For secure remote access to internal networks. * **Personal VPN Services** – Offered by many commercial VPN providers. * **Mobile VPN Access** – Supported on mobile devices for secure connectivity. * **Cross-Platform VPNs** – Works across Windows, macOS, Linux, Android, and iOS. * **Secure Public Wi-Fi Access** – Protects data on untrusted networks. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI Layer does this protocol belong to?** * L2TP operates at the **Data Link Layer (Layer 2)** of the OSI model. * It encapsulates Layer 2 frames rather than just IP packets. * This allows it to tunnel non-IP traffic and maintain protocol independence. * When combined with IPsec, it delivers Layer 2 tunneling with Layer 3 encryption. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is L2TP Windows specific?** * No, L2TP is not Windows-specific. * L2TP is supported across a wide range of operating systems, including Windows, Linux, macOS, and mobile devices. * It is commonly used in conjunction with IPsec to provide a secure VPN tunnel. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is L2TP Linux specific?** * No, L2TP is not Linux-specific. * L2TP is widely supported on Linux, along with other operating systems like Windows and macOS. * On Linux, L2TP is often used with IPsec for creating secure VPNs, and tools like `xl2tpd` are used to implement L2TP. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Transport Protocol is used by L2TP?** * L2TP uses **UDP** as its transport protocol. * Specifically, L2TP communicates over **UDP port 1701** to establish a tunnel between the client and server. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Port is used by L2TP?** * L2TP typically uses **UDP port 1701** for tunneling. * When used with **IPsec**, L2TP also uses **UDP port 500** (for IKE) and **UDP port 4500** (for NAT traversal). .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is L2TP using Client-server model?** * Yes, L2TP uses the client-server model. * In this model, the client (such as a user's device) initiates the connection to the server (typically a VPN gateway or L2TP server), which authenticates the client and establishes a secure tunnel for data transmission. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`L2TP Version&RFC Details ` * :ref:`L2TP Basic Setup on Ubuntu using IPv4 ` * :ref:`L2TP Basic Setup on Ubuntu using IPv6 ` * :ref:`L2TP Protocol Packet Details ` * :ref:`L2TP Usecases ` * :ref:`L2TP Basic Features ` * :ref:`L2TP Feature : Tunneling ` * :ref:`L2TP Feature : Session Multiplexing ` * :ref:`L2TP Feature : Control and Data Separation ` * :ref:`L2TP Feature : Protocol Independence ` * :ref:`L2TP Feature : UDP-Based Transport ` * :ref:`L2TP Feature : No Native Encryption ` * :ref:`L2TP Feature : AVP-Based Control Messages ` * :ref:`L2TP Feature : Reliable Control Messaging ` * :ref:`L2TP Feature : Tunnel and Session IDs ` * :ref:`L2TP Feature : Extensibility (L2TPv3) ` * :ref:`Reference links ` .. _L2TP_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _L2TP_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _L2TP_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _L2TP_step5: .. tab-set:: .. tab-item:: L2TP Version&RFC Details .. csv-table:: :file: ./L2TP/L2TP_Version&RFC_Details.csv :widths: 10,10,10,30 :header-rows: 1 .. _L2TP_step20: .. tab-set:: .. tab-item:: L2TP Basic Setup on Ubuntu using IPv4 **Setup** .. _L2TP_step21: .. tab-set:: .. tab-item:: L2TP Basic Setup on Ubuntu using IPv6 **Setup** .. _L2TP_step6: .. tab-set:: .. tab-item:: L2TP Protocol Packet Details **L2TP Control Message** .. csv-table:: :file: ./L2TP/L2TP_packetdetails1.csv :widths: 10,20,30,10 :header-rows: 1 **L2TP Data Message** .. csv-table:: :file: ./L2TP/L2TP_packetdetails2.csv :widths: 10,20,30,10 :header-rows: 1 .. _L2TP_step7: .. tab-set:: .. tab-item:: L2TP Usecases .. csv-table:: :file: ./L2TP/L2TP_Use_Cases.csv :widths: 10,20,30 :header-rows: 1 .. _L2TP_step8: .. tab-set:: .. tab-item:: L2TP Basic Features .. csv-table:: :file: ./L2TP/L2TP_Basic_Features.csv :widths: 10,10,30 :header-rows: 1 .. _L2TP_step9: .. tab-set:: .. tab-item:: L2TP Feature : Tunneling **Tunneling - Testcases** .. csv-table:: :file: ./L2TP/L2TP_Feature1_Tunneling_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _L2TP_step10: .. tab-set:: .. tab-item:: L2TP Feature : Session Multiplexing **Session Multiplexing - Testcases** .. csv-table:: :file: ./L2TP/L2TP_Feature2_Session_Multiplexing_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _L2TP_step11: .. tab-set:: .. tab-item:: L2TP Feature : Control and Data Separation **Control and Data Separation - Testcases** .. csv-table:: :file: ./L2TP/L2TP_Feature3_Control_and_Data_Separation_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _L2TP_step12: .. tab-set:: .. tab-item:: L2TP Feature : Protocol Independence **Protocol Independence - Testcases** .. csv-table:: :file: ./L2TP/L2TP_Feature4_Protocol_Independence_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _L2TP_step13: .. tab-set:: .. tab-item:: L2TP Feature : UDP-Based Transport **UDP-Based Transport - Testcases** .. csv-table:: :file: ./L2TP/L2TP_Feature5_UDP_Based_Transport_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _L2TP_step14: .. tab-set:: .. tab-item:: L2TP Feature : No Native Encryption **No Native Encryption - Testcases** .. csv-table:: :file: ./L2TP/L2TP_Feature6_No_Native_Encryption_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _L2TP_step15: .. tab-set:: .. tab-item:: L2TP Feature : AVP-Based Control Messages **AVP-Based Control Messages - Testcases** .. csv-table:: :file: ./L2TP/L2TP_Feature7_AVP_Based_Control_Messages_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _L2TP_step16: .. tab-set:: .. tab-item:: L2TP Feature : Reliable Control Messaging **Reliable Control Messaging - Testcases** .. csv-table:: :file: ./L2TP/L2TP_Feature8_Reliable_Control_Messaging_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _L2TP_step17: .. tab-set:: .. tab-item:: L2TP Feature : Tunnel and Session IDs **Tunnel and Session IDs - Testcases** .. csv-table:: :file: ./L2TP/L2TP_Feature9_Tunnel_and_Session_IDs_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _L2TP_step18: .. tab-set:: .. tab-item:: L2TP Feature : Extensibility (L2TPv3) **Extensibility (L2TPv3) - Testcases** .. csv-table:: :file: ./L2TP/L2TP_Feature10_Extensibility(L2TPv3)_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _L2TP_step19: .. tab-set:: .. tab-item:: Reference links * Reference links