8.7.9 Layer 2 Tunneling Protocol
In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support
virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any
encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within
the tunnel to provide privacy.
Description
The entire L2TP packet, including payload and L2TP header, is sent within a User Datagram Protocol
(UDP) datagram. It is common to carry PPP sessions within an L2TP tunnel. L2TP does not provide
confidentiality or strong authentication by itself. IPsec is often used to secure L2TP packets by
providing confidentiality, authentication and integrity. The combination of these two protocols is
generally known as L2TP/IPsec (discussed below). The two endpoints of an L2TP tunnel are called
the LAC (L2TP Access Concentrator) and the LNS (L2TP Network Server). The LNS waits for new
tunnels. Once a tunnel is established, the network traffic between the peers is bidirectional. To be
useful for networking, higherlevel protocols are then run through the L2TP tunnel. To facilitate this,
an L2TP session (or ’call’) is established within the tunnel for each higherlevel protocol such as PPP.
Either the LAC or LNS may initiate sessions. The traffic for each session is isolated by L2TP, so it
is possible to set up multiple virtual networks across a single tunnel. MTU should be considered
when implementing L2TP. The packets exchanged within an L2TP tunnel are categorized as either
control packets or data packets. L2TP provides reliability features for the control packets, but no
reliability for data packets. Reliability, if desired, must be provided by the nested protocols running
within each session of the L2TP tunnel. L2TP allows the creation of a virtual private dialup network
(VPDN) to connect a remote client to its corporate network by using a shared infrastructure, which
could be the Internet or a service provider’s network.
Setting up L2PT interface
In order to create a L2TP tunnel following steps are required:
1. Go to
Network > Interfaces > Add new interface
:
2. Enter interface name and selet L2TP protocol:
88