RSystems
Back to Glossary

Networking · Security

L2TP

Also known as: Layer 2 Tunneling Protocol, L2TP/IPsec

L2TP (Layer 2 Tunneling Protocol) is a VPN tunneling protocol that provides the tunnel framework but no encryption on its own — it's almost always paired with IPsec (L2TP/IPsec) to add security.

L2TP on its own just creates a tunnel — it encapsulates Layer 2 frames in IP packets but provides no confidentiality or authentication. In practice, L2TP is always deployed paired with IPsec, which provides the encryption and authentication (the combination is written L2TP/IPsec).

L2TP/IPsec was the dominant Windows built-in VPN protocol for years — available natively in every version of Windows without additional client software. That's its primary historical relevance.

Today, L2TP/IPsec has largely been superseded for remote access:

  • IKEv2/IPsec — faster reconnection, better for mobile clients, supported natively in Windows, macOS, iOS, Android.
  • WireGuard — modern, faster, simpler key management.
  • SSL VPN — works through restrictive firewalls; preferred for corporate remote access.

L2TP uses UDP port 1701 for the tunnel, with IPsec on ports 500 (IKE) and 4500 (NAT traversal). These ports are often blocked by enterprise firewalls and restrictive hotel/airport networks, which is a practical reliability problem that SSL VPN avoids.

L2TP/IPsec is still supported and functional; it's just not the first choice for new deployments.

Related Terms

Networking

IPsec

Encrypts and authenticates IP traffic at the network layer — the foundation of site-to-site VPN tunn

Read

Networking

SSL VPN

Remote network access over HTTPS using TLS — works through any firewall since it runs on port 443.

Read

Networking

VPN

Creates an encrypted tunnel between two endpoints over the public internet — used for remote access

Read