Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Paul1977

5007 posts

Uber Geek


#310802 23-Nov-2023 09:35
Send private message

I understand recent versions of Android have dropped support for L2TP VPNs, I believe over security concerns. I don't use Android, but this got me thinking about L2TP in general.

 

I know L2TP on it's own doesn't encrypt data packets, but when done over IPsec it does. So is L2TP over IPsec still considered a secure and acceptable method of VPN communications for businesses, or is that now considered insecure as well?

 

 


Create new topic
BlakJak
1249 posts

Uber Geek

Trusted

  #3163508 25-Nov-2023 13:11
Send private message

IPSEC provides the secure bit. What would you use L2TP for exactly?




No signature to see here, move along...



BlakJak
1249 posts

Uber Geek

Trusted

  #3163509 25-Nov-2023 13:13
Send private message

Let's put it another way. If you want to bridge your network _at layer 2_ then you're going to need something like L2TP. IPSEC in my experience is usually used layer 3.

 

 

So it'll come back to what you're trying to do, if you want a Layer 2 bridge over an untrusted network and thus want encryption you're going to need to layer it over the top of something else.

 

 

If you control the carrier networks maybe you don't need network layer encryption and just require a L2 Bridge.

 

 

So it's not whether L2TP is still appropriate for "business communications" but whether it's the right tool for the job.

 

These days there are only limited requirements for Layer 2 extensions to remote locations.




No signature to see here, move along...

Paul1977

5007 posts

Uber Geek


  #3164315 27-Nov-2023 09:00
Send private message

BlakJak: Let's put it another way. If you want to bridge your network _at layer 2_ then you're going to need something like L2TP. IPSEC in my experience is usually used layer 3. So it'll come back to what you're trying to do, if you want a Layer 2 bridge over an untrusted network and thus want encryption you're going to need to layer it over the top of something else. If you control the carrier networks maybe you don't need network layer encryption and just require a L2 Bridge. So it's not whether L2TP is still appropriate for "business communications" but whether it's the right tool for the job. These days there are only limited requirements for Layer 2 extensions to remote locations.

 

@BlakJak We're assessing a new cloud hosted product, and they have specified that for some of their communications they use "Layer 2 Tunnelling Protocol (L2TP)/IPsec". It's not clear exactly what communications this is used for though, it's just one of the things listed under their "Encryption" section. Not sure if that helps you. Thanks.




gehenna
8465 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #3164317 27-Nov-2023 09:04
Send private message

Source and destination info will probably give you a better understanding of what the product is trying to do. 


BlakJak
1249 posts

Uber Geek

Trusted

  #3164339 27-Nov-2023 10:11
Send private message

Paul1977:

 

BlakJak: Let's put it another way. If you want to bridge your network _at layer 2_ then you're going to need something like L2TP. IPSEC in my experience is usually used layer 3. So it'll come back to what you're trying to do, if you want a Layer 2 bridge over an untrusted network and thus want encryption you're going to need to layer it over the top of something else. If you control the carrier networks maybe you don't need network layer encryption and just require a L2 Bridge. So it's not whether L2TP is still appropriate for "business communications" but whether it's the right tool for the job. These days there are only limited requirements for Layer 2 extensions to remote locations.

 

@BlakJak We're assessing a new cloud hosted product, and they have specified that for some of their communications they use "Layer 2 Tunnelling Protocol (L2TP)/IPsec". It's not clear exactly what communications this is used for though, it's just one of the things listed under their "Encryption" section. Not sure if that helps you. Thanks.

 

 

You may need to ask why.

 

But a common scenario with cloud hosting might be to have two 'adjacent' platforms that're actually in different platforms (or availability zones, perhaps) and so to create a virtual Layer 2 connection despite the fact that only a Layer 3 channel is available.

 

So that'd be L2TP.

 

Adding IPSEC would ensure protection of the data in transit when it's going across public cloud internet infrastructure.

 

So it's probably a good thing they've thought of having IPSEC.





No signature to see here, move along...

gehenna
8465 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #3164340 27-Nov-2023 10:12
Send private message

BlakJak:

 

You may need to ask why.

 

 

This.  If they don't have a good explanation beyond 'that's how it works", that's a red flag.


Paul1977

5007 posts

Uber Geek


  #3164368 27-Nov-2023 11:09
Send private message

Thanks guys, I've asked for some clarification.


Create new topic





News and reviews »

Logitech G522 Gaming Headset Review
Posted 18-Jun-2025 17:00


Māori Artists Launch Design Collection with Cricut ahead of Matariki Day
Posted 15-Jun-2025 11:19


LG Launches Upgraded webOS Hub With Advanced AI
Posted 15-Jun-2025 11:13


One NZ Satellite IoT goes live for customers
Posted 15-Jun-2025 11:10


Bolt Launches in New Zealand
Posted 11-Jun-2025 00:00


Suunto Run Review
Posted 10-Jun-2025 10:44


Freeview Satellite TV Brings HD Viewing to More New Zealanders
Posted 5-Jun-2025 11:50


HP OmniBook Ultra Flip 14-inch Review
Posted 3-Jun-2025 14:40


Flip Phones Are Back as HMD Reimagines an Iconic Style
Posted 30-May-2025 17:06


Hundreds of School Students Receive Laptops Through Spark Partnership With Quadrent's Green Lease
Posted 30-May-2025 16:57


AI Report Reveals Trust Is Key to Unlocking Its Potential in Aotearoa
Posted 30-May-2025 16:55


Galaxy Tab S10 FE Series Brings Intelligent Experiences to the Forefront with Premium, Versatile Design
Posted 30-May-2025 16:14


New OPPO Watch X2 Launches in New Zealand
Posted 29-May-2025 16:08


Synology Premiers a New Lineup of Advanced Data Management Solutions
Posted 29-May-2025 16:04


Dyson Launches Its Slimmest Vaccum Cleaner PencilVac
Posted 29-May-2025 15:50









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.