Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersL2TP/IPsec VPN - Still considered secure?
Paul1977

5171 posts

Uber Geek
+1 received by user: 2192


#310802 23-Nov-2023 09:35
Send private message

I understand recent versions of Android have dropped support for L2TP VPNs, I believe over security concerns. I don't use Android, but this got me thinking about L2TP in general.

 

I know L2TP on it's own doesn't encrypt data packets, but when done over IPsec it does. So is L2TP over IPsec still considered a secure and acceptable method of VPN communications for businesses, or is that now considered insecure as well?

 

 

Create new topic
BlakJak
1329 posts

Uber Geek
+1 received by user: 735

Trusted

  #3163508 25-Nov-2023 13:11
Send private message

IPSEC provides the secure bit. What would you use L2TP for exactly?




No signature to see here, move along...



BlakJak
1329 posts

Uber Geek
+1 received by user: 735

Trusted

  #3163509 25-Nov-2023 13:13
Send private message

Let's put it another way. If you want to bridge your network _at layer 2_ then you're going to need something like L2TP. IPSEC in my experience is usually used layer 3.

 

 

So it'll come back to what you're trying to do, if you want a Layer 2 bridge over an untrusted network and thus want encryption you're going to need to layer it over the top of something else.

 

 

If you control the carrier networks maybe you don't need network layer encryption and just require a L2 Bridge.

 

 

So it's not whether L2TP is still appropriate for "business communications" but whether it's the right tool for the job.

 

These days there are only limited requirements for Layer 2 extensions to remote locations.




No signature to see here, move along...

Paul1977

5171 posts

Uber Geek
+1 received by user: 2192


  #3164315 27-Nov-2023 09:00
Send private message

BlakJak: Let's put it another way. If you want to bridge your network _at layer 2_ then you're going to need something like L2TP. IPSEC in my experience is usually used layer 3. So it'll come back to what you're trying to do, if you want a Layer 2 bridge over an untrusted network and thus want encryption you're going to need to layer it over the top of something else. If you control the carrier networks maybe you don't need network layer encryption and just require a L2 Bridge. So it's not whether L2TP is still appropriate for "business communications" but whether it's the right tool for the job. These days there are only limited requirements for Layer 2 extensions to remote locations.

 

@BlakJak We're assessing a new cloud hosted product, and they have specified that for some of their communications they use "Layer 2 Tunnelling Protocol (L2TP)/IPsec". It's not clear exactly what communications this is used for though, it's just one of the things listed under their "Encryption" section. Not sure if that helps you. Thanks.



gehenna
8667 posts

Uber Geek
+1 received by user: 3883

Moderator
Trusted
Lifetime subscriber

  #3164317 27-Nov-2023 09:04
Send private message

Source and destination info will probably give you a better understanding of what the product is trying to do. 

BlakJak
1329 posts

Uber Geek
+1 received by user: 735

Trusted

  #3164339 27-Nov-2023 10:11
Send private message

Paul1977:

 

BlakJak: Let's put it another way. If you want to bridge your network _at layer 2_ then you're going to need something like L2TP. IPSEC in my experience is usually used layer 3. So it'll come back to what you're trying to do, if you want a Layer 2 bridge over an untrusted network and thus want encryption you're going to need to layer it over the top of something else. If you control the carrier networks maybe you don't need network layer encryption and just require a L2 Bridge. So it's not whether L2TP is still appropriate for "business communications" but whether it's the right tool for the job. These days there are only limited requirements for Layer 2 extensions to remote locations.

 

@BlakJak We're assessing a new cloud hosted product, and they have specified that for some of their communications they use "Layer 2 Tunnelling Protocol (L2TP)/IPsec". It's not clear exactly what communications this is used for though, it's just one of the things listed under their "Encryption" section. Not sure if that helps you. Thanks.

 

 

You may need to ask why.

 

But a common scenario with cloud hosting might be to have two 'adjacent' platforms that're actually in different platforms (or availability zones, perhaps) and so to create a virtual Layer 2 connection despite the fact that only a Layer 3 channel is available.

 

So that'd be L2TP.

 

Adding IPSEC would ensure protection of the data in transit when it's going across public cloud internet infrastructure.

 

So it's probably a good thing they've thought of having IPSEC.




No signature to see here, move along...

gehenna
8667 posts

Uber Geek
+1 received by user: 3883

Moderator
Trusted
Lifetime subscriber

  #3164340 27-Nov-2023 10:12
Send private message

BlakJak:

 

You may need to ask why.

 

 

This.  If they don't have a good explanation beyond 'that's how it works", that's a red flag.

 
 
 
 

Support Geekzone with one-off or recurring donations Donate via PressPatron.
Paul1977

5171 posts

Uber Geek
+1 received by user: 2192


  #3164368 27-Nov-2023 11:09
Send private message

Thanks guys, I've asked for some clarification.

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright