IPsec versus L2TP/IPsec

ipsecl2tp

I have a VPN service which gives me the option of connecting via PPTP, IPsec, or L2TP over IPsec. PPTP i know is inferior in terms of security and encryption, but I'm not really sure what the difference is between the two IPsec options.

Anecdotally, I've noticed that L2TP over IPsec seems to be much slower than plain IPsec, but that could be simply the servers, their configurations, or even the device on my end.

Is there any difference security-wise? Is one "better" than the other, or are they just functionally equivalent but differently implemented?

Best Answer

Cisco IPsec vs. L2TP (over IPsec)

The term Cisco IPsec is just a marketing ploy which basically means plain IPsec using ESP in tunnel mode without any additional encapsulation, and using the Internet Key Exchange protocol (IKE) to establish the tunnel. IKE provides several authentication options, preshared keys (PSK) or X.509 certificates combined with Extended Authentication (XAUTH) user authentication are the most common.

The Layer 2 Tunneling Protocol (L2TP) was has its origins in PPTP. Since it does not provide security features such as encryption or strong authentication it is typically combined with IPsec. To avoid too much additional overhead ESP in transport mode is commonly used. This means first the IPsec channel is established, again using IKE, then this channel is used to establish the L2TP tunnel. Afterwards, the IPsec connection is also used to transport the L2TP encapsulated user data.

Compared to plain IPsec the additional encapsulation with L2TP (which adds an IP/UDP packet and L2TP header) makes it a little less efficient (more so if it is also used with ESP in tunnel mode, which some implementations do).

NAT traversal (NAT-T) is also more problematic with L2TP/IPsec due to the common use of ESP in transport mode.

One advantage L2TP has over plain IPsec is that it can transport protocols other than IP.

Security-wise both are similar but it depends on the authentication method, the mode of authentication (Main or Aggressive Mode), the strength of the keys, the used algorithms etc.