L2TP/IPsec is obsolete, itself does NOT provide encryption or confidentiality to traffic passes through it. L2TP/IPsec encapsulates data twice at layer 2, it has pros and cons. See this (may be out-dated) -> https://www.bestvpn.com/blog/4147/pptp-vs-l2tp-vs-openvpn-vs...IKEv{1,2} + IPsec (ESP) (tunnel mode) is recommended. strongSwan is probably the best free, open source IPsec solution out there (much better than libreswan...), good documentation, use cases and examples etc, actively developed and maintained by a group of passionate developers that knows the stuff well.
My employer (pre-IPO startup) has been using strongSwan for 2+ years as site-to-site solution from AWS VPC to on-premises data centres (or other cloud virtual network), proved to be rock solid as long as it's properly configured (pretty much all outages were caused by AWS...) ;-)
The only drawback is that strongSwan currently does NOT have a mature HA solution but it's shaping up (5.4.0 introduced IKEv2 redirect). Hopefully a proper HA solution (not sure if it is something similar to VRRP - curious to know more - PLEASE comment) will be built on top and later productized ;-)
In addition: I myself have been using strongSwan since its 5.0.x for remote access, to protect privacy, fight censorship (yes, originally from China mainland where the infamous GFW is in place...). The native strongSwan client for Android is a killer feature, RSA authentication with X509 certificates works flawlessly with 1 click ;-)
BTW: OpenVPN is SSL VPN, relatively easy to install and configure, that's why it's more popular (remote access). IPsec works at IP layer (layer 3), generally speaking it requires deeper networking knowledge and more experience to get things right. OpenVPN is harder to block as it can disguise as HTTPS (TLS) or other traffic while IPsec requires UDP ports 500 (IKE) and 4500 (NAT-T) to work which is easier to block.
HTH
FAQs
Designed only to create a tunnel for the data to pass through, L2TP itself doesn't encrypt the transmitted data. As a result, this protocol is highly susceptible to various sorts of data breaches.
Does L2TP provide confidentiality? ›
L2TP is often paired with IPsec because it does not encrypt data by itself. The combination of L2TP and IPsec ensures confidentiality, integrity, and authentication of the data packets transmitted through the VPN tunnel. The combination, known as L2TP/IPsec, is widely adopted for its enhanced security measures.
Why is L2TP not secure? ›
Security Concerns: It does NOT provide encryption or confidentiality to traffic passing through it. It relies on other protocols like IPsec for encryption and security. Limited Platforms: Not all platforms and devices support L2TP/IPSec.
Does IPsec provide confidentiality? ›
Internet Protocol Security (IPSec) is an Internet Engineering Task Force (IETF) standard suite of protocols that provides data authentication, integrity, and confidentiality when data is transferred between communication points across IP networks.
Is IPsec outdated? ›
The era of relying on the cumbersome, outdated IPsec is fading. The emergence of WireGuard brings a breath of fresh air to secure networking, offering simplicity, performance, and enhanced security. As organizations evolve and demand more from their secure communication protocols, the choice becomes evident.
Which is better IKEv2 or IPsec or L2TP? ›
IKEv2 and L2TP/IPsec provide the same level of security as they both work around IPsec. IKEv2 is, however, supported by fewer systems and software, though this shouldn't be a main concern to most users.
Can L2TP work without IPsec? ›
On Windows you have configured a L2TP VPN connection without IPsec (i.e., no encryption). On Ubuntu you can install the network-manager-l2tp and network-manager-l2tp-gnome packages. Don't enable IPsec in the IPsec Settings and in the PPP Settings disable all authentication methods other than CHAP and MSCHAPv2.
What are the limitations of L2TP? ›
On its own, L2TP simply creates stable tunnels between devices. The protocol does not apply strong encryption to make data payloads unreadable. It also does not authenticate each individual IP packet as it passes between devices, and the IP address of packets will also be exposed while in transit.
Does L2TP encrypt? ›
It uses encryption ('hiding') only for its own control messages (using an optional pre-shared secret), and does not provide any encryption or confidentiality of content by itself.
Does IPsec provide encryption? ›
IPSec supports various types of encryptions, including AES, Blowfish, Triple DES, ChaCha, and DES-CBC. IPSec uses asymmetric and symmetric encryption to provide speed and security during data transfer. In asymmetric encryption, the encryption key is made public while the decryption key is kept private.
Disadvantages of an IPSec VPN
CPU overheads: IPsec uses a large amount of computing power to encrypt and decrypt data moving through the network. This can degrade network performance.
Is IPsec better than OpenVPN? ›
Both IPSec and OpenVPN combine security and speed, with IPSec offering a slightly faster connection, while OpenVPN is considered the more secure option. IPSec wins for ease of use because it's already built into many platforms, meaning it doesn't require separate installation.
Is OpenVPN more secure than L2TP? ›
In conclusion, PPTP is fast but less secure, L2TP strikes a balance between security and speed, while OpenVPN offers top-notch security. Your choice depends on your specific needs and priorities. If security is paramount, OpenVPN is the way to go. For general usage, L2TP should suffice.
Will IPsec make firewalls obsolete? ›
No, IPsec will not make firewalls obsolete. Firewalls provide a different layer of network security that complements the encryption and authentication provided by IPsec.
Why use L2TP with IPsec? ›
IPSec enables L2TP to serve as a VPN connection with end to end security. The two protocols encrypt payloads and IP headers via 256-bit AES encryption and Internet Key Exchange (IKE) handshakes. Data passes over UDP port 500 and is also prepared for transfer as an Encapsulated Security Payload (ESP).
Is IPsec more secure than TLS? ›
This makes IPsec ideal for securing communication between networks or remote sites. By establishing secure tunnels, IPsec can protect sensitive information from unauthorized access and eavesdropping. On the other hand, TLS operates at a higher layer, specifically the transport layer.
