L2TP VPN vs PPTP VPN-difference between L2TP VPN,PPTP VPN
This page compares L2TP VPN vs PPTP VPN and mentions difference between L2TP VPN and PPTP VPN. It mentions VPN overview and tunneling overview.
What is VPN?
A private network supports a closed community of authorized users, allowing them to access various network-related services & resources. The traffic originating & terminating within a private network traverses only those nodes that belong to the private network.
VPN is extension of private network. A VPN enables user to transmit data between two computers across shared/public inter-networks in a manner which emulates properties of point to point private link. The act of configuring & creating a VPN is known as virtual private networking.
VPN connection is shown in the figure-1. as shown it allows users working at home to connect in secure fashion to remote corporate server using routing infrastructure provided by public internet. It is a point to point connection between client and server. It allows corporation to connect to branch offices or to other companies over public internetwork (i.e. internet) while maintaining secure communications.
There are different types of VPN services viz. LAN interconnect VPN services, dial up VPN services and
extranet VPN services.
Refer what is VPN and How does it work.
What is Tunneling
VPN provides secure connection due to tunneling. Process of using internetwork infrastructure to transfer data from one network to the other is called tunneling. The data can be frames or packets.
The tunneling protocol encapsulates additional header to the frame or packet produced by the originating node before transmission. The logical path over which encapsulated packets travel is known as tunnel. Once these encapsulated packets arrive at the destination, they are being decapsulated to get back the original data. The header used here provide routing information for encapsulated payload to traverse over the intermediate internetwork known as internet.
Hence tunneling process consists of following:
• Encapsulation
• Transmission
• Decapsulation
There are different tunneling techniques as listed below.
• SNA tunneling over IP internetwork
• IPX tunneling for Novell NetWare over IP internetwork
• Point-to-Point tunneling protocol known as PPTP
• Layer 2 tunneling protocol known as L2TP
• IPSec tunnel mode (A layer-3 tunneling protocol)
Both PPTP and L2TP use frames as their unit of exchange. PPTP & L2TP operate on data link layer & both encapsulate the payload in a PPP frame to be sent across an internetwork.
PPTP VPN
PPTP stands for Point-to-Point Tunneling Protocol. It is developed over PPP and TCP/IP. PPTP allows PPP session to be tunneled through existing IP connection irrespective of set up.
PPTP encapsulates Point-To-Point Protocol (PPP) frames into IP data grams for transmission over an IP-based Internet work, such as Internet. To encapsulate PPP frames as tunneled data, PPTP uses a TCP connection known as PPTP control connection to create, maintain and terminate the tunnel & a modified version of Generic Routing Encapsulation (GRE).
PPTP inherits encryption or compression or both, of PPP payloads from PPP. Authentication that
occurs during the creation of PPTP-based VPN connection uses the same authentication
mechanisms as PPP connections, such as follows.
• Extensible Authentication Protocol (EAP)
• Challenge Handshake Protocol (CHAP)
• Shiva Password Authentication Protocol (SPAP)
• Password Authentication Protocol (PAP)
There are two types of tunneling viz. Compulsory Tunneling and Voluntary Tunneling. Compulsory tunneling enables users to dial to NAS , which then establishes tunnel to the server. The connection between the client of the user and the NAS is not encrypted. Voluntary tunneling enables clients to configure and establish encrypted tunnels to tunnel servers without an intermediate NAS participating in the tunnel negotiation and the establishment. For PPTP, only voluntary tunneling is supported.
Above is the structure of a PPTP packet containing user data.
Above is the PPTP Control Connection Packet.
Above is the PPTP Tunneled data structure.
L2TP VPN
L2TP stands for Layer2 Tunneling Protocol. Layer Two Tunneling Protocol (L2TP) is a combination of Microsoft's PPTP & Layer 2 Forwarding , a technology proposed by Cisco System's, Inc. L2TP supports any routed protocol such as IP, IPX, and AppleTalk. It also supports any WAN technology including frame relay, ATM, X.25, and SONET. L2TP can be used as a tunneling protocol over the Internet or private Intranets.
L2TP extends the PPP model by allowing the L2 and PPP endpoints to reside on different devices Interconnected by a packet-switched network. L2TP uses UDP messages over IP internetworks for both tunnel maintenance and tunneled data. L2TP therefore uses message sequencing to ensure the delivery of messages. L2TP supports multiple calls for each tunnel. To identify the tunnel and a call, there is a Tunnel ID and Call ID in the L2TP control message and the L2TP header for tunneled data.
Authentication that occurs during the creation of L2TP tunnels must use the same authentication mechanisms as PPP connections such as, EAP, CHAP, SPAP, and PAP.
L2TP is used in two different scenarios:
• Compulsory Tunneling
• Voluntary Tunneling
Following are the characteristics of L2TP protocol.
• Multiplexing
• Signaling
• Data security
• Multiprotocol transport
The tunneling process is changed when using L2TP over IPSec. The L2TP data tunneling is performed through multiple levels of encapsulation. It is described as above. It shows L2TP encrypted control message.
Similarities and difference between L2TP and PPTP protocols
Following table mentions similarities and difference between L2TP and PPTP protocols.
Feature | L2TP Support | PPTP Support |
---|---|---|
Operates on OSI layer | Layer-2 | Layer-2 |
Transport protocols supported | IP, IPX, NetBEUI | IP, IPX, NetBEUI |
required underlying protocol | IP, X.25, Frame Relay, ATM | IP |
Number of tunnels | several | One |
User authentication/algorithms used | Yes/PAP, CHAP, EAP, SPAP | Yes/PAP, CHAP, EAP, SPAP |
Packet authentication, packet encryption, key management | Not supported | Not supported |
Networking related links
Basics of OSI and TCPIP layers
Networking Gateway
What is Router
What is an IP address
network switch
network bridge
Hub and Types of Hub
What is MAC address
What is Difference between
hub Vs switch circuit switching Vs packet switching firewall Vs router HDLC Vs PPP IGRP Vs EIGRP router Vs bridge switch Vs router WLAN Vs Ethernet LAN LAN vs WAN vs MAN