L2TP VPN vs PPTP VPN-difference between L2TP VPN,PPTP VPN

This page compares L2TP VPN vs PPTP VPN and mentions difference between L2TP VPN and PPTP VPN. It mentions VPN overview and tunneling overview.

What is VPN?

A private network supports a closed community of authorized users, allowing them to access various network-related services & resources. The traffic originating & terminating within a private network traverses only those nodes that belong to the private network.

VPN connection

VPN is extension of private network. A VPN enables user to transmit data between two computers across shared/public inter-networks in a manner which emulates properties of point to point private link. The act of configuring & creating a VPN is known as virtual private networking.

VPN connection is shown in the figure-1. as shown it allows users working at home to connect in secure fashion to remote corporate server using routing infrastructure provided by public internet. It is a point to point connection between client and server. It allows corporation to connect to branch offices or to other companies over public internetwork (i.e. internet) while maintaining secure communications.

There are different types of VPN services viz. LAN interconnect VPN services, dial up VPN services and extranet VPN services.
Refer what is VPN and How does it work.

What is Tunneling

Tunneling technique

VPN provides secure connection due to tunneling. Process of using internetwork infrastructure to transfer data from one network to the other is called tunneling. The data can be frames or packets.

The tunneling protocol encapsulates additional header to the frame or packet produced by the originating node before transmission. The logical path over which encapsulated packets travel is known as tunnel. Once these encapsulated packets arrive at the destination, they are being decapsulated to get back the original data. The header used here provide routing information for encapsulated payload to traverse over the intermediate internetwork known as internet.

Hence tunneling process consists of following:
• Encapsulation
• Transmission
• Decapsulation

There are different tunneling techniques as listed below.
• SNA tunneling over IP internetwork
• IPX tunneling for Novell NetWare over IP internetwork
• Point-to-Point tunneling protocol known as PPTP
• Layer 2 tunneling protocol known as L2TP
• IPSec tunnel mode (A layer-3 tunneling protocol)

Both PPTP and L2TP use frames as their unit of exchange. PPTP & L2TP operate on data link layer & both encapsulate the payload in a PPP frame to be sent across an internetwork.


PPTP stands for Point-to-Point Tunneling Protocol. It is developed over PPP and TCP/IP. PPTP allows PPP session to be tunneled through existing IP connection irrespective of set up.

PPTP encapsulates Point-To-Point Protocol (PPP) frames into IP data grams for transmission over an IP-based Internet work, such as Internet. To encapsulate PPP frames as tunneled data, PPTP uses a TCP connection known as PPTP control connection to create, maintain and terminate the tunnel & a modified version of Generic Routing Encapsulation (GRE).

PPTP inherits encryption or compression or both, of PPP payloads from PPP. Authentication that occurs during the creation of PPTP-based VPN connection uses the same authentication mechanisms as PPP connections, such as follows.
• Extensible Authentication Protocol (EAP)
• Challenge Handshake Protocol (CHAP)
• Shiva Password Authentication Protocol (SPAP)
• Password Authentication Protocol (PAP)

There are two types of tunneling viz. Compulsory Tunneling and Voluntary Tunneling. Compulsory tunneling enables users to dial to NAS , which then establishes tunnel to the server. The connection between the client of the user and the NAS is not encrypted. Voluntary tunneling enables clients to configure and establish encrypted tunnels to tunnel servers without an intermediate NAS participating in the tunnel negotiation and the establishment. For PPTP, only voluntary tunneling is supported.

PPTP packet structure

Above is the structure of a PPTP packet containing user data.

PPTP control packet

Above is the PPTP Control Connection Packet.

PPTP tunneled data

Above is the PPTP Tunneled data structure.


L2TP stands for Layer2 Tunneling Protocol. Layer Two Tunneling Protocol (L2TP) is a combination of Microsoft's PPTP & Layer 2 Forwarding , a technology proposed by Cisco System's, Inc. L2TP supports any routed protocol such as IP, IPX, and AppleTalk. It also supports any WAN technology including frame relay, ATM, X.25, and SONET. L2TP can be used as a tunneling protocol over the Internet or private Intranets.

L2TP extends the PPP model by allowing the L2 and PPP endpoints to reside on different devices Interconnected by a packet-switched network. L2TP uses UDP messages over IP internetworks for both tunnel maintenance and tunneled data. L2TP therefore uses message sequencing to ensure the delivery of messages. L2TP supports multiple calls for each tunnel. To identify the tunnel and a call, there is a Tunnel ID and Call ID in the L2TP control message and the L2TP header for tunneled data.

Authentication that occurs during the creation of L2TP tunnels must use the same authentication mechanisms as PPP connections such as, EAP, CHAP, SPAP, and PAP.

L2TP is used in two different scenarios:
• Compulsory Tunneling
• Voluntary Tunneling

Following are the characteristics of L2TP protocol.
• Multiplexing
• Signaling
• Data security
• Multiprotocol transport

L2TP Control message

The tunneling process is changed when using L2TP over IPSec. The L2TP data tunneling is performed through multiple levels of encapsulation. It is described as above. It shows L2TP encrypted control message.

Similarities and difference between L2TP and PPTP protocols

Following table mentions similarities and difference between L2TP and PPTP protocols.

Feature L2TP Support PPTP Support
Operates on OSI layer Layer-2 Layer-2
Transport protocols supported IP, IPX, NetBEUI IP, IPX, NetBEUI
required underlying protocol IP, X.25, Frame Relay, ATM IP
Number of tunnels several One
User authentication/algorithms used Yes/PAP, CHAP, EAP, SPAP Yes/PAP, CHAP, EAP, SPAP
Packet authentication, packet encryption, key management Not supported Not supported

Networking related links

Basics of OSI and TCPIP layers
Networking Gateway
What is Router
What is an IP address
network switch
network bridge
Hub and Types of Hub
What is MAC address

What is Difference between

hub Vs switch  circuit switching Vs packet switching  firewall Vs router  HDLC Vs PPP  IGRP Vs EIGRP  router Vs bridge  switch Vs router  WLAN Vs Ethernet LAN  LAN vs WAN vs MAN 

RF and Wireless Terminologies