Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
IPSec is able to work in transport mode and tunnel mode. In tunnel mode it provides a VPN in a similar manner as L2TP.
L2TP solely provides tunneling, and does not provide security.
However, one can operate IPSec transport mode over an L2TP tunnel. If one uses IPSec in tunnel mode, they do not require L2TP.
The reason why there are two modes is that in transport mode, only the payload is encrypted and therefore all routing information is retained. This was foreseen to potentially be important to some network architectures, so they could choose to use the transport mode and then use L2TP to provide VPN for any users which were remote, but retain the routing information; which makes sense if you're going to use IPSec internally within an office. It would encrypt the payloads to make them secure but not alter the frame headers. I'm just not sure it's used a lot like that.
IPSec does not support multicast traffic. So to protect this you would use L2TP to encapsulate the Multicast, then IPSec the L2TP payload. As one example.
IPSec does not support multicast traffic. So to protect this you would use L2TP to encapsulate the Multicast, then IPSec the L2TP payload. As one example.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
IPSec and L2TP - why combine them
