Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
10-29-2013, 06:28 AM
|
#1
|
Member
Registered: Oct 2010
Posts: 93
Rep:
|
IPSec and L2TP - why combine them
Hi folks,
I have one problem about IPSec and L2TP which confused me:
As IPSec is able to implement VPN, so why bother to combine L2TP and IPSec together?
Thanks in advance.
|
|
|
10-29-2013, 09:13 AM
|
#2
|
Moderator
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,939
|
IPSec is able to work in transport mode and tunnel mode. In tunnel mode it provides a VPN in a similar manner as L2TP.
L2TP solely provides tunneling, and does not provide security.
However, one can operate IPSec transport mode over an L2TP tunnel. If one uses IPSec in tunnel mode, they do not require L2TP.
The reason why there are two modes is that in transport mode, only the payload is encrypted and therefore all routing information is retained. This was foreseen to potentially be important to some network architectures, so they could choose to use the transport mode and then use L2TP to provide VPN for any users which were remote, but retain the routing information; which makes sense if you're going to use IPSec internally within an office. It would encrypt the payloads to make them secure but not alter the frame headers. I'm just not sure it's used a lot like that.
|
|
1 members found this post helpful.
|
10-30-2013, 01:34 PM
|
#3
|
Member
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 891
Rep: 
|
IPSec does not support multicast traffic. So to protect this you would use L2TP to encapsulate the Multicast, then IPSec the L2TP payload. As one example.
|
|
1 members found this post helpful.
|
10-31-2013, 06:17 AM
|
#4
|
Member
Registered: Oct 2010
Posts: 93
Original Poster
Rep:
|
Quote:
Originally Posted by baldy3105
IPSec does not support multicast traffic. So to protect this you would use L2TP to encapsulate the Multicast, then IPSec the L2TP payload. As one example.
|
Thanks, this is really helpful.
|
|
|
All times are GMT -5. The time now is 09:55 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|