Anonymity: L2TP Introduction


(Valentine) #1

LT2P: “In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy.[1]”

( https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol )

This is a one shot for this article. I had to learn something new for a change, if I write something that’s just wrong please tell me down below. I claim no responsibility if this information is used for malicious purposes.

Now with that outta the way, LT2P is a tunneling protocol used a lot with VPNs, but don’t rely on LT2P alone to keep anonymity, as this sentence(s) states:

“L2TP does not provide confidentiality or strong authentication by itself. IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity.”

How L2TP works was a bit trivial for me to understand, but L2TP “waits” for new “tunnels”, but once established the traffic is then bidirectional, functioning in two directions. The packets are categorized as control packets or data packets. L2TP provides reliability features for the control packets, but no reliability for data packets. If one wants to have reliability for data packets then they must establish it themselves. There are several tunneling models once you establish a tunnel, they’re:

  • voluntary tunnel
  • compulsory tunnel — incoming call
  • compulsory tunnel — remote dial
  • L2TP multihop connection

The way the packet exchange is done is one peer requests the other peer to assign a specific tunnel and session id through these control packets. Then using this tunnel and session id, data packets are exchanged with the compressed PPP frames as payload.

The image below shows a diagram for establishing a tunnel and session in voluntary tunnel method:

Earlier I explained (wikipedia did) that alone L2TP isn’t encrypted by itself, but IPsec works hand with hand with L2TP to encrypt the traffic or tunnel. The steps to establish a L2TP/IPsec VPN are as follows:

  1. Negotiation of IPsec security association (SA), typically through Internet key exchange (IKE). This is carried out over UDP port 500, and commonly uses either a shared password (so-called “pre-shared keys”), public keys, or X.509 certificates on both ends, although other keying methods exist.

  2. Establishment of Encapsulating Security Payload (ESP) communication in transport mode. The IP protocol number for ESP is 50 (compare TCP’s 6 and UDP’s 17). At this point, a secure channel has been established, but no tunneling is taking place.

  3. Negotiation and establishment of L2TP tunnel between the SA endpoints. The actual negotiation of parameters takes place over the SA’s secure channel, within the IPsec encryption. L2TP uses UDP port 1701.

Once established L2TP packets are encapsulated via IPsec. A more detailed description:

“When the process is complete, L2TP packets between the endpoints are encapsulated by IPsec. Since the L2TP packet itself is wrapped and hidden within the IPsec packet, no information about the internal private network can be garnered from the encrypted packet. Also, it is not necessary to open UDP port 1701 on firewalls between the endpoints, since the inner packets are not acted upon until after IPsec data has been decrypted and stripped, which only takes place at the endpoints.”

( https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol )

And that’s that. I hope I explained accurately. This was a bit boring to research, but it was interesting. That much I can say. I’m still doing research on L2TP and hopefully in the near future I could write a article on how to establish my own L2TP tunnel via C or C++, unless someone else does it before me.


#2

Oi again great article! I really loved when you said :

Which is completely True! Good job mate! Looking forward to anything else you have in store!


(Security Architect & Founder) #3

There is a lot of copy-pastes from Wikipedia here.


(Valentine) #4

I know it seems like that but I used Wikipedia as a influence not a plagiarized source. I did not mean to seem like I copied and pasted.


#5

Hm, true a lot of it does seem to be coming from Wikipedia. Wikipedia is really good but I tend to not use it too much due to it’s lack of credibility. I’ll look around for some good sources you can use for terminology and so on. And perhaps including examples of how it works, and how it can help would work out well!


(Valentine) #6

Thank you for the suggestions… I know Wikipedia is a unreliable source but I thought it was good enough for a introduction paper at least.


#7

Ah yes of course. Well anyways good luck with any other articles you have in mind. If you ever need any help feel free to message me and ask.


(oaktree) #8

Instead of quoting, you should perhaps spend more time understanding your chosen reference texts. Then, you can paraphrase more accurately.


(Valentine) #9

Thanks for the suggestions. I’ll try better next time. I understood the concept, I just couldn’t express it well with words.


(system) #10

This topic was automatically closed after 30 days. New replies are no longer allowed.