If IPSec has its own IP tunnel support why do some add LT2P to the stack?
I understand that you can use IPSec to tunnel data securely. According to the Wikipedia page and a few other sources it can also tunnel IP packets and then route them through an interface. That would create a VPN where one subnet would be able to access another subnet in a very secure way.
However what I dont understand is why some people add L2TP to the stack. I get the idea that L2TP is secured by IPSEC, but if IPSEC already has a tunnel implementation wouldn't it just cause more overhead?
What is the attraction to L2TP/IPSEC when the same result can be reached with plain IPSec?
Solution 1:
- IPSec -> Layer 3 auth and encryption
- L2TP -> Layer 2 tunneling
From what I understand, IPSec wouldn't be carrying any Layer 2 information. That's where L2TP comes in.