If IPSec has its own IP tunnel support why do some add LT2P to the stack?

I understand that you can use IPSec to tunnel data securely. According to the Wikipedia page and a few other sources it can also tunnel IP packets and then route them through an interface. That would create a VPN where one subnet would be able to access another subnet in a very secure way.

However what I dont understand is why some people add L2TP to the stack. I get the idea that L2TP is secured by IPSEC, but if IPSEC already has a tunnel implementation wouldn't it just cause more overhead?

What is the attraction to L2TP/IPSEC when the same result can be reached with plain IPSec?


Solution 1:

  • IPSec -> Layer 3 auth and encryption
  • L2TP -> Layer 2 tunneling

From what I understand, IPSec wouldn't be carrying any Layer 2 information. That's where L2TP comes in.