If IPSec has its own IP tunnel support why do some add LT2P to the stack?

vpn ipsec l2tp

I understand that you can use IPSec to tunnel data securely. According to the Wikipedia page and a few other sources it can also tunnel IP packets and then route them through an interface. That would create a VPN where one subnet would be able to access another subnet in a very secure way.

However what I dont understand is why some people add L2TP to the stack. I get the idea that L2TP is secured by IPSEC, but if IPSEC already has a tunnel implementation wouldn't it just cause more overhead?

What is the attraction to L2TP/IPSEC when the same result can be reached with plain IPSec?


Solution 1:

  • IPSec -> Layer 3 auth and encryption
  • L2TP -> Layer 2 tunneling

From what I understand, IPSec wouldn't be carrying any Layer 2 information. That's where L2TP comes in.

Related

Fixing window scaling problems with Linux TCP
How to check CentOS 6 Server VM Host after a power falure?
adding a global URI prefix for Tomcat web apps
Search and Domain in resolv.conf = slow lookups on Ubuntu
Unicorn behind ELB, no nginx
What is the root word of "unforgivable"? [closed]
What does the phrase "offers no provision" mean?
Would utilizing the word "display" in the following sentence be acceptable?
What semantic notions underlie the meaning of 'chip on your shoulder' with 18C working practices at the British Royal Dockyards?
What does "To her fair works did Nature link" mean?
What's the word used to describe an academic study which pulls data from many previous studies?
Categorising nouns