L2Tp Version 3; L2Tpv3 Server - D-Link NetDefendOS User Manual

Network security firewall

Hide thumbs Also See for NetDefendOS:

Table of Contents

9.6. L2TP Version 3

L2TP Version 3 (L2TPv3) is a tunneling protocol that is an alternative to standard L2TP (standard

L2TP is also referred to as L2TPv2). L2TPv2 can only tunnel PPP traffic, whereas L2TPv3 has the

key advantage of emulating the properties of an OSI layer 2 service. This is sometimes referred to

as Layer 2 Tunneling or as a pseudowire. This means L2TPv3 can carry Ethernet frames over an IP

network, allowing one or more Ethernet LANs to be joined together across the public internet.

NetDefendOS L2TPv3 can tunnel both Ethernet as well as VLANs.

Here is a summary of other advantages of L2TPv3 over L2TPv2:

Can be carried directly over IP without UDP. L2TPv2 requires UDP.

Better security against man-in-the-middle or packet-insertion attacks.

Support for many more tunnels or many more sessions within one tunnel.

Can be manually configured with static parameters and does not require a control channel.

Other important considerations with L2TPv3 are:

Like standard L2TP, L2TPv3 does not provide encryption of transmitted data. If the L2TPv3

tunnel is to be secure, it should be used with IPsec or PPPoE.

NetDefendOS L2TPv3 can only be used with IPv4. IPv6 is not supported by NetDefendOS at

L2TPv3 support in NetDefendOS allows the NetDefend Firewall to act as either an L2TPv3

server or a client. Setting up these two functions is described next.

When the NetDefend Firewall acts as an L2TPv3 server this means it allows connection of L2TPv3

clients so that networks on either side of the client and server can appear transparently

connected to each other.

The steps for setup are described below. First, setup for non-VLAN scenarios are described and

then setup for VLAN scenarios.

Setting Up a Standard L2TPv3 Server

Standard L2TPv3 setup for packets without VLAN tags requires the following:

A. Define an L2TPv3 Server object.

The object will require the following properties to be set:

Local Network - Set this to the protected network that will be accessed through the

Note: HA clusters do not support L2TPv3

NetDefendOS high availability clusters do not support L2TPv3. It should not be

configured in an HA cluster.

Chapter 9: VPN

Show Quick Links

Table of Contents