|
> NOTE: I've seen people mentioned L2TP, it is obsolete. L2TP does NOT provide encryption or confidentiality to traffic passes through it. Would you clarify how it's obsolete, because it's doesn't follow from "L2TP does NOT provide encryption or confidentiality..."? AFAIK no one uses L2TP by itself, as there's no shortage of encapsulation protocols (GRE, AYIYA, vxlan, etc.) for other purposes. In practice L2TP/IPsec are always paired akin to TCP/IP, even though in theory you could do things like TCP/IPX or TCP/AppleTalk, or whatever. In the context of VPNs, L2TP/IPsec is "the protocol" even though they are two distinct pieces. > L2TP/IPsec encapsulates data twice at layer 2, it has pros and cons. See this (may be out-dated) -> https://www.bestvpn.com/blog/4147/pptp-vs-l2tp-vs-openvpn-vs.... Sure it's not optimal, but for its intended purpose, establishing VPNs from roaming devices to intranets, the overhead hardly matters. IMO, what does matter is client device and network[0] compatibility, and L2TP/IPsec is hard to beat here. I wouldn't say that OpenVPN or other VPN solutions obsolete L2TP/IPsec in this aspect, either. For (semi-)permanent site-to-site VPNs I agree just use IPsec. [0] IIRC last time I chimed in on L2TP/IPsec you or someone else in the thread disputed that firewalls were generally not an issue for IPsec, contrary to my personal experience. Maybe I've just been extremely lucky, so I'll conceded this point. |