[Dr.WoW] [No.25] The Birth and Evolution of L2TP VPNs

Latest reply: Jun 25, 2015 10:26:56 3330 1 0 0
To discuss L2TP VPNs we must first shift our focus to the early stages of the Internet's development once more. This was an era when both individual and corporate users generally went online using telephone lines, and of course company branches and traveling users normally also used the "phone network " (academic name: PSTN-Public Switched Telephone Network)/ISDN (Integrated Services Digital Network)" to connect to their HQ networks. People called PSTN/ISDN-based VPNs "VPDNs" (Virtual Private Dial Networks). L2TP VPNs are a kind of VPDN technology, but other VPDN technologies have already gradually fallen out of use.

As shown in Figure 1-1, in a traditional PSTN/ISDN-based L2TP VPN, a carrier deploys a LAC (for VPDN's this is called a NAS--Network Access Server) between the PSTN/ISDN and IP networks. This provides centralized L2TP VPN line services for multiple corporate users, and is equipped with authentication and charging functions. When branch organizations and mobile employees dial the special connection number for the L2TP VPN, the connecting modem uses a PPP protocol to establish a PPP session with the LAC, and authentication and charging are simultaneously enabled. After successful authentication, the LAC initiates L2TP tunnel and session negotiation with the LNS, and the corporate HQ LNS re-authenticates the access user's identity (due to security concerns). After successful authentication, the branch organization or mobile employee can access the HQ network.

Figure 1-1 PSTN/ISDN-based L2TP VPN

[Dr.WoW] [No.25] The Birth and Evolution of L2TP VPNs-1335951-1

LAC and LNS are concepts of L2TP protocols, while NAS is a VPDN concept. So actually, for L2TP VPNs, the LAC is actually the NAS.

As IP networks became widespread, PSTN/ISDN networks gradually fell out of use in the data communication sector. As companies and individual users were both able to use the Ethernet to directly connect to the Internet, L2TP VPNs were also able to quietly take "two small steps" forward. This may have looked like only two small steps, but actually these two small steps allowed the formerly 'over the hill' L2TP VPNs to remain on the ever-changing IP scene. Today's L2TP VPN use scenarios are shown in Figure 1-2, and from the figure we can see that L2TP VPNs have already calmly stepped onto the IP stage.

Figure 1-2 Common L2TP VPN scenario

[Dr.WoW] [No.25] The Birth and Evolution of L2TP VPNs-1335951-2


  • The first "small step"―PPP deigns to dwell on the Ethernet. This was a mandatory step in the process of evolving from dial-up networks to the Ethernet. While this was not specially designed for L2TP VPNs, L2TP VPNs were the biggest beneficiary of this. If branch organization users install a PPPoE client, and trigger PPPoE dialing on the Ethernet, a PPPoE session is established between the PPPoE client and the LAC (PPPoE Server). This does not change the process of setting up the L2TP VPN between the LAC and the LNS.
  • The second "small step"extending L2TP to users' PCs: under this kind of scenario, PCs can use the L2TP client their system comes equipped with, or third-party L2TP client software, to directly dial and set up an L2TP VPN with the LNS. L2TP clients render the services of the broker, the LAC, moot, by establishing a direct 'partnership' with HQ―it looks like this sort of 'replacement' isn't limited just to everyday life!

The common ground between these two scenarios and the original L2TP VPN scenarios is that the company invests in buying equipment, and then uses the Internet to establish an L2TP VPN. This avoids the carrier charging for use of VPN line services, and reduces long-term investment. In order to distinguish between the aforesaid two kinds of L2TP VPNs, the former (LAC-dial-up-based L2TP VPNs) are called NAS-initiated VPNs, while the latter (L2TP VPNs established by direct client dialing) are called client-initiated VPNs. We'll go into further detail below about these two kinds of L2TP VPNs.



To view the list of all Dr. WoW technical posts, click here.

  • x
  • convention:

Created Jun 25, 2015 10:26:56 Helpful(0) Helpful(0)

Thank you.
  • x
  • convention:


You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits