A Comprehensive Guide to PPTP, L2TP, and Other VPN Protocols

What is L2TP/IPsec?

L2TP stands for Layer 2 Tunneling Protocol. L2TP was first proposed in 1999 as an upgrade to both L2F (Layer 2 Forwarding Protocol) and PPTP (Point-to-Point Tunneling Protocol). Because L2TP does not provide strong encryption or authentication by itself, another protocol called IPsec is most often used in conjunction with L2TP.

IPsec stands for Internet Protocol security. IPsec is a very flexible protocol for end-to-end security that authenticates and encrypts each individual IP packet in a given communication. IPsec is used in a wide range of applications at the Internet Layer of the Internet Protocol suite.

Used together, L2TP and IPsec are much more secure than PPTP (Point-to-Point Tunneling Protocol) but are still more suited for anonymization than for security.

L2TP sometimes has problems with firewalls because of its use of UDP port 500, which some firewalls have been known to block.


More secure than PPTP


Slower than OpenVPN
Sometimes blocked by firewalls

How to configure your VPN to L2TP/IPsec

What is IKEv2?

IKEv2 stands for Internet Key Exchange Version 2. While IKEv2 is technically not the name of the VPN protocol, you will find it as a separate option in the ExpressVPN apps. In these cases, IKEv2 refers to a L2TP/IPsec implementation that uses this newer, more secure key exchange protocol instead of the older IKE.

ExpressVPN recommends you to use the OpenVPN and IKEv2 protocols. While L2TP/IPsec still offers encryption, there may be ways for an attacker to decrypt the VPN session.


More secure than L2TP/IPsec


Slower than OpenVPN

How to configure your VPN to IKEv2

Other VPN Protocols

Not sure which VPN protocol is right for you? Let the ExpressVPN app automatically choose the best VPN protocol for your network.