In form, L2TP/IPSec differs considerably from PPTP. Data is first encapsulated in a PPP packet similarly to the former method, and a PPP header added. An L2TP header containing the necessary information to convey the data through the Internet is next, followed by a UDP header. UDP, part of the TCP/IP suite of protocols, is the protocol L2TP VPNs use to transmit and receive data through ports.

Assuming IPSec is used, L2TP will then encapsulate and encrypt the above contents, adding an authentication trailer which will allow the receiving computer to verify the sender. The encrypted payload is then provided with an IP header for source and destination addresses, and a data-link header and trailer specific to the form of network the VPN will traverse, just as is done with PPTP encapsulation.

IPSec combined with L2TP is considerably more secure than the PPTP method of creating a VPN, but it has some notable drawbacks, especially for home users. The biggest being that that Microsoft designed their implementation to be used primarily with security certificates.

Obtaining these certificates for a home Virtual Private Network requires a copy of Windows 2000 or 2003 Server in order to use certificate services to create them. Another option is to go the route of an open source CA (certificate authority) software, or purchase a certificate from a vendor such as www.Verisign.com. This is a bit beyond the scope of this article however.

L2TP/IPSec can use preshared keys to authenticate, which involves assigning an identical key value (words and/or numbers) to each computer that wish to connect. This key is used by IPSec to validate the computer as a trusted machine. Setup is still rather complicated with this method however. More on this later.

The major issue with L2TP/IPSec as it stands is that it can be intimidating to set up for the casual user. While Windows XP supports the hosting of L2TP/IPSec connections according to the product docs, and there are plenty of instructions available to set up your XP system as an L2TP client, just try to find instructions for setting up XP as a VPN server with a preshared key!

The Microsoft article which purports to contain this information, at least in the introduction; "The following sections describe how to configure the preshared keys on both the L2TP client and the server." seems to have the relevant information rather clumsily removed. See for yourself. https://support.microsoft.com/default.aspx?scid=kb;en-us;281555