I need to compare some basic security properties for different VPN solutions. I have listed a few that I could think of below. If you have opinions about additional one, I will appreciate if you can list them here.The L2TP protocol is fully detailed by RFC 2661.
Does l2tpd support the following (I have marked the ans's that I think I know):
1. Confidentiality: NO (Packets are encrypted)
2. Data-integrity: NO (using digest: SHA1)
3. Authentication/Non-Repudiation (Both at the session and data-packet level): ?? 4. Anti-Replay protection: ??
5. Forward Secrecy: ??
6. Does it have a user Space Impl: ??
Thanks Shashank
http://www.faqs.org/rfcs/rfc2661.html
Here is section 9.2: Packet Level Security.
Securing L2TP requires that the underlying transport make available encryption, integrity and authentication services for all L2TP traffic. This secure transport operates on the entire L2TP packet and is functionally independent of PPP and the protocol being carried by PPP. As such, L2TP is only concerned with confidentiality, authenticity, and integrity of the L2TP packets between its tunnel endpoints (the LAC and LNS), not unlike link-layer encryption being concerned only about protecting the confidentiality of traffic between its physical endpoints.
Eric Sexton
