4.8. Layer 2 Tunneling Protocol (L2TP)

Only IPsec is needed to create a VPN between a Linux client and Linux server. A dominant client (Windows/XP) however insists on tunneling PPP over L2TP over IPsec. [23]

Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs). One of the features is "PPP over UDP/IP". For more information refer the "Layer Two Tunneling Protocol" RFC [24].

L2TP is rather straightforward as it only decapsulates the layer 2 PPP-packers and forwards them to pppd. There are several L2TP implementations. One of the oldest is l2tpd [25]. Note that the maintainer of l2tpd stated that "development of l2tpd came to a slowdown when the superior rp-l2tpd was published" [26]. Despite this SISO uses l2tpd, but applies the patches listed on Jacco's FreeSWAN page [27].

Download and unpack the sources and patches.

wget -P $DL_DIR
mkdir $PRJ_DIR/apps/l2tpd-0.69
tar -C $PRJ_DIR/apps/l2tpd-0.69 -xvzf $DL_DIR/l2tpd-10jdl.tgz
cd $PRJ_DIR/apps/l2tpd-0.69
tar -C $PRJ_DIR/apps -xvzf l2tpd-10jdl/l2tpd-0.69.tar.gz

Apply the patches. Some hunks succeed at a few lines offset.

FILES=`ls l2tpd-10jdl/*patch*.bz2`
for pp in $FILES ; do
    case `basename $pp` in
	l2tpd-pty.patch.bz2 )   echo "ignoring $pp" ;;
	l2tpd-close.patch.bz2 ) bzcat $pp | patch -p1 ;;
	*)                      bzcat $pp | patch -p0 ;;

Update the Makefile.

[[ -f ]] || mv Makefile
sed "/^OSFLAGS*=/s,= .*,= -DLINUX -I$$ROOTFS_DIR/usr/include,g" \
    < > Makefile

Compile and install. Ignore the warnings conflicting types for built-in function `log'

install -s -m 755 l2tpd $ROOTFS_DIR/usr/sbin/

[23] It is possible to do plain IPsec between a Windows XP client and a Linux server as described in "Windows 2000 / Windows XP - Freeswan VPN" ( This however, requires additional software to be installed on the client.