L2TP/IPSec Application Development (Windows CE 5.0)
Windows CE includes L2TP/IPSec. The Layer Two Tunneling Protocol (L2TP) is an industry-standard Internet tunneling protocol. Through L2TP, users can access a private network by setting up a tunnel through a public network or by using a virtual private network (VPN) connection. And like the Point-to-Point Tunneling Protocol (PPTP), L2TP encapsulate Point-to-Point Protocol (PPP) frames, which then encapsulate Internet protocol (IP) protocols. Therefore, users can remotely run programs that are dependent on specific network protocols.
L2TP also leverages the authentication and compression mechanisms of PPP. It encapsulates original packets first inside a PPP frame and then inside a UDP frame. L2TP then relies on IP Security Protocol (IPSec) to encrypt PPP frames. The IPSec Internet Key Exchange (IKE) protocol negotiates the security conditions for the L2TP tunnel using certificate-based or pre-shared key authentication. If IPSec main mode and quick mode security associations are successfully established, L2TP negotiates the tunnel, including compression and user authentication options, and performs PPP-based user authentication.
**Note **Both L2TP and IPSec must be supported by both tunnel endpoints.
L2TP is defined to work over any datagram transport. In IP networks, UDP Port 1701 datagrams carry the L2TP control and data messages.
The Windows CE implementation of L2TP/IPSec supports Encapsulating Security Payload (ESP) authentication and encryption using transport-mode connectivity. The Authentication Header (AH) protocol and transport-mode connectivity are not supported in Windows CE.
For more information about LT2P/IPSec, see RFC 3193 at the Internet Engineering Task Force Web site.
Portions of IPSec, IKE, and related services for Windows CE are jointly developed by Microsoft Corporation and Cisco Systems, Inc.
See Also
Security Association | L2TP/IPSec Security | L2TP/IPSec Registry Settings | IPSec v4
Send Feedback on this topic to the authors