L2TP VPN Settings


The L2TP (Layer 2 Tunneling Protocol) VPN protocol allows L2TP-only clients to connect remotely. It is capable of tunneling Layer 2 Traffic and above.


L2TP is not a secure protocol by itself; it only provides tunneling, not encryption.


The L2TP server settings can be found in the pfSense® webGUI under VPN > L2TP.

Options specific to L2TP are available to set: Interface, Server Address, Subnet Mask, and other items. These are all explained on the configuration page.

It can use internal authentication or pass off authentication to a RADIUS server.


L2TP/IPsec is a way to secure L2TP traffic by sending it through an encrypted IPsec tunnel.

pfSense software version 2.1.x and earlier

pfSense software version 2.1.x and earlier do not support L2TP+IPsec; they only support for plain L2TP tunneling. See Ticket #475

pfSense software version 2.2 and up

pfSense software version 2.2 and later this may be used in combination with a mobile IPsec setup to configure L2TP+IPsec; see L2TP/IPsec for details.