i constatly read to use Ipsec across your l2tp tunnels for true encryption (which ive slowly been adding to each of my many l2tp links), and that data flowing across a l2tp tunnel is NOT encrypted.
however i do not understand this line from the MT manual:
L2TP is a secure tunnel protocol for transporting IP traffic using PPP. L2TP encapsulates PPP in virtual lines that run over IP, Frame Relay and other protocols. L2TP incorporates PPP and MPPE (Microsoft Point to Point Encryption) to make encrypted links.
My question is, i have several MT to MT devices connecting private networks across L2TP tunnels ( said L2TP tunnels go across the internet ofcorse), IS the traffic flowing across these L2TP tunnels encrypted if for example someone were to sniff those l2tp tunnels as they cross the internet? the encoding on my mt to mt l2tp tunnels shows up as MPPE128 stateless (Microsoft Point to Point Encryption) so that to me says its encrypted....right or wrong??
To add some additional information, I did a /tool packet sniff of my public Internet interface of the packets of a mt to mt L2TP vpn tunnel connection with MPPE 128 shown as the “encoding” and then analyzed the .cap with wireshark. In wireshark I applied decode as L2TP on the entire l2tp handshake , and across the L2TP tunnel I did a telnet session to the client microtech (just something un encrypted to look for in the packet sniff) and I could not find the telnet contents anywhere in the packets data. Even with “decoding as L2TP” in wireshark I could see the l2tp handshake between the two mikrotiks properly followed by several packets that showed up as PPP compressed (obviously the data of my telnet session) But this was all garbled text. I’m assuming the PPP compress packets are either the MPPE128 (encryption) or just regular PPP compression (not encryption just compression) however from what I looked up online, wireshark should be able to decode regular unencrypted PPP compression as I applied the PPP compression “decode as filter” in wireshark as well and still got garbled text. Or it’s possible in the wireshark I’m doing something wrong or wireshark might not be decoding this properly.
Ive searched Google for several days trying to find an answer to this but the only thing that comes up for MPPE 128 encryption is when it is used in a PPTP VPN tunnel.
Maybe someone for mikrotik can chime in? Does routeOS in some special way apply MPPE 128 encryption to L2TP tunnels in a special proprietary way?