tunneldigger icon indicating copy to clipboard operation
tunneldigger copied to clipboard

Published 20 hours ago verified publisher icon wlanslovenija

How does tunneldigger work compared to l2tp?

Open spotlesscoder opened this issue 3 years ago • 4 comments

And how can I be sure it is secure against eavesdropping?

The website https://wlan-si.net/ gives me a TLS 1.0 / 1.1 warning ... that isn't improving my trust in the project ;)

spotlesscoder avatar Aug 10 '21 20:08 spotlesscoder

Tunneldigger is using l2tp for the "data plane", but implementing its own control logic. It uses a custom protocol to negotiate an l2tp connection, but once that is set up, the kernel is doing the rest and tunneldigger is no longer involved.

l2tp/Tunneldigger provide no encryption or authentication. You could try using IPsec for this. But at that point it might be easier to just use Wireguard instead of l2tp/Tunneldigger.

RalfJung avatar Aug 11 '21 10:08 RalfJung

OK I thought L2TP would encrypt by default? Why would anyone not want to encrypt tunnels?

spotlesscoder avatar Aug 11 '21 15:08 spotlesscoder

L2TP does not support encryption, you need to either use it over an encrypted link or put an encrypted link into it.

Our usecase for Tunneldigger is the Freifunk community-run open Wifi network. The Wifi network itself is unencrypted, and the network is open so anyone can join and start doing MITM on the user traffic. Thus the additional security obtained by encrypting the l2tp link is tiny -- it does not help against any reasonable attacker model I can imagine. If the attacker is inside your layer 2 network, encrypting the transport does nothing for you -- you as the user need to use encrypted links such as https anyway.

RalfJung avatar Aug 11 '21 16:08 RalfJung

you as the user need to use encrypted links such as https anyway.

Yes, in general you should not be trusting your network provider, open or closed one, and should do end-to-end encryption yourself.

There is another more practical reason for not using encryption by default: it consumes a lot of CPU and some off-the-shelf routing equipment we run things on would choke doing encryption at speeds their links might be. So, given that there is little benefit of encrypting links and that encryption should be done end-to-end anyway, this is not done.

But if you want, you can use IPSec on top of these links. Tunneldigger supports hooks so that you can run a script to configure that inside the tunnel.

mitar avatar Oct 21 '21 12:10 mitar

This is not an actionable issue or something wrong with the software, so I am going to close it.

RalfJung avatar Aug 30 '23 13:08 RalfJung