L2TP
What is Port 1701?
Port 1701 is used by the Layer 2 Tunneling Protocol (L2TP), a VPN tunneling protocol defined in RFC 3931. L2TP creates a tunnel for encapsulating PPP frames across an IP network but does not provide encryption by itself. For this reason, L2TP is almost always used in combination with IPSec (L2TP/IPSec) for encryption and authentication. L2TP/IPSec was the built-in VPN protocol in Windows, macOS, iOS, and Android for many years. L2TP uses port 1701 for the control channel, while the IPSec layer uses ports 500 (IKE) and 4500 (NAT traversal). Although L2TP/IPSec has been largely replaced by IKEv2/IPSec and WireGuard for new deployments, it remains supported and in use for backward compatibility.
Common Uses
- Legacy VPN connections (L2TP/IPSec)
- Remote access VPN for older devices
- ISP subscriber tunneling
- Virtual Private Dial-up Network (VPDN) services
Technical Details
Copy-paste commands to check port 1701 (L2TP) from your terminal
Test connectivity
nmap -p 1701 -sU -sV example.com
(echo > /dev/tcp/example.com/1701) 2>/dev/null && echo "open" || echo "closed"
Open port in firewall
sudo ufw allow 1701/udp
sudo iptables -A INPUT -p udp --dport 1701 -j ACCEPT
sudo firewall-cmd --permanent --add-port=1701/udp && sudo firewall-cmd --reload
Security Considerations
L2TP alone provides no security — always pair it with IPSec. L2TP/IPSec has been shown to potentially have weaknesses if pre-shared keys are used (susceptible to offline cracking). Use certificate-based authentication when possible. Note that L2TP/IPSec cannot traverse some NAT configurations easily. Consider migrating to IKEv2/IPSec or WireGuard for better security and performance.
Popular Ports Reference
The most commonly used and referenced network ports