I have used mt532 to setup a vpn for a client. The setup looks like this.

SecuredClient (ATM) - MT532 - DSL Modem/Router - Internet - Mikrotik PC Based (MTPC) Router

I have setup a L2TP connection between the MT532 and MTPC. I run an EOIP Tunnel using the ip's of the L2TP endpoints. The EOIP is bridged with ethernet port on the MT532 and MTPC. Unbelievably this just worked the first time I configured it (somebody knock on wood).

I was a little concerned about the security of the L2TP so I setup IPsec to encrypt all traffic between the L2TP endpoints.

Traffic will be very very light so load does not matter.

First question is am I overkilling the security by encrypting it twice?
Second question have I set the security at the right places so all traffic is encrypted.

I would be willing to write a doc on the wiki or somewhere if anyone sees any benefit.

Thanks for any input.

First off.

Encryption is useless without Authentication. No matter how many nested layers of encryption you used. If you uses the same key in 3DES (3x56bit), its as good as a DES (56bit) which is child play for breaking it.

And IPSec is a matured and proven one of the best authentication protocols in the market. Thats because its authentication algorithm is open for all to see. The only thing secret is the cipher key.

Thats why its not uncommon to see L2TP over IPsec, GRE over IPSec, or EoIP over IPsec.

I used L2TP because I was uncertain how to connect using ipsec behind another router and with a dynamic ip. To be honest I have not really used ipsec as a tunnel before so I am not knowledgeable about that functionality of it.

So the authentication of the L2TP is not encrypted?

wiki is always there.

http://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol