The limitations of the PPP protocol can come into play in L2TP. PPP packet payloads are encrypted, but keys are not refreshed. This implies that someone listening to the traffic for a long enough time can launch a dictionary-style attack against the key, and thus gain the data.

In practice, an L2TP tunnel is an L2TP frame inside a UDP packet. Because UDP is an IP protocol, we can apply IPSec to increase the security of the dial-up VPN. This comes at the cost of administering IPSec on a phone line; but L2TP is too easily compromised not to consider adding a measure of security through IPSec or another custom IP security framework.