This specification presents a method and apparatus to establish a transport layer security, TLS, tunnel over Ethernet, ETLS tunnel between two endpoints (UE and WAG) and to transport UE traffic encapsulated and encrypted in a proposed TLS type Ethernet frame for all applications, thus providing secure layer 2 connectivity over public wireless local area networks, WLAN, for all UE traffic and overcome the security vulnerability of the traditional HTTP login mechanism over the public WLAN. The UE uses the TLS handshake protocol which may include negotiating ETLS capabilities extension that comprises wireless control protocol for establishing a packet data connection and tunneled authentication protocol for UE authentication and full Ethernet protection for encrypting Ethernet frames of different types.