What is a VPN
Virtual Private Network (VPN) is a point-to-point encrypted connection between your device and server located on public networks. VPNs encrypt your online traffic to disguise your identity. This process takes place in real-time and makes it difficult for anybody to track your activities online and steal data.
Recommended additional reading:
If you don’t like to be watched or tracked, that’s a good reason you need a VPN.
Remember, browsing through a VPN hides your online activity, and your traffic is encrypted.
The Definition of
Virtual Private Network
A VPN is used to establish a secure connection between you and the server located on the internet. All your data traffic is routed through the virtual tunnel, thanks to encryption. Encrypted tunnel disguises your IP address when you use the internet, making its location invisible to everyone. At the same time, your data is protected against external attacks because you are the only one who can access the data inside the encrypted tunnel.
Furthermore, the data can be decrypted only by you because nobody has access to your private key.
What is more, thanks to VPN technology, you can access regionally restricted content from anywhere globally. I mean, the banking services and streaming platforms that are not available in every country.
A remote-access VPN connection provides access to a remote machine like both the remote and local device were in the same network behind the firewall with public IP. Therefore, this type of connection allows, for example, employees to get remote access to the company’s resources. In addition, a remote-access connection prevents creating multiple copies of the documents and other resources by using the internal versions like from a regular office.
With remote access, you can also connect to your home network, for example, from the hotel during your journey, to access your documents, photos or check the recordings from the surveillance system cameras. Furthermore, you can use your Network-Attached Storage (NAS) with your videos, photos, etc., thanks to a VPN connection, even while visiting your family.
VPN Client <—> VPN NAS
In order to set up the remote-access VPN connection, you need two components. The first is a Network Access Server (NAS), called a media gateway or a remote-access server (RAS).
Note: Please, pay attention that I used NAS with two meanings.
- Network-Attached Storage — a server used to share private files inside your home network.
- Network Access Server — a dedicated server or software running on a shared server.
A user connects from the internet to the NAS (Network Access Server) to set up the VPN connection. Then, the VPN tunnel is secured by credentials required to sign in to that server. It’s also very common to use a separate authentication server running on the network to achieve a higher level of security.
The second component of the VPN tunnel is the client software. Dedicated software allows the user to establish and maintain a secure VPN connection. Today, most operating systems like Windows, Linux, or Macintosh have built-in software that can connect to remote-access VPNs. Nevertheless, some VPNs might provide additional functionality, therefore, might require users to install a specific application instead. Moreover, the dedicated application plays the role of encrypting and routing software that encrypts the traffic before sending it through the VPN tunnel.
In many cases, the dedicated software can get the initial configuration from the VPN service provider, like the cryptographic protocols and static IPs that you can use (VPN management role).
A site-to-site VPN allows extending the internal network LAN (Local Area Network) by connecting to a single or multiple remote locations. This type of setup allows for establishing secure connections between all connected LANs over a public network. In addition, site-to-site VPN extends the local network with other networks, making computer resources from one location available to another network like they were close to each other.
A growing corporation commonly uses this type of VPN connection with many offices worldwide.
A site-to-site solution provides two scenarios of VPNs, intranet- and extranet-based.
Intranet-based is when two or more remote locations need to be connected, creating one private network. Then, all of the computers from the virtual LAN use a single WAN connection.
Extranet-based is when two companies have a close relationship and would like to create separate virtual LANs to work together on the project. That way, partners, suppliers, or customers can use extranet VPN to work together in a secure, shared network environment while preventing access to their separate intranets.
Additionally, the site-to-site VPN can eliminate the need for a VPN client software installed on each computer. Instead, the network router/server providing WAN (Wide Area Network) access with built-in VPN functionality can serve a site-to-site VPN to all connected devices.
Check how VPNs work
Check how you could use VPN
Devices used to set up the VPN tunnel
Regular VPN setup, as described previously, uses client software that is installed on the device, whether it’s a computer, mobile phone, or tablet.
Instead of software installed on each of the devices with a separate VPN tunnel configuration, there is a possibility of using dedicated equipment optimized for the security and VPN connection. For example, you can get a regular VPN server that you install at home or work or a small VPN router that you can use during travel and have a protected small network wherever you go. That small router works as a VPN gateway to the internet for all your devices like phones, computers, and tablets providing security to your connections while using public access points in hotels, restaurants, or airports.
Unfortunately, there is no standard setup that all VPNs follow. Therefore, when you plan to use a VPN tunnel connection to your home or office, you should consider some additional equipment:
- Network access server to set up and maintain the remote-access VPN. Your phone or computer can be preconfigured to always connect through your home network. Whenever you open anything from any place on the globe, it will look like you never moved out from home.
- A firewall that provides a strong barrier between your private network and the internet. You can use firewalls to restrict what type of traffic can pass through from the internet to designated LAN ports. A firewall protects you against malicious internet traffic.
- AAA Server (authentication, authorization, and accounting). This is a much more advanced setup with a higher security level. The server can confirm who you are, what you can access, and log your activity while you are logged in for each VPN connection.
I will not go deeper into a more complicated setup.
Nevertheless, if you don’t run a company and don’t need to connect LAN-to-LAN, but would like to protect your online activity and privacy while connecting from home or mobile devices, then I recommend using:
- VPN Router — a typical router that allows you to configure the VPN connection and route your traffic through that VPN tunnel.
- VPN Client — software (application or browser addon) running on your devices protecting your connections. The software acts as a tunnel interface.
The VPN Protocols are used to encrypt the data. Encryption protects the information with a specific key required to decode the content. In addition, the key informs the device what type of computation is needed to encrypt or decrypt the data.
Most common encryption types:
- Symmetric-key encryption — all devices or users use the same key to encrypt/decrypt the data.
- Public-key encryption — each device or user has a public-private key pair. One device uses its private key to encrypt data, and another device uses the corresponding public key from the pair to decrypt that data.
Besides the keys, the protocols and frameworks define how encryption and encapsulation are applied to the data, defining network standards.
The GRE (Generic Routing Encapsulation) is a framework providing a process on how to package and transport the data over the Internet Protocol (IP). In addition, GRE includes information on what type of packet is encapsulated and what is the connection between sending and receiving devices.
The IPSec (Internet Protocol Security) is a protocol used to secure the IP traffic on LAN and WAN. IPSec encrypts the data and consists of two sub-protocols:
Encapsulated Security Payload (ESP) is used to encrypt the payload (the data) with a symmetric key.
Authentication Header (AH) is used to assure the integrity of the data and hide some information like the user’s identity before it reaches the destination. AH uses a hashing operation on the packet header.
IPSec can be used in two modes, transport or tunnel mode. The VPNs use the tunnel mode with both protocols, ESP and AH, protecting the data.
Currently, besides PPTP (Point-to-point Tunneling Protocol) or L2TP (Layer 2 Tunneling Protocol), modern VPNs provide new, higher security level protocols, which are described on the VPN Features page.
Recommended additional reading:
VPNs can help you protect your identity at all times.
Grab the VPN with a strict
no-logs policy, military-grade encryption, and privacy features to ensure your digital security.
Check how you can use VPN