What is a VPN
Virtual Private Network (VPN) is a point-to-point encrypted connection between your device and server located on public networks. VPNs encrypt your online traffic to disguise your identity. This process takes place in real-time and makes it difficult for anybody to track your activities online and steal data.
Recommended additional reading:
If you don’t like to be watched or tracked, that’s a good reason you need a VPN.
Remember, browsing through a VPN hides your online activity, and your traffic is encrypted.
The Definition of
Virtual Private Network
A VPN is used to establish a secure connection between you and the server located on the internet. All your data traffic is routed through the virtual tunnel, thanks to encryption. Encrypted tunnel disguises your IP address when you use the internet, making its location invisible to everyone. At the same time, your data is protected against external attacks because you are the only one who can access the data inside the encrypted tunnel.
Furthermore, the data can be decrypted only by you because nobody has access to your private key.
What is more, thanks to VPN technology, you can access regionally restricted content from anywhere globally. I mean, the banking services and streaming platforms that are not available in every country.
A remote-access VPN connection provides access to a remote machine like both the remote and local device were in the same network behind the firewall with public IP. Therefore, this type of connection allows, for example, employees to get remote access to the company’s resources. In addition, a remote-access connection prevents creating multiple copies of the documents and other resources by using the internal versions like from a regular office.
With remote access, you can also connect to your home network, for example, from the hotel during your journey, to access your documents, photos or check the recordings from the surveillance system cameras. Furthermore, you can use your Network-Attached Storage (NAS) with your videos, photos, etc., thanks to a VPN connection, even while visiting your family.
VPN Client <—> VPN NAS
In order to set up the remote-access VPN connection, you need two components. The first is a Network Access Server (NAS), called a media gateway or a remote-access server (RAS).
Note: Please, pay attention that I used NAS with two meanings.
- Network-Attached Storage — a server used to share private files inside your home network.
- Network Access Server — a dedicated server or software running on a shared server.
A user connects from the internet to the NAS (Network Access Server) to set up the VPN connection. Then, the VPN tunnel is secured by credentials required to sign in to that server. It’s also very common to use a separate authentication server running on the network to achieve a higher level of security.
The second component of the VPN tunnel is the client software. Dedicated software allows the user to establish and maintain a secure VPN connection. Today, most operating systems like Windows, Linux, or Macintosh have built-in software that can connect to remote-access VPNs. Nevertheless, some VPNs might provide additional functionality, therefore, might require users to install a specific application instead. Moreover, the dedicated application plays the role of encrypting and routing software that encrypts the traffic before sending it through the VPN tunnel.
In many cases, the dedicated software can get the initial configuration from the VPN service provider, like the cryptographic protocols and static IPs that you can use (VPN management role).
A site-to-site VPN allows extending the internal network LAN (Local Area Network) by connecting to a single or multiple remote locations. This type of setup allows for establishing secure connections between all connected LANs over a public network. In addition, site-to-site VPN extends the local network with other networks, making computer resources from one location available to another network like they were close to each other.
A growing corporation commonly uses this type of VPN connection with many offices worldwide.
A site-to-site solution provides two scenarios of VPNs, intranet- and extranet-based.
Intranet-based is when two or more remote locations need to be connected, creating one private network. Then, all of the computers from the virtual LAN use a single WAN connection.
Extranet-based is when two companies have a close relationship and would like to create separate virtual LANs to work together on the project. That way, partners, suppliers, or customers can use extranet VPN to work together in a secure, shared network environment while preventing access to their separate intranets.
Additionally, the site-to-site VPN can eliminate the need for a VPN client software installed on each computer. Instead, the network router/server providing WAN (Wide Area Network) access with built-in VPN functionality can serve a site-to-site VPN to all connected devices.
Check how VPNs work
Check how you could use VPN
Tunneling the data
Tunneling is the encapsulation of the packets before they are transported over the internet. Encapsulation means that the entire packet gets placed within another packet. That outer shell (packet) protects the internal one from public view by keeping it entirely inside the virtual tunnel.
The encapsulation is a layering process performed by edge devices of the VPN tunnel. Those devices are called tunnel interfaces. The VPN to function correctly requires good configuration of both interfaces so that they understand each other during data exchange.
The tunnel interfaces use a specific protocol to encapsulate and transport the data through the tunnel so that the sending and receiving devices can properly understand the packets’ content and provide a sufficient security level. In other words, the tunneling protocol adds a security layer to protect the data.
The tunneling protocol defines the virtual network and the routing of the packets on both ends of the tunnel. This way, inside the encrypted packet, devices find specific communication information on how and where to deliver unencrypted data. This unencrypted data is the information on how to send the network requests from the VPN server to the destination point.
Inside the tunnel, the data is encrypted, and the tunnel interfaces use standard transportation protocols to send the encrypted content over the internet.
It might sound complicated, and to better understand the process, think of having a regular mail envelope (tunneling protocol — encrypted) inside the second one (transport protocol). First, the outer (shell), the second envelope, tells the postman to deliver it to the specific building. Next, after opening the second one (outer), the employee delivers the first/main envelope to the desired room number. Thanks to that process, each inner packet maintains the passenger protocol, such as internet protocol (IP), defining how the packet should travel on the LANs at each end of the tunnel.
There is also a possibility to send both encrypted and unencrypted data. The unencrypted data is sent through regular routes in your local network, but the encrypted information uses the tunnel to reach the desired destination over the internet. This feature is called split tunneling and is used to differentiate the communication between local and remote.
Devices used to set up the VPN tunnel
Regular VPN setup, as described previously, uses client software that is installed on the device, whether it’s a computer, mobile phone, or tablet.
Instead of software installed on each of the devices with a separate VPN tunnel configuration, there is a possibility of using dedicated equipment optimized for the security and VPN connection. For example, you can get a regular VPN server that you install at home or work or a small VPN router that you can use during travel and have a protected small network wherever you go. That small router works as a VPN gateway to the internet for all your devices like phones, computers, and tablets providing security to your connections while using public access points in hotels, restaurants, or airports.
Unfortunately, there is no standard setup that all VPNs follow. Therefore, when you plan to use a VPN tunnel connection to your home or office, you should consider some additional equipment:
- Network access server to set up and maintain the remote-access VPN. Your phone or computer can be preconfigured to always connect through your home network. Whenever you open anything from any place on the globe, it will look like you never moved out from home.
- A firewall that provides a strong barrier between your private network and the internet. You can use firewalls to restrict what type of traffic can pass through from the internet to designated LAN ports. A firewall protects you against malicious internet traffic.
- AAA Server (authentication, authorization, and accounting). This is a much more advanced setup with a higher security level. The server can confirm who you are, what you can access, and log your activity while you are logged in for each VPN connection.
I will not go deeper into a more complicated setup.
Nevertheless, if you don’t run a company and don’t need to connect LAN-to-LAN, but would like to protect your online activity and privacy while connecting from home or mobile devices, then I recommend using:
- VPN Router — a typical router that allows you to configure the VPN connection and route your traffic through that VPN tunnel.
- VPN Client — software (application or browser addon) running on your devices protecting your connections. The software acts as a tunnel interface.
The VPN Protocols are used to encrypt the data. Encryption protects the information with a specific key required to decode the content. In addition, the key informs the device what type of computation is needed to encrypt or decrypt the data.
Most common encryption types:
- Symmetric-key encryption — all devices or users use the same key to encrypt/decrypt the data.
- Public-key encryption — each device or user has a public-private key pair. One device uses its private key to encrypt data, and another device uses the corresponding public key from the pair to decrypt that data.
Besides the keys, the protocols and frameworks define how encryption and encapsulation are applied to the data, defining network standards.
The GRE (Generic Routing Encapsulation) is a framework providing a process on how to package and transport the data over the Internet Protocol (IP). In addition, GRE includes information on what type of packet is encapsulated and what is the connection between sending and receiving devices.
The IPSec (Internet Protocol Security) is a protocol used to secure the IP traffic on LAN and WAN. IPSec encrypts the data and consists of two sub-protocols:
Encapsulated Security Payload (ESP) is used to encrypt the payload (the data) with a symmetric key.
Authentication Header (AH) is used to assure the integrity of the data and hide some information like the user’s identity before it reaches the destination. AH uses a hashing operation on the packet header.
IPSec can be used in two modes, transport or tunnel mode. The VPNs use the tunnel mode with both protocols, ESP and AH, protecting the data.
Currently, besides PPTP (Point-to-point Tunneling Protocol) or L2TP (Layer 2 Tunneling Protocol), modern VPNs provide new, higher security level protocols, which are described on the VPN Features page.
The benefits of using a VPN connection
In the end, to summarize how the VPN works, I would like to mention what the benefits of using a VPN connection are?
First of all, a VPN tunnel disguises your data traffic online and protects the content from external access.
In the modern world, it’s essential to encrypt our crucial information to protect it from hackers and cybercriminals. Therefore, whenever you use the VPN, please ensure that you use an adequate level of encryption to protect the data.
Moreover, use complex passwords to protect your VPN accounts and encryption keys.
Secondly, VPN disguises your online activity and protects your privacy.
VPNs work as your proxy servers, hiding your location and activity. Nevertheless, it’s essential to use a VPN service that doesn’t collect any logs to be fully protected.
Thirdly, VPNs allow you to access locally restricted content.
Some websites are not always accessible from everywhere. It’s the same with services like banking or trading that limit access based on local regulations. This might be a problem if you travel and cannot be in your home country but still would like to use those services. With VPN location spoofing, you can change your location by switching to a server in the desired country.
Finally, VPNs protect your data by using secure transfers.
For example, if you work remotely or want to access your private files at home, you may use a VPN connection to private servers and use encryption methods to reduce the risk of data leakage.
Recommended additional reading:
VPNs can help you protect your identity at all times.
Grab the VPN with a strict
no-logs policy, military-grade encryption, and privacy features to ensure your digital security.
Check how you can use VPN