VPN 101

A virtual private network (VPN) extends a private network across a public network, enabling users to send and receive data as if the device in use was directly connected to the internal private network. This technology was created to allow remote users the ability to access corporate applications and resources. First developed in 1996 by a Microsoft engineer, the peer-to-peer tunneling protocol (PPTP) set the stage for the evolution of the modern VPN. Since then, many different types of VPN technologies have emerged, and the options remain relatively diverse in terms of hosting, protocols and encryption.

But the fundamentals remain the same: A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols or traffic encryption; and VPN users use authentication methods, including passwords or certificates, to gain access to the VPN.

The VPN Tunnel

In computer networks, a tunneling protocol is a communication method that permits data to move from one network to another. This process allows private network traffic to be sent across a public network (such as the Internet), using a process called encapsulation. A tunneling protocol works by using the data portion of a packet (the payload) to carry the packets that actually provide the service.

In the simplest terms, a VPN tunnel is an encrypted link between your device and another network.

Because tunneling involves repackaging the traffic data into a different form, it can hide and secure the contents of the traffic passing through that tunnel. Some common protocols include:

  • IPIP (Protocol 4): IP in IPv4/IPv6
  • SIT/IPv6 (Protocol 41): IPv6 in IPv4/IPv6
  • GRE (Protocol 47): Generic Routing Encapsulation
  • OpenVPN (UDP port 1194): Openvpn
  • SSTP (TCP port 443): Secure Socket Tunneling Protocol
  • IPSec (Protocol 50 and 51): Internet Protocol Security
  • L2TP (Protocol 115): Layer 2 Tunneling Protocol
  • VXLAN (UDP port 4789): Virtual Extensible Local Area Network

VPNs commonly use security technologies such as IP Security (IPsec) and Transport Layer Security (TLS) to protect VPN communication. Client-based (remote access) VPNs are often deployed by businesses to allow their remote users to connect securely to on-premises resources. Site-to-Site VPNs can be used to connect networks in different physical locations.

Richard Hicks
Founder & Principal Consultant, Richard M. Hicks Consulting

Why does VPN tunneling matter for mobile?

With the ubiquitous nature of mobile computing and the increasing amount of wireless connection options, securing mobile traffic is more important than ever. And because VPN tunnel protocols are flexible by nature, creating networks across smartphones, tablets, computers, cellular providers and WiFi is easier than ever. For example, a tunneling protocol may allow a foreign protocol to run over a network that does not support that particular protocol, like running IPv6 over IPv4.

Why does VPN tunneling matter to enterprises?

Another important use of VPN tunnels is to provide services that are impractical or unsafe to be offered using only the underlying network services. As enterprises increase remote workforce numbers, the security implications of providing a corporate network address to a BYOD remote user whose physical network address is not part of the corporate network skyrocket. But encrypting external traffic with a VPN ensures that the data remains private and secure.

Most Recent Blog Post