If you already understand the basics of what is a VPN and why you should use it, it’s time we discuss the way it works. This is not mandatory, of course. Many people use things on a daily basis, including computers, and have no idea how they work. But, in the case of Virtual Private Networks, understanding their inner workings will make you feel more confident in your security while using the Internet. Even better, you’ll know which VPN services have better features than others, instead of picking the cheapest or even worse, getting a free VPN. So, let’s answer the question, “how does VPN work?”
A VPN works like this:
These are essential parts of using a VPN:
Tunneling and encapsulation
Without a VPN, there’s nothing between your private Internet connection and the Internet. Anyone can see your unique IP address, and determine not only your exact location but also other personal information. As a reminder, the data travels back and forth between networks in form of packets. This applies to your device and the Internet too. A VPN connection is like a data tunnel whose entry point is your private Internet connection, and a VPN server, hosted by a VPN provider, is its exit point. Then, your connection is once again routed through a second tunnel between a VPN server and the public network, e.g. the Internet.
To go a bit deeper for anyone curious, when your data enters a VPN tunnel, the entire main packet is accompanied by an additional packet whose purpose is to protect its contents from outside view. For that reason, the process of “layering of packets” in a tunnel is also called encapsulation. The entry and exit points are referred to as tunnel interfaces. Furthermore, the security layer also verifies that each packet arrived at the destination and that none got lost on the way and could leak any information.
Additional benefits of VPN
To anyone looking in, it will look as you’re in that location, also called “location spoofing”. It doesn’t matter if it’s your country or a country thousands of miles away. Another benefit of this, compared to using a proxy, is that the VPN speed and latency aren’t as significantly affected, and you can afford to make a VPN always ON.
Location spoofing is very handy for bypassing geolocation blocks on websites or services. Using Netflix US as an example, you wouldn’t be able to access certain content, if it’s licensed to the United States. It doesn’t matter that you have the correct login credentials and a valid subscription. Even if you use a VPN, you must pick a powerful one to bypass the Netflix VPN block.
Another benefit is that you can set up your own Virtual Private Network now that you know how it works. That way, you can connect two computers thousands of miles away into a virtual LAN (Local Area Network). The latency will be increased slightly, and the VPN speed will go down a bit, but you can share files, play games, and communicate securely as if on a true LAN.
Can anyone log my activity?
We know what the next question regarding the way a VPN works is. Is it, “won’t my ISP, and the VPN server still see what I’m doing online?” Even worse, “can’t someone intercept the traffic and see inside the tunnel?” Well, since all traffic is routed through a VPN tunnel, which hides your real IP address, your ISP can no longer see your activity. Search engines can still see your browsing and search history, but it’ll be associated with the VPN IP address, and thus cannot be traced to you.
The VPN provider can see your activity while using their VPN server, but any reputable provider upholds a zero-log policy. This means they won’t store any logs of your connection history or browsing activity while connected. You still need a great deal of trust, since you never know whether they do what they say. Some providers sell data to third parties to reduce operation costs, but those are usually free VPN services. Unfortunately, that data is later used for marketing or advertising purposes, and sometimes even for identity theft or impersonation.
With a modern VPN comes an additional security measure, called encryption. This is a term used to describe the scrambling of data into a random string of characters. They are useless gibberish to anyone who gets ahold of it. Only a person who has a decryption key, essentially a very long and complicated password, can turn the gibberish back into the original data that makes sense.
To clarify, in this case, Internet traffic is encrypted while going through a tunnel, then decrypted at the VPN server. Then, it’s encrypted again between a VPN server and the Internet, so it’s never exposed in its raw state. This hides your identity and activity online from the ISP, the government, and anyone who would like to analyze your IP address, and devices or browsers you’re using. Nowadays, you’ll see most of the VPNs using a 256-bit AES encryption algorithm. Each provider uses an encryption key ranging from 128-bits up to 4096-bits, the latter of which we mentioned in our NordVPN review.
VPN protocols are an essential part of VPN functionality. They determine how the data is transmitted through a VPN. Here are some of them.
- Point-to-Point Tunneling Protocol (PPTP). Used since the mid-1990s, this one is slowly becoming obsolete. Although it’s easy to setup on Windows, it’s considered insecure.
- Layer 2 Tunneling Protocol over IPSec (L2TP/IPSec). A combination of Cisco’s L2F protocol and Microsoft’s PPTP is this one. Its security is improved by adding an IPSec protocol. There are rumors NSA is able to break it, and VPN providers started moving from it.
- Secure Socket Tunneling Protocol (SSTP). SSTP combines SSH (Secure Shell) and TLS encryption. Only the two devices/parties involved in the transfer can decrypt the data, so it’s very secure.
- Internet Key Exchange, Version 2 (IKEv2). This one is becoming an L2TP replacement. It’s also combined with IPSec for best results and is known as the best security protocol alongside OpenVPN.
- OpenVPN. An open-source protocol constantly worked on and updated by some of the best developer minds in the world fighting for Internet freedom. It’s based on SSH over TLS like SSTP. This means only the two involved parties can encrypt and decrypt data, making it extremely secure.
- WireGuard. A free and open-source point-to-point protocol that promises to use less power than OpenVPN or IPSec while maintaining the same or higher degree of security.