What is VPN

VPN stands for Virtual Private Network (VPN), that allows a user to connect to a private network over the Internet securely and privately. VPN creates an encrypted connection that is called VPN tunnel, and all Internet traffic and communication is passed through this secure tunnel. Virtual Private Network (VPN) is basically of 2 types:

 

1. Remote Access VPN
Remote Access VPN permits a user to connect to a private network and access all its services and resources remotely. The connection between the user and the private network occurs through the Internet and the connection is secure and private. Remote Access VPN is useful for home users and business users both. An employee of a company, while he/she is out of station, uses a VPN to connect to his/her company’s private network and remotely access files and resources on the private network. Private users or home users of VPN, primarily use VPN services to bypass regional restrictions on the Internet and access blocked websites. Users aware of Internet security also use VPN services to enhance their Internet security and privacy.

 

2. Site to Site VPN
A Site-to-Site VPN is also called as Router-to-Router VPN and is commonly used in the large companies. Companies or organizations, with branch offices in different locations, use Site-to-site VPN to connect the network of one office location to the network at another office location.

 

  • Intranet based VPN: When several offices of the same company are connected using Site-to-Site VPN type, it is called as Intranet based VPN.
  • Extranet based VPN: When companies use Site-to-site VPN type to connect to the office of another company, it is called as Extranet based VPN

 

3. Cloud VPN
A Cloud VPN is a virtual private network that allows users to securely connect to a cloud-based infrastructure or service. It uses the internet as the primary transport medium to connect the remote users to the cloud-based resources. Cloud VPNs are typically offered as a service by cloud providers such as Amazon Web Services (AWS) and Microsoft Azure. It uses the same encryption and security protocols as traditional VPNs, such as IPsec or SSL, to ensure that the data transmitted over the VPN is secure. Cloud VPNs are often used by organizations to securely connect their on-premises resources to cloud-based resources, such as cloud-based storage or software-as-a-service (SaaS) applications

 

4. SSL VPN
SSL VPN (Secure Sockets Layer Virtual Private Network) is a type of VPN that uses the SSL protocol to secure the connection between the user and the VPN server. It allows remote users to securely access a private network by establishing an encrypted tunnel between the user’s device and the VPN server. SSL VPNs are typically accessed through a web browser, rather than through a standalone client. This makes them easier to use and deploy, as they don’t require additional software to be installed on the user’s device. It can be used to access internal resources such as email, file servers, or databases. SSL VPNs are considered more secure than traditional IPsec VPNs because they use the same encryption protocols as HTTPS, the secure version of HTTP used for online transactions.

5. PPTP (Point-to-Point Tunneling Protocol) VPN
PPTP (Point-to-Point Tunneling Protocol) is a type of VPN that uses a simple and fast method for implementing VPNs. It creates a secure connection between two computers by encapsulating the data packets being sent between them. PPTP is relatively easy to set up and doesn’t require any additional software to be installed on the client’s device. It can be used to access internal resources such as email, file servers, or databases. PPTP is one of the oldest VPN protocols and is supported on a wide range of operating systems. However, it is considered less secure than other VPN protocols such as L2TP or OpenVPN, as it uses a weaker encryption algorithm and has been known to have security vulnerabilities.

 

6. L2TP (Layer 2 Tunneling Protocol) VPN
L2TP (Layer 2 Tunneling Protocol) is a type of VPN that creates a secure connection by encapsulating data packets being sent between two computers. L2TP is an extension of PPTP, it adds more security to the VPN connection by using a combination of PPTP and L2F (Layer 2 Forwarding Protocol) and it uses stronger encryption algorithm than PPTP. L2TP is relatively easy to set up and doesn’t require additional software to be installed on the client’s device. It can be used to access internal resources such as email, file servers, or databases. It is supported on a wide range of operating systems, but it is considered less secure than other VPN protocols such as OpenVPN, as it still has some vulnerabilities that can be exploited.

 

7. OpenVPN
OpenVPN is an open-source software application that uses SSL and is highly configurable and secure. It creates a secure and encrypted connection between two computers by encapsulating the data packets being sent between them. OpenVPN can be used to access internal resources such as email, file servers, or databases. It is supported on a wide range of operating systems and devices, and can be easily configured to work with various network configurations and security settings. It is considered one of the most secure VPN protocols as it uses the industry standard SSL/TLS encryption protocols and it offers advanced features such as two-factor authentication and kill switch.

 

Types of Virtual Private Network (VPN) Protocols:

Internet Protocol Security (IPSec): Internet Protocol Security, known as IPSec, is used to secure Internet communication across an IP network. IPSec secures Internet Protocol communication by verifying the session and encrypts each data packet during the connection. IPSec runs in 2 modes:
(i) Transport mode
(ii) Tunneling mode


Layer 2 Tunneling Protocol (L2TP): L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is often combined with another VPN security protocol like IPSec to establish a highly secure VPN connection. L2TP generates a tunnel between two L2TP connection points and IPSec protocol encrypts the data and maintains secure communication between the tunnel.


Point–to–Point Tunneling Protocol (PPTP): PPTP or Point-to-Point Tunneling Protocol generates a tunnel and confines the data packet. Point-to-Point Protocol (PPP) is used to encrypt the data between the connection. PPTP is one of the most widely used VPN protocol and has been in use since the early release of Windows. PPTP is also used on Mac and Linux apart from Windows.


SSL and TLS: SSL (Secure Sockets Layer) and TLS (Transport Layer Security) generate a VPN connection where the web browser acts as the client and user access is prohibited to specific applications instead of entire network. Online shopping websites commonly uses SSL and TLS protocol. It is easy to switch to SSL by web browsers and with almost no action required from the user as web browsers come integrated with SSL and TLS. SSL connections have “https” in the initial of the URL instead of “http”.

 

SSTP (Secure Socket Tunneling Protocol): A VPN protocol developed by Microsoft that uses SSL to secure the connection, but only available for Windows.


IKEv2 (Internet Key Exchange version 2): A VPN protocol that provides fast and secure connections, but not widely supported by VPN providers.

L3 VPN

Layer 3 VPNs (L3 VPNs) use various protocols to facilitate secure communication between different networks at the network layer (Layer 3). These protocols are responsible for routing, encryption, and maintaining secure tunnels across different sites, often over the public internet or private networks. Below are the most common Layer 3 VPN protocols used for secure and scalable network communication:

 

1. MPLS (Multiprotocol Label Switching)
Description: MPLS is one of the most widely used Layer 3 VPN protocols. It uses labels to forward data rather than IP addresses, enabling efficient routing and traffic engineering. MPLS is a highly scalable and flexible protocol that allows service providers to manage traffic over a shared network infrastructure while maintaining isolation between different customers’ traffic.

 

Key Features:

  • Supports Virtual Routing and Forwarding (VRF), which creates isolated routing tables for different customers.
  • Provides traffic engineering and quality of service (QoS).
  • Enables secure communication across wide-area networks (WANs) by encapsulating data packets with labels.
  • Use Case: Large enterprises, service providers, and businesses with geographically dispersed offices or data centers.

2. IPsec (Internet Protocol Security)
Description: IPsec is a protocol suite that provides security services for IP packets at the network layer. It ensures data confidentiality, integrity, and authentication. While IPsec is commonly used in site-to-site and remote access VPNs, it can also be used in Layer 3 VPNs.


Key Features:

  • Encryption: IPsec uses strong encryption algorithms like AES to secure traffic.
  • Authentication: Provides authentication to verify the identity of the parties communicating.
  • Tunneling: Encrypts entire IP packets and sends them through a secure tunnel.
  • Can be used with routing protocols (e.g., BGP, OSPF) for dynamic routing.
  • Use Case: Secure communication between remote sites or between branch offices over the internet, especially in smaller or medium-sized networks.

3. DMVPN (Dynamic Multipoint Virtual Private Network)
Description: DMVPN is a Cisco proprietary VPN technology that allows dynamic, on-demand communication between remote sites over a public or private network. DMVPN combines GRE (Generic Routing Encapsulation) tunneling with IPsec encryption and uses dynamic routing protocols like EIGRP or OSPF to establish direct communication between remote sites.


Key Features:

  • Dynamic Tunnel Creation: Tunnels are established dynamically between remote sites as needed.
  • Multipoint Connectivity: Allows for secure direct communication between multiple remote sites without needing to route traffic through a central hub.
  • Uses GRE tunneling for encapsulation and IPsec for encryption.
  • Use Case: Ideal for organizations with a large number of remote offices that need a flexible, scalable, and secure VPN solution.

4. GRE (Generic Routing Encapsulation)
Description: GRE is a simple, lightweight tunneling protocol used to encapsulate a wide variety of Layer 3 protocols (such as IP, IPv6, and multicast) for transmission over an IP network. While GRE itself does not provide encryption, it is often combined with IPsec or other security protocols to secure the traffic.


Key Features:

  • Encapsulation: Encapsulates Layer 3 packets for transport across an IP network.
  • Protocol Transparency: Supports any Layer 3 protocol, which makes it versatile.
  • Does not inherently provide encryption, so additional security layers (like IPsec) are needed.
  • Use Case: Used for connecting remote offices in a simple, lightweight, and cost-effective manner, often in combination with IPsec for security.

5. BGP/MPLS L3 VPN (Border Gateway Protocol/MPLS Layer 3 VPN)
Description: BGP/MPLS L3 VPN is a solution that uses BGP to distribute routing information between multiple sites and MPLS to label the traffic for efficient forwarding. This approach is typically used by service providers to manage and route data for multiple customers over a shared MPLS network infrastructure.


Key Features:

  • Uses BGP for routing and distributing VPN-specific information (like route prefixes) across the network.
  • Leverages MPLS labels for forwarding traffic without relying solely on IP addresses.
  • VRF (Virtual Routing and Forwarding): Isolates different customers’ routing information within separate virtual routing tables.
  • Use Case: Large enterprises and ISPs that need to connect multiple customers securely over a shared infrastructure while maintaining routing isolation.

6. VxLAN (Virtual Extensible LAN)
Description: VxLAN is an overlay network technology designed to create a virtual Layer 3 network on top of an existing physical network, using IPsec or MPLS for encapsulation. It extends Layer 2 networks over long distances, allowing virtual networks to span data centers.


Key Features:

  • Encapsulation: VxLAN encapsulates Ethernet frames inside UDP packets, allowing Layer 2 networks to extend over Layer 3 infrastructure.
  • Network Isolation: Allows for multi-tenancy by creating isolated Layer 2 domains.
  • Scalable: Provides scalability by supporting up to 16 million unique VXLAN segments (compared to the 4,094 available VLANs).
  • Use Case: Often used in data center networks, particularly for multi-tenant environments and cloud services.

What are VPNs used for?
Regular internet users and organizations use VPNs for virtual privacy. Organizations deploy VPNs to ensure authorized users can access their data center using encrypted channels. VPNs also enable users to connect to a database from the same organization located in a different area.

 

VPNs provide remote employees, gig economy freelance workers and business travelers with access to software applications hosted on proprietary networks. To gain access to a restricted resource through a VPN, the user must be authorized to use the VPN and provide one or more authentication factors. These can be passwords, security tokens or biometric data.

 

When an internet user surfs the web, an attacker could access information, including browsing habits or IP addresses. If privacy is a concern, a VPN can provide users with peace of mind. Most users find value in VPN’s encryption, anonymity and ability to get around geographically blocked content.

 

For example, getting around blocked content from another country might be extremely useful for journalists. If a country is likely to block internet content from foreign entities, journalists could use a VPN to look like they’re within that country.

 

VPN protocols
VPN protocols ensure an appropriate level of security to connected systems when the underlying network infrastructure alone can’t provide it. Several different protocols can secure and encrypt data. They include the following:

  • IP Security (IPsec).
  • Secure Sockets Layer (SSL) and Transport Layer Security (TLS).
  • Point-to-Point Tunneling Protocol (PPTP).
  • Layer 2 Tunneling Protocol (L2TP).
  • OpenVPN.

 

Benefits and challenges of using a VPN
Benefits of using a VPN include the following:

  • The ability to hide a user’s IP address and browsing history.
  • Secure connections with encrypted data.
  • Bypassing geo-blocked content.
  • Making it more difficult for advertisers to target ads to individuals.

 

The challenges of using a VPN include the following:

  • Not all devices support a VPN.
  • VPNs do not protect against every threat.
  • Paid VPNs are more trusted, secure options.
  • A VPN might slow down internet speeds.
  • Anonymity through VPNs has limitations — for example, browser fingerprinting is still possible.

 

History of VPNs
VPN technology was first used in 1996 when a Microsoft employee developed PPTP. The protocol created a more secure private connection between a user device and the internet. In 1999, Microsoft published the specification.

 

In the early 2000s, VPNs were mostly associated with and used by businesses to access private business networks. In this use case, organizations were able to access company data from anywhere while looking as if they were in the office. Secure file sharing between different offices became possible. However, the technology wasn’t often used by average online users.

 

After this, encryption standards became more powerful and new tunneling protocols were developed. As individuals started to learn about potential online threats and privacy issues, VPN use expanded to individual, at-home users. Privacy scandals were injected into the modern zeitgeist, such as WikiLeaks or the separate security leaks by Edward Snowden.

 

Around 2017, internet users in the U.S. learned that ISPs could collect and sell their browsing history. Net neutrality became a concept citizens had to fight for — and effectively lost. The U.S. House of Representatives passed a bill in 2019 to bring back net neutrality but was ultimately blocked by the Senate. In 2024, the FCC voted to restore net neutrality, but U.S. courts blocked the ruling in August of the same year. Some states have enacted versions of net neutrality laws. With this knowledge, the use of VPNs became a more legitimate need for individuals.

Slide

What is Relay