How a VPN Works – The Ultimate Novice Guide

Posted by BulletVPN on 06 04 2020.

Since 2013, almost 25% of global internet users have accessed the web through a VPN each month. Everyone has a reason, be it to bypass restrictions, online security, or enhanced anonymity. The process is simple: Select a server, hit connect, and you’re totally secure. That’s just for the naked eye; there’s so much more happening in the background. Today, we’ll be shedding more light on how VPNs work, connect, and encrypt a user’s data.

The Rise of Virtual Private Networks

Networking solutions for personal and business use first emerged in the early-1990s. We’re referring to the release of Windows 3.11, the first consumer-oriented operating system with support for bringing computers together into a local home or office network.

The Internet was already spreading as a viable environment for communicating remotely by the mid-1990s. It enabled both businesses and individuals to connect to remote servers, which are the backbone of the Internet, as well as to another computer within wider networks.

Thus, the need to protect online communications arises, eventually resulting in the emergence of virtual private networks (VPN). This cybersecurity tool is a method and technology to exchange data in a secure manner. Moreover, it allows users to browse the Internet by effectively hiding their IP address i.e., your real whereabouts.

The latter VPN feature is mostly associated with consumer-grade VPN services, whose main purpose is to enable individual users to browse the Internet privately and also hide their IP address, mainly for accessing geo-restricted online services and websites.

While the principles of corporate and consumer VPNs are mostly the same, the below paragraphs contain software and hardware definitions that are more of interest to business users rather than individuals.

Basic VPN Types

We will not discuss whether you need a VPN or not and what are the advantages and disadvantages of using a VPN. It is a different and broad topic, and in order to understand the discussions surrounding VPN usage, you need to know how VPNs really work.

There are basically, two types of VPNs in common use:

• Remote-access VPN, which is also referred to as a Virtual Private Dial-up Network (VPDN). This type of a VPN connects an end-user to a local area network (LAN), which in fact, is a remote connection from an end-point device to a corporate or home network.

Thus, an organization can enable employees or partners to connect to its network through an encrypted and secure connection, which usually uses a third-party Internet service provider (ISP) to materialize the exchange of data.

• Site-to-site VPN is a method and IT architecture that enables users in different physical locations to connect to each other over the Internet or other public communication channels. In the case of an organization, it is usually multiple offices communicating with each other over the Internet, which in turn eliminates the need to build costly private communication lines.

For their part, site-to-site VPNs fall into one of two categories:

• • Intranet VPN, which connects only offices/users of the same organization, and
  • Extranet VPN, which connects an organization with its partners or customers.

Each of these VPN variations, however, works in one and the same fashion, providing encryption for data transfers and bridging different LANs that can be external or internal. You need to realize that the Internet is actually a bunch of local area networks and sites that are able to communicate with each other.

And this happens at both the hardware and software levels. Let’s see how.

Hardware and Software behind VPNs

Any VPN requires at least the basic hardware to operate while this is usually the hardware you need to access the Internet at all. Advanced VPN hardware solutions such as VPN Concentrators and VPN-enabled routers exist, but in any case, you also need VPN servers, server software, and a client application to make a VPN connection. In fact, you need a desktop or mobile software client for each device or user you want to protect.

Then, you need a dedicated VPN server for dial-up services as well as a Network Access Server (NAS) that might be a dedicated server or software that runs on a shared server. The NAS authenticates the user and allows him to use the VPN once it recognizes his login credentials as valid.

 

Source: University of Colorado, Boulder

Once you are allowed by the NAS, an AAA Server authenticates who the user is, then identifies your access rights within the VPN connection and monitors whether you try to perform actions that fail outside the scope of your assigned access/user rights. AAA stands for authentication, authorization, and accounting.

As far as the ultimate goal of any VPN is to keep your connections private and secure, there are also multiple communications protocols and encryption methods that make a reliable VPN.

VPN Protocols and Encryption Methods

A number of VPN protocols are in wide use today, and those include:

• Point-to-Point Tunneling Protocol (PPTP) is a protocol that no one uses nowadays. Microsoft developed it back in the day. However, it’s now outdated and used only as a supporting protocol for use in VPNs.
• Layer 2 Tunneling Protocol (L2TP/IPsec) combines PPTP and Cisco’s L2F protocols. But while it’s more secure than PPTP, it lacks encryption or privacy functionalities. It is more often bundled with the IPsec security protocol rather than being a protocol used in VPNs.
• Secure Socket Tunneling Protocol (SSTP) is one of the protocols that are safe for VPN use. In fact, Microsoft developed it. It provides a means for end-to-end encryption. That means only you and the user you are communicating with can decode the data exchanged.
• Internet Key Exchange, version 2 (IKEv2), is the more secure version of L2TP. Microsoft and Cisco developed this protocol. It is in use mainly in mobile communications and is often an integral part of the IPsec security protocol.
• OpenVPN is an open-source VPN solution, which is the best publicly available VPN protocol. In fact, you will find this protocol being in use by each and every worth trying consumer-grade or enterprise-level VPN that is available on the market.

All of the above protocols are being used within the wider framework of data tunneling. This technology encapsulates an entire data packet within another packet and then sends it over a network, hiding the device identity of the data source.

Data Tunneling – The Protocols

Data tunneling only obscures the source from which the data in transfer originates. On the other hand,  other protocols take care of encrypting your data. In any case, data tunneling uses three protocols to safely transfer your data:

• Passenger protocols that carry the original data – IPX, NetBEUI or IP.
• Encapsulating protocols such as GRE, IPsec, L2F, PPTP, L2TP or OpenVPN that is bound around your original data.
• Carrier protocol, which is the specific protocol your network is using to deliver the data.

The VPN actually encapsulates the original packet, or passenger protocol, into the encapsulating protocol, and then puts it into the carrier protocol’s header to transfer it over a public network.

Site-to-site VPNs usually use IPsec or Generic Routing Encapsulation (GRE) protocols for encapsulation. Remote-access VPNs usually perform data tunneling through Point-to-Point Protocol (PPP).

In some specific VPN scenarios, such as financial transactions, nonrepudiation is also involved. Here, the sender attaches its digital signature to the original message; thus, confirming its participation in the transaction.

Concluding Words

Any of the existing VPN solutions are working as described above. However, you should be aware that properly configuring a VPN is also an important part of the equation. How you use its security features really matters. We’re talking about the likes of split tunneling, kill switch functionality, and different transport protocols and encryption layers.

You should also bear in mind that a VPN should always work along with other defense tools. We’re talking about a combination with a firewall and antivirus software if you are to have adequate protection.