How does a VPN work?

In simple terms, a VPN (or Virtual Private Network) offers a secure way to connect to the internet, encrypting the data you send over the connection to protect it, while also giving you better levels of privacy online.

VPN technology has been around for years, but there has been a spike in interest over the last few months. This has been fuelled by various factors, including increased concerns about governments monitoring online activities, ISPs potentially reselling user data, and of course those ever-present hackers looking to intercept data for nefarious deeds.

So it’s not surprising that many people are turning to a VPN to defend themselves from these looming dangers. An understanding of how a VPN works will assist users in deciding if and when to use this technology, the types of threats it can protect them from, and any limitations therein.

There are two types of VPN: corporate and consumer

Corporate VPN

There are two basic types of VPN: corporate and consumer. Corporate VPN, also known as remote access VPN, is a method to allow an off-campus employee to connect to the private corporate intranet in a secure fashion while offsite. Security is maintained via a password, and in some cases via a security token or smartphone app that generates one-time passwords.

There are two essential pieces of a corporate VPN. The first is the remote access server (RAS), also called the network access server (NAS, but this term gets confusing as NAS is also an acronym for network attached storage), which is the server that a user connects with over the internet to access the corporate network. The second component is the VPN client software, which establishes the connection to the RAS, and ensures privacy through the encryption process.

This technology is useful for offsite workers, or workers on the road who still require access to resources on the private internal network of the business. After the remote worker is authenticated, they are connected to the corporate intranet via an encrypted tunnel; in other words, a private connection gets established over the public internet. Corporate VPN has enabled remote workers to collaborate with their colleagues using services such as desktop sharing. 

For larger businesses with multiple campus locations, and in turn multiple LANs, an even more robust solution is required. This is site-to-site VPN, which facilitates employees at multiple locations sharing corporate resources by securely connecting geographically separate campuses together.

Consumer VPN

The second type of VPN is the consumer VPN, which is the variety that most folks think of these days when the term VPN is mentioned. With a consumer VPN, the user is connected to the private network via an encrypted tunnel, which is known as a VPN tunnel. The data transferred via the tunnel is encrypted to keep it private and prevent it from being intercepted.

With the user transmitting encrypted data to the VPN server via the virtual connection, which then hooks up with the worldwide web, it keeps the user’s activities more anonymous and secure. The ISP cannot see the data transferred, but only that the user is connected to a private server.

Consumer VPNs have many uses contributing to their current popularity. Some common uses include:

  • Anonymity from ISP tracking
  • Greater security while using public Wi-Fi hotspots
  • Obtaining access to geo-blocked websites
  • Getting around country-specific internet censorship

This is the Windows 10 setup screen for adding a VPN connection to a computer

Methods of setting up a VPN for a home user include at the level of the computer, or at the router. Setting up a VPN individually on a PC offers the advantage of simplicity, and it is easier to try out a new service without committing fully to it. While desktops and laptops can be configured this way, and even Android and iOS phones, not all devices – like smart TVs or media boxes – will have the capability to connect to a VPN service.

On the other hand, having the VPN at router level offers the advantage of having the whole network on the VPN without individually configuring each device, meaning that the aforementioned devices like smart TVs will be covered.

A crucial component for a VPN is the tunnel that connects the user to the VPN server, which is the key to keeping the data private. At this point, remember that to send and receive data over the internet requires it to be divided up into packets. To keep each data packet secure, it gets wrapped in an outer packet which is encrypted through a process known as encapsulation. This outer packet keeps the data secure during the transfer, and forms the basis of the VPN tunnel. Upon arrival at the VPN server, the outer packet is removed, to access the data of the inner packet, and this requires a decryption process.

Performance issues

A VPN connection is generally speaking slower than a non-VPN connection. This is due to three factors:

  • The encryption process
  • The transmission to the VPN server which is geographically further away, often in another country
  • The decryption process

A successful IP leak test where the VPN kept the user’s true IP address hidden (conducted at VPNMentor.com)

Given the multiple steps in this whole process, you might well ask: how do you know if the VPN is working? And is your location really being kept private and hidden? Thankfully, we do not have to rely on a leap of faith here, and the anonymity can be easily checked with an IP leak test.

This simple test is conducted via a web browser, and allows you to see if your local IP address or your public IP address gets displayed – hopefully it won’t. With the VPN functioning correctly, these addresses will be hidden and not displayed, and the leak test will confirm that privacy is being maintained.

VPN is a technology with plenty of useful applications, as well as limitations. With an understanding of how a VPN achieves privacy via the tunnelling process, users can successfully leverage the tool to good use, thereby enhancing their internet experience.

For users who value their anonymity and security online, it is well worth choosing, configuring and maintaining a good VPN service (there are even quality free services) to keep internet traffic encrypted and safe.