Skip to content

What is a VPN?

VPN’s (Virtual Private Network’s) were first used by companies to enable their employees to securely access internal systems such as email remotely (e.g. from home or while on business trips). Today they are increasingly being used for personal use by individuals to protect their privacy while online in public places (e.g. when using the wi-fi connection in a cafe) or in a country where the internet is censored / blocked (e.g. China, Saudi Arabia…).

Diagram illustrating VPN connection between a user, their VPN provider, and the internet.

A personal VPN basically allows you to create a secure tunnel through your existing internet connection to a server in another country (often in America or Europe) where you can then enjoy open access to any site you like. All the information flowing through the tunnel is encrypted which means anyone who might be eavesdropping on your connection will not be able to see what you are doing.

To use a VPN you must sign-up for a VPN provider and install some software (the client) to activate every time you want to use it. In effect the VPN provider (the host) is acting as a secure gateway to the rest of the internet. VPN’s can be used on PC’s, Macs, and smartphones / tablets (iPhone, Android etc.).

It’s important to note that a VPN differs from a proxy server in that a proxy just acts as an insecure intermediary for browsing web pages while a VPN provides a fully encrypted network connection that any application can use (e.g. Skype, IM…).

Technical Stuff

VPN’s come in a number of different forms depending on the type of protocol they use, in other words the language they speak to communicate between the client and host. Most of the time this isn’t something you need to worry about but in case you see them mentioned the most common types are explained below:

Point-to-Point Tunneling Protocol (PPTP)

The PPTP specification was developed primarily by Microsoft and nearly all versions of Windows include built-in client support for this protocol. PPTP establishes the tunnel but does not provide encryption. It is used in conjunction with an encryption protocol to create a secure VPN. PPTP has relatively low overhead, making it faster than some other VPN methods. PPTP has been criticized in the past for various security flaws; many of these problems have been addressed in current versions of the protocol.

Layer Two Tunneling Protocol (L2TP)

As a competitor to PPTP, L2TP was developed by Cisco and is implemented primarily in their products as well as recent versions of Windows. L2TP has several advantages over PPTP; it requires the use of digital certificates for peer authentication (confirmation that the user is who they say they are), provides data integrity (protection against modification of the data sent between the sender and the recipient), data origin authentication (confirmation that the user who claims to have sent the data really did), and replay protection (which keeps a hacker from being able to capture data that is sent). On the other hand, the overhead involved in providing this extra security can result in slightly slower performance than PPTP.

Internet Protocol Security (IPSec)

IPsec is actually a collection of multiple related protocols. It can be used as a complete VPN protocol solution or simply as the encryption scheme within L2TP or PPTP. IPsec supports peer authentication, data integrity, data origin authentication, data confidentiality (encryption), and replay protection.

Secure Sockets Layer (SSL)

An SSL VPN is a form of VPN that can be used with a standard web browser (Internet Explorer, Firefox, Google Chrome, Safari etc.) without the need to install specialised client software. There are two major types of SSL VPN’s: portals and tunnels. The former provides access to pre-defined list of sites, while the latter provides transparent access to any site. The disadvantage of SSL VPN’s is that some web applications may not function correctly, depending on how they’ve been built, without installing a browser plugin.

OpenVPN

OpenVPN is not a protocol but an open source (free) application that implements VPN techniques for creating secure point-to-point or site-to-site connections over the internet using SSL encryption. It has become popular since it has the ability to work through most proxy servers and is good at working through Network address translation (NAT) and getting out through firewalls. It is provided by many personal VPN providers as the client software which users must download and install to connect to their service.