Unless you already “speak geek,” or have a background in information technology, it’s pretty difficult to unravel technical concepts and understand what a VPN (Virtual Private Network) tunnel is.
To make matters worse, the average web surfer doesn’t know how the Internet works on a technical level. We’re going to explain all of this and more, but first, we need to start with the fundamentals.
So let’s start with a brief discussion about IP addresses.
Understanding IP Addresses
At one time or another, you’ve likely heard the term “IP address.”
Technical manuals are usually choking on jargon and cryptic terminology, with action films bandying about the words “IP address” left and right — which at least helps familiarize everyone with the term.
Films such as The Matrix and Die Hard 4 always have at least one scene in which a hacker scans the computer screen for an IP address.
But what are they and what do they do? Well, IP addresses are fundamental to the exchange of data transmissions across the Internet.
You see, networks need a way to identify individual computers, and the web system works in a very similar manner to the post system.
For instance, if you wanted to mail a letter, you’d first need to know their home address – which must be unique.
If there were two houses with the same address, the postman could never deliver to the correct destination. Also, it would help to put a return address on the letter, thus allowing your message to travel in the reverse direction.
Without a type of addressing system, computers would never know where to send data or how to download HTML (Hyper Text Markup Language) from the correct web server.
So, IP addresses were created to identify computers, as opposed to homes.
With exception to private IP addresses (RFC 1918), they are globally unique. Though we won’t delve into the differences between public and private addresses, as they are outside the discussion’s scope, go ahead and consider the following examples:
Notice that each IP addresses is comprised of four separate numeric values — between 0 and 255.
Each of these values are called octets, because they are 8 bits long – meaning that each IP address is 4 bytes long.
Now take a moment and consider what this means regarding privacy.
If each computer has a globally unique IP address (for the most part), it becomes much easier for:
- Telecommunications companies
- Website administrators
To track which computer accessed a particular website.
That’s right – every time you log in to a website or browse the Internet, it’s possible for ISPs to track your online activities.
What’s even scarier to know they have the power to see what kind of data is flowing over network mediums like:
- Wireless connections
And not only who the sender and receivers are.
Understanding Packets and Payloads
The next point we need to discuss before understanding VPN tunnels is a term called “packets”. Whenever a computer system transmits data through the Internet, they use a protocol called IPv4 (Internet Protocol version 4).
This protocol is where IP addresses get their name.
But to send data to another system, a computer must first break the data down into smaller bite-sized chunks to transmit it across a network medium, such as an Ethernet cable or wireless radio signal.
Within IPv4, the smallest individual unit of data that can be transmitted is called a packet.
The structure of each packet is uniform, and contain crucial information.
There are many fields and types of data contained in a packet, but from a high-level perspective, there are essentially two fields that we care about: the header and the payload.
Within the header, you’ll find a lot of detailed information such as the:
- Source IP address
- Destination IP address
- A header checksum
- Protocol data identification
Essentially, the header contains all of the overhead necessary to send data from point A to point B.
Conversely, the payload contains data that is sent to a remote system.
For example, in an Instant Message conversation, text and characters typed in the chat window will be carried within the packet’s payload.
But here’s the catch: IPv4 doesn’t have a default encryption mechanism, meaning that all data is sent in clear text by default.
So, returning to the IM example, it’s possible for a third-party to examine any given packet’s payload, to see what each user is typing.
Fortunately for Internet users around the world, there’s a straightforward and practical way, to prevent people from snooping through a packet’s payload.
And the solution is, of course, encryption.
Encryption Technology Basics
Encryption technologies incorporate extremely complex mathematical formulas, which scramble the bits of a packet’s payload in such a way, that it’s impossible to decode without a proper key.
Here are some of the most commonly used VPN protocols:
- PPTP (Point to Point Tunneling Protocol)
- L2TP (Layer 2 Tunneling Protocol)
- IPSec (Internet Protocol Security)
- RSA (Rivest-Shamir-Adleman)
- AES (Advanced Encryption Standard)
There are many different types of encryption protocols, and each have their own respective drawbacks, advantages, and algorithms.
What is a VPN Tunnel?
Now that we understand IP addresses, packets, payloads, and the basics of encryption, we can finally tie these concepts together with a VPN tunnel.
The most basic definition for a VPN tunnel is an encrypted connection between two remote systems. There are many types of VPN tunnels, but we’ll focus mostly on site-to-site, and client-to-server VPN tunnels.
When a user connects an individual device – be it a smartphone, laptop, or tablet – they are creating a VPN tunnel on the timeless client/server model.
The user has created a VPN tunnel between their device and the VPN server. A user first sends all of their data to the VPN server, and then, the server forwards data to the appropriate destination.
Until the user’s data has exited a tunnel’s endpoint, it’s encrypted and protected from:
- Security agencies
Nevertheless, after the VPN server decrypts data, it will still travel through some portion of the Internet in an unencrypted format.
The VPN server really acts as an intermediary system, which makes requests on behalf of the user.
Instead of a computer or smartphone requesting data directly from a web server, a VPN server makes the request, and then forwards data on to the VPN connection’s endpoint device.
In this regard, the VPN server acts as a middleman, which is commonly called a proxy server or simply just a proxy. Not only does the VPN server protect data with encryption, but it also hides the computer via IP address masking.
Packets containing source and destination addresses originate from the VPN server, so web servers won’t be able to see a user’s true source IP address from the requesting computer system.
How can we help you?I'm looking for ... and
Essentially, this system allows a user to hide their true IP address.
Now, take a moment to consider a site-to-site VPN tunnel. With a client/server VPN connection, only one computer system’s data is secured.
However, it’s possible to terminate the VPN connection between a wireless router and a VPN server. Doing so, allows the router to encrypt all data flowing through it, thus providing encryption for a virtually limitless number of devices.
Furthermore, site-to-site tunnels offload processing overhead from an end-user computer to the router, which frees up local hardware resources.
Lastly, a site-to-site tunnel is an “always on” VPN connection (with the exception of technical failures and dropped connections), making it unnecessary to login every time a user wants to secure their data.
Advantages of VPN Tunnels
There are many advantages VPN tunnels have that surpass the raw security of encryption.
VPN tunnels are advanced proxy servers that have the added benefit of encrypting data, but there are several other important features — such as privacy.
As mentioned previously, VPN servers mask IP addresses, which makes it nearly impossible to see which computer requested information from a web server.
But also realize that VPN servers help unblock geo-restricted websites and data.
Sometimes web services are only available in select geographic locations, due to:
- Governmental censorship
- Trade laws
- Copyright enforcement
- National finance regulations
- Licensing agreements
At other times, a government may coerce an ISP into blocking content, because it is deemed religiously or politically offensive.
The Achilles heel of such endeavors is that most censorship programs block incoming connections based upon IP addresses.
By “borrowing” an IP address from a VPN server (e.g. IP address masking), it’s quite simple to circumvent such restrictions.
In summary, here are the advantages of using a VPN tunnel:
- Encrypted data payloads make interception by third-parties impossible
- Masked IP address add an extra layer of privacy
- LAN hackers can’t steal data passed through a VPN tunnel
- ISPs can’t see traffic being passed through the tunnel, circumventing bandwidth throttling
- Geo-restricted content can be freely accessed
Remember that a VPN tunnel is, at its most basic, an encrypted connection between two endpoints, making it impossible for third-parties to read data sent through the tunnel.
VPN tunnels are one of the easiest ways to bolster personal online privacy and Internet security, and they’re pretty darn cheap, too.
I’ve even seen one provider run a promotion charging a mere $2.08 per month, though each provider ranges in prices, features, and the number of global connection options offered.
And if you think all of this security is unnecessary, I’d urge you to reconsider.
We live in the digital age, and every day there’s a new headline of a hacker who stole millions of dollars, or the latest wiretapping scandal – such as Edward Snowden’s revelations about the NSA’s domestic surveillance system called PRISM.
Though it may be impossible to find out if someone has intercepted personal information in some instances, other times, a small data leak could cause life-changing disruptions, as is the case with identity theft. Using a VPN tunnel will not only help make you invisible online, but it will also protect data with encryption and help unblock geo-restricted content.
Feel free to leave comments or questions below.