Expressvpn Glossary
SSL VPN
What is an SSL VPN?
A Secure Sockets Layer (SSL) virtual private network (VPN) uses Transport Layer Security (TLS) to create secure, encrypted connections over the internet (the term “SSL VPN” is a legacy name, as modern implementations use TLS).
SSL VPNs let remote users access resources on an internal network, either through a web browser or via a lightweight client application. The core purpose is to provide users with secure remote access to private resources.
How does an SSL VPN work?
SSL VPNs establish a secure connection to internal networks by following the below process:
- Login: A user initiates a connection from their device to the VPN gateway using a standard web browser or a specialized client application. The connection typically uses HTTPS, which ensures that this initial communication is encrypted.
- TLS handshake and secure session creation: The browser and VPN gateway perform a TLS handshake to establish an encrypted connection for future communication and data exchange.
- User authentication: The VPN portal prompts the user to authenticate. This process may require a username and password, multi-factor authentication (MFA), or digital certificates, depending on the VPN configuration. The authentication occurs over the encrypted session, keeping credentials safe.
- Secure session or tunnel creation: Once the user is authenticated, the SSL VPN establishes a secure session for browser-based access or a secure tunnel for wider device traffic, depending on the type of SSL VPN being used. This connection routes data to the VPN gateway while protecting it with TLS encryption.
- Access: The user can now access the network’s internal infrastructure securely through the encrypted connection.
Types of SSL VPNs
There are two main types of SSL VPNs:
SSL portal VPN
SSL portal VPNs (also referred to as clientless VPNs) allow users to connect to a private network directly through their web browser. They have a web-based login page where users can authenticate themselves; once logged in, the user can begin to send and receive data over the encrypted link with the relevant VPN gateway.
One key downside to SSL portal VPNs is that they’re limited to the browser and don’t encrypt any activity outside it.
SSL tunnel VPN
SSL tunnel VPNs use a client application installed on the user’s device to establish an encrypted tunnel to the VPN gateway. SSL tunnel VPNs provide broader coverage and flexibility than SSL portal VPNs, as the user isn’t forced to work within a web browser.
There are two common types of SSL tunnel VPN: thin-client and full-tunnel. Thin-client SSL VPNs route only selected applications or traffic through the VPN, while other traffic bypasses the tunnel. Full-tunnel SSL VPNs are designed to route all device traffic through the encrypted tunnel, offering maximum security, but requiring more configuration and potentially affecting performance.
Why is an SSL VPN important?
SSL VPNs provide secure remote access to company resources for workers, using tried-and-tested TLS encryption to protect data during transit. In the case of SSL portal VPNs, modern web browsers natively support TLS protocols, enabling immediate connectivity without the need for advanced configuration.
These VPNs also work well in environments with strict firewall rules because they typically use the Transmission Control Protocol (TCP) over port 443 (the same port used for HTTPS traffic). Since blocking port 443 would prevent regular web browsing, firewalls are less likely to block it outright, though some environments may still apply additional inspection or restrictions.
Further reading
- SSL VPN: A detailed guide
- SSL vs. TLS: Key differences and why TLS is better
- SSL VPN vs. IPsec: Which VPN protocol is right for you?
