Sticky Banner Visual DesktopSticky Banner Visual Mobile

Only 11 days to kickoff. Get your World Cup VPN: 80% OFF.

Only 11 days to kickoff. Get ready with: 80% OFF. Try it risk-free.

Try it risk-free.
  • Glossary
  • What is a VPN gateway? | ExpressVPN Glossary

Expressvpn Glossary

VPN gateway

VPN gateway

What is a VPN gateway?

A VPN gateway is a component of a network device or service that functions as an entry/exit point for a virtual private network (VPN). It’s responsible for encrypting data and forming secure tunnels between different networks.

How does a VPN gateway work?A step-by-step visualization of how VPN gateways work.

A VPN gateway functions as follows:

  1. The client initiates a connection to the gateway.
  2. The gateway and client negotiate the parameters of the predetermined VPN protocol, a set of rules to define how data will be encrypted and transmitted, such as OpenVPN or Internet Key Exchange version 2 (IKEv2).
  3. The gateway authenticates the client, typically via certificates or credentials.
  4. Encryption keys are established through a key agreement mechanism such as Diffie-Hellman.
  5. The gateway forms a secure tunnel with the client.

With the connection established, the gateway enforces security policies and controls traffic routing.

Where are VPN gateways used?

VPN gateways are used anywhere private networks require secure communications with other networks over the internet. In business networks, they typically provide and manage secure access to resources for remote workers.

Commercial VPN servers also use VPN gateways, though their purpose differs. Their gateways act as an intermediary between the user and the internet.

Why is a VPN gateway important?

  • Access control: Gateways provide a single entry and exit point, allowing strong control over who can access a private network.
  • Data security: Encryption, secure protocols, and user authentication help protect the network and its connections.
  • Centralized processes: Gateways centralize important VPN processes, making security and policy enforcement easier.

Key considerations for VPN gateways

  • Configuration: Setup can be complex depending on the size of the network and its requirements.
  • Latency and overhead: Constant encryption, decryption, and authentication can take up network resources.
  • Scalability: Scaling a VPN often requires additional gateways or hardware upgrades.
  • Single point of failure: Gateways provide a single entry and exit point for a VPN. If a private network only uses one gateway, technical issues or maintenance can cause disruptions.

Further reading

FAQ

Is a VPN gateway the same as a VPN server?

Not entirely. A VPN server can be a type of VPN gateway, but not every gateway is a server. The term “VPN gateway” is broader, referring to any network-level entry point that establishes and secures VPN tunnels between senders and receivers of data.

What’s the difference between site-to-site and remote-access gateways?

Site-to-site VPN gateways connect entire networks to one another, like office and cloud networks. Remote-access gateways are used by individual clients (for example, remote workers) to securely connect their devices to private networks.

Which protocols do VPN gateways commonly use?

Some of the most common protocols used by VPN gateways include Internet Protocol Security (IPsec), Secure Sockets Layer (SSL) / Transport Layer Security (TLS), WireGuard, and OpenVPN.

How do you harden a VPN gateway against attacks?

You can harden VPN gateways by using strong authentication measures to control who can connect to them, as well as secure protocols and encryption standards. Keeping the gateway patched and monitored is also recommended.

Can a VPN gateway cause IP/DNS leaks?

Yes, a VPN gateway may contribute to IP or Domain Name System (DNS) leaks if it isn’t configured correctly. Misconfiguration issues could cause DNS requests to bypass the secure tunnel, for example.
Get Started