vpn security vortex

Whether you’re thinking about using a VPN service or you already do, you’re probably wondering just how it all works. It can seem a complicated business, described in unfamiliar terms like “tunneling” and “encapsulation.”

You already know a VPN secures traffic between your device and the VPN servers, so hackers and spies can’t see your data while it’s in transmission (or your IP address). But how exactly does it do that?

Let’s take a look at the fundamentals, starting with what a VPN, or ‘virtual private network,’ is.

VPNs are private networks inside the internet

It’s there in the name: a VPN is a private network. There are many such networks, like ExpressVPN. As with any private network, the information you send and receive on a VPN is walled off from other computers and the internet.

It’s a bit like your home or business network – the one you use to share files between devices across your router. Nobody outside the network can see that data if your network is properly secured (for example, with WPA2 encryption). That’s why a VPN gives you security.

The key difference is in the “virtual” part of VPN. Your home or business network is secure because it’s physically separate from the internet. (You could unplug the Internet connection and still share local files on it, if you wanted.) A VPN, on the other hand, is accessed through the Internet.

Your data and identity, therefore, have to be secured in other ways.

How to connect to a VPN

How can you connect to a private network over the notoriously public internet? To use a VPN, both the network server (at the VPN provider’s side) and the client (your computer) need dedicated software.

On the provider’s side is a remote access server (RAS). It’s this RAS that your computer connects to when using a VPN. The RAS requires your computer to provide valid credentials, which it authenticates using any one of a number of authentication methods. That’s the VPN’s first layer of security – but it certainly isn’t the last.

On the client side, your computer uses client software to establish and maintain your connection to the VPN. The client software sets up a tunneled connection to the RAS, as well as managing the encryption that secures your connection. Let’s have a closer look at what these are.

Tunneled connections

Tunneling is a process by which data is sent privately over the internet, via a VPN.

To understand tunneling, we have to remember that all data transmitted over the internet is split into small pieces called “packets.” Every packet also carries additional information, including the protocol (such as HTTP, Telnet, Bittorrent and so on) it’s being used for and the sender’s IP address.

On a VPN’s tunneled connection, every data packet is placed inside another data packet before it is sent over the internet. The process is called encapsulation.

It’s easy to imagine how useful encapsulation and tunneling are in securing your data. The outer packet provides a layer of security that keeps the contents safe from public view.

Encrypting the packets

It’s not enough just to tunnel data sent over a VPN. The next layer of security is encryption, where data is encoded so that packets can only be read by your VPN client and server, which are securely connected together.

VPNs can use a number of security protocols to encrypt data. The most common are IPsec (Internet Protocol Security) and OpenVPN. They work by:

  1. Encrypting each encapsulated data packet’s contents with an encryption key. The key is shared only between the VPN’s server and clients.
  2. Using a sub-protocol called Encapsulation Header to hide certain packet information, including the sender’s identity, during transmission.

These two key features, along with others, keep your data and identity private online.

That’s just the beginning

Tunneling, encryption, and authenticated connections: these are the three fundamental features that make VPN security work.

ExpressVPN takes every measure to secure your internet connection and keep out prying eyes. For more information, take a tour of ExpressVPN.


Click here to go back to ExpressVPN’s internet privacy guides

12 thoughts on “How Does VPN Security Work?

  1. When using a PN it seems only the data between my computer and the VPN server (or NAS) would be protected (in the tunnel and encrypted)? Even if both endpoints were using VPN technology there would still be “holes” in between where unprotected data would travel the internet? For true end-to-end protection wouldn’t one (or two in this case) need to be on the same VPN provider’s network? Along this same line of thinking, when accessing any URL on the internet, all bets are off… again, you are only protected for a potentially short piece of the path and then, short of doing a trace, you have no idea where our data is “traveling” thru the internet!

    1. Hi! You are right, a VPN connection is not true end-to-end encrypted. HTTPS connections are, but not all sites and services support these. When using a VPN all data is encrypted between your device and the VPN server, which depending on your usage helps with privacy and security.

  2. How does one connnect the VPN code to a router? Doesn’t a down load and log in of software and password need to be required for it to be up and running? And do all VPN cost a monthly fee? Forgive my ignorance I’m trying to get my head around this concept.

    1. Hi Troy!
      Many routers, especially DD-WRT routers come with OpenVPN or IPSec pre-installed, meaning you only need to enter the config files into the interface of the router. We also sell routers with ExpressVPN software for which no configuration is necessary.

  3. Can your Anti Virus software betray your identity on a VPN by transmitting a unique identifier which can then be linked to you? Or is that also encrypted? For example ESET.

    1. That is possible, and it largely depends on how this identifier is created, and what information is transmitted. Best to check your AntiVirus’ privacy policy!

    2. If I am searching the patent office for existing patents using a VPN can hackers see what I am searching for.. If so, the hacker would be able to determine very easily my idea for an invention and pursue it themselves. If not how so.

  4. I have recently got the National Broadband Network here in Australia (NBN). My home network consists of 2 PC’s and 2 Laptops and an Apple tablet operating through one Internet Provider. Does a VPN require access to one specific PC/Laptop/tablet or is the network covered as a whole network working through one device?
    Cheers, John C, Crib Point, Victoria, AUSTRALIA

    1. You can install the VPN on your router (which counts as one device) to protect your entire network. Alternatively you can install it separately on each device.

  5. Do I need VPN for my home computer with a 256 inscription router? Does your product only cover one computer or al my devices; desktop, laptop, android, iPhone 5, kindle?

    1. You can connect up to five devices at the same time. One of these devices can be your router, which means you can secure an unlimited number of devices by simply connecting through this router. This protects everyone and everything in your home from your Internet Service Provider.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>