Whether you’re thinking about using a VPN service or you already do, you’re probably wondering just how it all works. It can seem a complicated business, described in unfamiliar terms like “tunneling” and “encapsulation.”
You already know a VPN secures traffic between your device and the VPN servers, so hackers and spies can’t see your data while it’s in transmission (or your IP address). But how exactly does it do that?
Let’s take a look at the fundamentals, starting with what a VPN, or ‘virtual private network,’ is.
VPNs are private networks inside the internet
It’s there in the name: a VPN is a private network. There are many such networks, like ExpressVPN. As with any private network, the information you send and receive on a VPN is walled off from other computers and the internet.
It’s a bit like your home or business network – the one you use to share files between devices across your router. Nobody outside the network can see that data if your network is properly secured (for example, with WPA2 encryption). That’s why a VPN gives you security.
The key difference is in the “virtual” part of VPN. Your home or business network is secure because it’s physically separate from the internet. (You could unplug the Internet connection and still share local files on it, if you wanted.) A VPN, on the other hand, is accessed through the Internet.
Your data and identity, therefore, have to be secured in other ways.
How to connect to a VPN
How can you connect to a private network over the notoriously public internet? To use a VPN, both the network server (at the VPN provider’s side) and the client (your computer) need dedicated software.
On the provider’s side is a remote access server (RAS). It’s this RAS that your computer connects to when using a VPN. The RAS requires your computer to provide valid credentials, which it authenticates using any one of a number of authentication methods. That’s the VPN’s first layer of security – but it certainly isn’t the last.
On the client side, your computer uses client software to establish and maintain your connection to the VPN. The client software sets up a tunneled connection to the RAS, as well as managing the encryption that secures your connection. Let’s have a closer look at what these are.
Tunneling is a process by which data is sent privately over the internet, via a VPN.
To understand tunneling, we have to remember that all data transmitted over the internet is split into small pieces called “packets.” Every packet also carries additional information, including the protocol (such as HTTP, Telnet, Bittorrent and so on) it’s being used for and the sender’s IP address.
On a VPN’s tunneled connection, every data packet is placed inside another data packet before it is sent over the internet. The process is called encapsulation.
It’s easy to imagine how useful encapsulation and tunneling are in securing your data. The outer packet provides a layer of security that keeps the contents safe from public view.
Encrypting the packets
It’s not enough just to tunnel data sent over a VPN. The next layer of security is encryption, where data is encoded so that packets can only be read by your VPN client and server, which are securely connected together.
VPNs can use a number of security protocols to encrypt data. The most common are IPSec (Internet Protocol Security) and OpenVPN. They work by:
- Encrypting each encapsulated data packet’s contents with an encryption key. The key is shared only between the VPN’s server and clients.
- Using a sub-protocol called Encapsulation Header to hide certain packet information, including the sender’s identity, during transmission.
These two key features, along with others, keep your data and identity private online.
That’s just the beginning
Tunneling, encryption, and authenticated connections: these are the three fundamental features that make VPN security work.
ExpressVPN takes every measure to secure your internet connection and keep out prying eyes. For more information, take a tour of ExpressVPN.