VPN tunnel

Stumbling across the word ‘tunnel’ in the context of Virtual Private Networks could be confusing. It’s not about any underground wires! This is simply a comparison, a word to describe a piece of Internet architecture in simple terms. Read on to learn all about it!

What is a VPN tunnel?

A private VPN tunnel has nothing to do with underground roads. In the real world, a tunnel connects two places, avoiding terrain obstacles. In IT reality, it is a direct connection that exists between two points that are not usually normally supported. This calls for an example. 

When you want to make a straight link between two separate networks, you need to transfer data over the WAN (Wide Area Network) between them. The problem arises when they both use a web protocol different from the one employed in the WAN. The solution is to ‘wrap’ the data with another, supported protocol in the encapsulation process. The inside becomes the payload, and the outside is called a tunneling protocol. It carries information as if it wasn’t already carried by another mechanism. The inside is hidden, as if in a real, underground tunnel.

How does VPN tunneling work?

In many web protocols, information is divided into portions called frames or packets. A packet often consists of two parts:

• header – contains data destination, length, protocol applied, and other info needed during the transfer;
• payload, which is the actual carried information.

Encapsulation is a common method of carrying information in all kinds of computer networks. It simply means that a whole packet is treated as a payload by a different protocol. It can be done several times. This increases the number of headers that don’t contain the actual requested information. So the more times encapsulation happens, the slower the download speed becomes because less space is left for the real payload. It is still the most optimal way to pass data over thousands of kilometers, where various network nodes and IT systems are employed for the best performance.

VPN and tunnel encryption

When you obtain the VPN for personal use, it works as an extension of a given private network to a remote host – your device. Another type of VPN connects two sites, for example, offices of the same company located in different cities. In both cases, it’s not surprising that VPN utilizes tunneling.

The greatest advantage of a VPN is how it enhances online surfing security. The principle of such protection is VPN tunnel encryption. Note that encapsulation, as described above, does not imply anything about safety. The payload packet might be simply copied into the delivery packet, thus still being explicitly visible. This is fine in multiple applications when the objective is to transfer and route the data, not protect it. For example, the TCP/IP suite of protocols provides multiple levels of encapsulation for every piece of data you download.

But loading a packet into another packet might signify much more. The data is rendered completely unreadable if it is fed into an encryption algorithm first. A VPN assumes the protection of data and privacy of its users, so it always uses ciphering. The modern cryptography standard is AES (Advanced Encryption Standard). In a well-designed system, it would take at least thousands of years to crack, even with the most powerful supercomputers in existence. This is why the US government has approved AES for use in encrypting classified national security information.

Secure VPN tunnels – protocols

The first protocol employed in VPN was PPTP (Point-to-Point Tunneling Protocol). It did not provide inherent encryption, although it was implemented in all serious applications. Unfortunately, many security vulnerabilities were pinpointed in it over the years. Nowadays, it is obsolete. Another unencrypted protocol is L2TP (Layer 2 Tunneling Protocol), which works in the second layer of the Internet Protocol stack. It is used together with the security protocol IPSec. Another popular combination is IKEv2/IPSec. It stands for Internet Key Exchange, version 2, and Internet Protocol Security. It is popular on mobile devices because it can efficiently reconnect when a network is changed while traveling.

The protocol most recommended by IT professionals is OpenVPN. It always comes with strong encryption, using an efficient variant of AES by default. It is open-source and proven to be very safe, although noticeably slower than PPTP. Not every encrypted VPN tunnel uses this system, but experts treat it as a golden standard. Others are compared to it regarding versatility, openness, and safety.

VPN vs tunnel

Those two terms might be sometimes used interchangeably, but it is a little misleading. A tunnel is an analogy describing a more general networking mechanism, used very widely in many telecommunication systems. Hence came the name ‘tunneling protocols’, which are practical applications of such metaphors. A VPN uses one of such protocols and adds encryption in order to build a certain network structure. There are several variants of such architectures: host-to-site, site-to-site and mixed, as they are not mutually exclusive. 

Remember that not all tunnels are equal. The greatest concern is their security. Even if a solid ciphering system is employed, there can be many weak spots left. Such vulnerabilities are constantly being discovered and fixed, that’s why the protocols are evolving into newer versions. OpenVPN is considered the safest, and PPTP has been proven flawed. L2TP had been speculated, but not proven to be breakable.

Now that you know exactly what is a secure tunnel, VPN technology should be more comprehensible. When choosing a specific service, consider carefully what technologies are applied under the hood. Remember that although safety is crucial, it is not the only factor. Users would also like their connection to be fast, uninterrupted, and easy to use. Learn more on the blog and browse safely!

BackNext article