How Does A VPN Work?

As the Internet has continued to grow in popularity, companies have started to use it as a way to extend their own various networks. Intranets were the first to be introduced. These are sites that can only be used and accessed by employees of a specific company. However, companies have now started to create Virtual Private Networks (VPNs) for their own use as a way of accommodating the requirements of employees that are working from home or in offices that are in other states or countries.

A standard VPN will usually contain a primary local-area network (LAN) located at the company’s corporate headquarters, various LANs located at remote facilities or offices and users that are able to connect individually from out in the field. A VPN is a network that is private that utilizes the Internet or some other public network to facilitate the connecting together of users or remote sites. Rather than using a connection that is real-world and dedicated, a VPN utilizes connections that are virtual and routed through the Internet. The connection originates at the company’s private network and goes to a remote employee or site.

VPNs are generally found in the following two types:

1. Site-to-site

A business is able to connect many fixed sites over the Internet or another public network. This can be accomplished by using large-scale encryption and dedicated equipment. All of the sites only require a local connection to the public network. This allows the company to reduce the amount of money spent on long private leased lines. VPNs that are site-to-site can be classified into extranets or intranets. A VPN that is site-to-site and built between the same company’s offices is called an intranet VPN. An extranet VPN is used to connect a business to its customers or partners.

2. Remote-Access (also referred to as a Virtual Private Dial-up Network or VPDN)

This is a user-to-LAN connection that is utilized by businesses that have employees who do their job remotely from various locations and need the ability to connect to the private network. Usually, a company that wants to create a remote-access VPN will give an Internet dial-up account to all of their users. They will do this through an Internet service provider (ISP). The employees who are doing their jobs remotely will then be able to dial a 1-800 number to make contact with the Internet. They can use VPN client software to gain access to the company’s network. A large company with many sales people working in the field would be an example of a business that would require the use of a remote-access VPN. Remote-access VPNs provide connections that are both encrypted and secure between remote users and the private network of a company via a third-party service provider.

A VPN that is well-designed can provide a host of benefits to a company such as:

– Provide faster Return On Investment (ROI) than traditional WAN
– Provide global networking opportunities
– Increase productivity
– Reduce operational costs versus traditional WANs
– Provide telecommuter support
– Simplify network topology
– Reduce travel expenses and transit times for remote users
– Extend geographic connectivity

A VPN that is well-designed should incorporate all of the following features:

– Policy management
– Scalability
– Security
– Network management
– Reliability

Security mechanisms

As a means of preventing classified information from falling into the wrong hands, VPNs use encryption techniques and usually only allow remote access that can be authenticated. Encryption and tunneling protocols are used by VPNs to provide security. The security model used by VPNs provides:

– message integrity as a means of detecting if any transmitted messages have been tampered with
– the authentication of senders to prevent access to the VPN by users who are unauthorized
– confidentiality so that even if the traffic of the network were infiltrated at the packet level, encrypted data would be seen by the intruder


Prior to any secure VPN tunnels being established, the authentication of tunnel endpoints must take place. Remote-access VPNs created by users can utilize two-factor authentication, biometrics, passwords or other various cryptographic methods. Digital certificates or passwords are often utilized by network-to-network tunnels. The key is permanently stored to enable automatic establishing of the tunnel, without the user needing to intervene.

Mobile VPN

When a VPN’s endpoint is not fixed to only one IP address, a mobile VPN is used. In these situations, the endpoint of the VPN roams across different networks. These can include multiple Wi-Fi access points or cellular carrier data networks. In the law enforcement profession, VPNs provide officers with access to applications that are important to various missions, such as criminal databases and computer-assisted dispatch. Mobile VPNs are also being used by professionals who are constantly traveling and require access to connections that are reliable to conduct important business transactions.