A Virtual Private Networks (VPN) is a technology that allows a secure connection over a less secure network (such as the internet).
- VPNs enable private network users to send and receive data across shared or public networks as if they were directly connected to the private network.
- VPNs provide confidentiality, integrity, and security by encrypting data transmitted between the client and server.
Basic Architecture of a VPN:
A VPN consists of the following basic components:
1.) VPN Client (User’s Device):
The device used by the end-user (such as a laptop, smartphone, or desktop computer) to connect to the private network via the VPN.
- It runs VPN client software that establishes the secure connection.
2.) VPN Gateway/Server (Server-Side Component):
This is the server on the network side that establishes the VPN connection with the client. It authenticates and encrypts the incoming data from the client before sending it to the private network.
3.) Tunnel:
A secure “tunnel” is created between the VPN client and the VPN server. This tunnel ensures that the data is encrypted and cannot be intercepted by third parties.
4.) Private Network:
The private network, such as a company’s internal network, to which the VPN client gains access. This network is typically located behind the VPN server.
Types of VPNs:
1.) Remote Access VPN:
A remote access VPN is a type of VPN that allows individual users to connect securely to a remote network (usually a corporate network) over the internet.
- The client establishes a secure encrypted connection to the VPN server, allowing the user to access resources on the remote network as if they were physically connected to it.
Example: A remote employee accessing company resources while working from home.
2.) Site-to-Site VPN:
A site-to-site VPN connects two or more separate networks, typically over the internet.
- These networks could be offices of the same organization in different locations or different branches of an organization.
- It uses routers or dedicated VPN devices at each location to establish and maintain secure connections between them.
Example: A company with offices in multiple cities connects all of them to a central network securely.
3.) Client-to-Site VPN (or End-to-End VPN):
This type of VPN allows individual users (clients) to connect securely to a remote site or network.
- The client establishes a secure encrypted tunnel to access the private network.
Example: An employee using a laptop or smartphone to securely connect to the company’s internal network from a remote location.
4.) MPLS (Multiprotocol Label Switching) VPN:
An MPLS VPN is a specialized type of VPN that uses MPLS technology to establish secure virtual paths between different networks.
- MPLS VPNs are more commonly used by large organizations that require high-performance, scalable, and secure communication between offices or data centers.
Example: A multinational corporation uses MPLS VPNs to securely connect their global offices.
How VPNs Work:
The working of a VPN generally involves the following steps:
1.) Establishing the Connection:
- The user or client device runs VPN client software and connects to a VPN server. The connection is typically initiated using secure protocols like OpenVPN, IPSec, L2TP, or PPTP.
2.) Authentication:
- Once the connection request is received, the VPN server authenticates the client using a username, password, digital certificates, or multi-factor authentication (MFA) for higher security.
3.) Data Encryption:
- After authentication, the data sent between the client and server is encrypted using strong encryption algorithms. This ensures that even if the data is intercepted by unauthorized parties, it remains unreadable.
- Common encryption protocols include AES (Advanced Encryption Standard) and 3DES (Triple DES).
4.) Tunneling:
- The encrypted data is encapsulated into packets and sent through a secure “tunnel” to the VPN server. The tunnel ensures that the data passes through public or unsecured networks without being exposed.
5.) Data Transmission:
- The VPN server decrypts the data and forwards it to the private network, allowing the user to access the desired resources.
6.) Return Path:
- Responses or data from the private network are sent back through the VPN server, where they are encrypted before being sent through the secure tunnel to the client device.