Skip to content

Virtual Private Network (VPN)#

We've already covered the concept of IP routing. When you try to connect to an IP address a routing table is consulted to determine where the data needs to go. Well a VPN essentially configures manipulates that routing table so that traffic - all, some or nothing - goes over an encrypted connection to another, usually private, network, and then to the target you requested.

Let's visualise this:

Simple VPN Connection

Simple VPN Connection
(Michel Bakni, CC BY-SA 4.0, via Wikimedia Commons)

We can see the client, on the left, connecting to a server, on the right, over the public Internet. Instead of having all of the data they're sending going through the general, public routing system as is, the VPN is encrypting the data on the client first and then sending it to the VPN server on the server-side of the connection. The VPN server then routes the traffic to the target server the client asked for.

Let's imagine the client is a web browser and the server is a web server. Let's also imagine the server is private and is not on the public Internet. In fatc it has no public facing IP address at all, so it's impossible to reach the server via the public Internet. How do you get there?

The client system has an internal IP of 192.168.1.5. The server's IP is 10.0.1.10. They're noth private, internal IPs that cannot be routed over the Internet.

When the client successfully connects to a VPN server that's also in the same network as the web server, the client's route table is updated to contain information about the remote, private network. That's the same network that 10.0.1.10 is in. Let's say it's 10.0.1.0/24.

So essentially the client becomes a "member" of the remote network - 10.0.1.0/24 - because the VPN makes that possible. Now when the client tries to access TCP/80 (or TCP/443) on 10.0.1.10, their VPN connection routes the traffic over the public Internet, encrypted, and to the remote network, which then routes it internally to the requested IP address.

Now the client can access the private, internal network.

Don't worry if this isn't making too much sense right now. It's not an easy topic to understand. Just know that a VPN lets your local system become a part of another, remote network. The traffic still goes over the public Internet's infrastructure - all the routers routing the packets - but it's encrypted.