A Virtual Private Network (VPN) is essentially a private network created over a public network, used to ensure security and privacy of data sent over it. It establishes a secure network connection over the internet or a public network to enable users to send and receive important data in the most protected and secure way.

Many government organisations, banks, educational institutions, and companies take advantage of VPNs on a daily basis, to share sensitive information between satellite offices, or allow access to such data to remote workers. Well-funded users like these made VPNs popular in the 1990s.

It wasn't until mid-2000 that VPNs became popular for home users and enthusiasts too. The rise of government surveillance and censorship on the Internet and exposure of questionable ISP actions brought the topic of privacy to the mainstream headlines. Add to that the insecurities of Wi-Fi hotspots and increasing vulnerabilities in consumer devices and it's easy to see why VPNs became popular. More on that later.

The last few years have seen changes in Internet infrastructure which affect us all. A technology designed to serve content faster was repurposed by media companies to block or restrict access based on geographic location, re-enforcing the outdated concept of media regions. Some VPN services allow you to unblock this content by changing your public IP address and, therefore, where it thinks you're connecting from.

Further, users of P2P file sharing have been receiving demands for hundreds of thousands of dollars for sharing copyrighted material when, in fact, they hadn't. ISPs track P2P usage and share user information with media companies and lawyers ready to pounce even when there isn't a case to be had.

As you can see there's a lot of good reasons to think about getting a VPN. So let's dive in and understand a bit more about how a VPN works.

The Internet without a VPN

We should start by understand a typical Internet connection without a VPN. As soon as you connect to the Internet, your broadband router or cellphone service connects you to your Internet Service Provider (ISP). Your service provider then provides connection to your desired website, mail server, file sharing peers, etc.

Internet connection without a VPN

As you can see your data or traffic passes through many corporate entities, sometimes unencrypted. Many ISPs keep logs of your traffic, tied to your identity, for many reasons (a topic for another article). Websites you connect to will also attempt to link your browsing activity with your identity, often with the help of a third-party advertising company such as Google.

Overview of a VPN

When you use VPN, you connect to a server (operated by your VPN provider) via an encrypted connection, referred to as a "VPN tunnel". Consequently, all browsing data travels between your PC and the VPN server through the tunnel. Only you and the VPN provider can see this data.

Internet connection with a VPN

Your PC knows its connected to the Internet via a VPN tunnel and directs (or "routes") your traffic accordingly. Traffic routed through the VPN is encrypted on-the-fly. Strong encryption will slow down a connection a little, depending on your CPU power, but it shouldn't be too noticable.

Your VPN provider decrypts this traffic, changes it slightly (to appear to come from the VPN endpoint rather than your PC), then sends it to the destination over the regular Internet. Replies are received to your VPN provider, who encrypt it and send it back to your PC.

Your ISP, on the other hand, won't know what kind of traffic is being tunneled. Encryption prevents them from using Deep Packet Inspection to monitor P2P traffic, browsing habits, games and so on. Some VPNs even use a "stealth mode" to make VPN traffic look like regular encrypted web traffic, they won't even know a VPN is in use.

Commercial VPNs like this differ from a corporate VPN. Usually a corporate VPN will provide end-to-end encryption from a headquarters to a satellite office, for example. A commercial VPN for home use only encrypts the connection between your PC and the VPN provider. Traffic is sent onwards to its final destination as normal.

The VPN software client

Running a VPN requires a software client to be installed on your PC, unless you use a VPN on your broadband router or firewall/gateway (advanced users). Some commercial VPN providers have their own branded VPN client, others rely on open source software like OpenVPN (Windows/Linux) or Tunnelblick (macOS). Branded clients will have a few bells and whistles but the underlying technology is the same.

A VPN client is actually a whole bunch of technologies packed into one easy-to-use installer, and it does a lot more than just encrypt your Internet traffic. It carefully checks the identity of the VPN server each time you connect, to prevent a malicious snooper from pretending to be an official VPN endpoint, and likewise the VPN server carefully checks your VPN client identity too. Then your user credentials are checked to ensure you're a paying subscriber. Finally two data channels are initiated - the control channel (used for sending metadata and information about the VPN connection) and the data channel (used for actual encrypted data). The encryption methods used on those channels are negotiated between your VPN client and the server to find one you can both understand.

These encryption methods and additional security measures are, for most people, the confusing bit. No surprises there - cryptography protects almost every secret on the planet right now. Its a modern arms race and the community is an eclectic mix of genius theories, exceptional engineers, hackers, million dollar bounties, government spies, and alleged murder. For now its enough to understand that your VPN client does some clever math which, in theory, only your VPN server can understand.

VPN endpoints

A common use of VPNs is to bypass website or stream blocking based on detection of your country or "geolocation". Such websites detect your location using your IP address. Using a VPN masks your home IP address, changing it for the IP address of the VPN server or "endpoint". Almost all commercial VPNs operate more than one endpoint, usually in many countries around the world, for this purpose.

As a VPN user you can change your IP address and detectable geolocation by changing VPN servers. Often this is enough to trick the website or streaming service into granting access to you. Some stream services like Netflix are getting wise to this and are actively blocking VPN connections.

This is where having a custom VPN client from your provider is useful, they often include a menu for quickly switching between VPN server countries. Using OpenVPN is a little less convenient - each country endpoint will have its own configuration file (.ovpn file) which you'll need to load before connecting.

VPN leaks

OpenVPN and the majority of VPN clients are excellent at what they do. Unfortunately there are some circumstances where your private data could "leak". That means the data, or parts of it, are accidentally (or maliciously) routed outside of the VPN tunnel over your plain Internet connection. Using a reputable VPN company with their latest VPN client is often protection enough against leaks.

Using a VPN on the router

Installing the VPN configuration on your broadband router extends protection to all devices connected to your network. It only uses one "active device" or slot on your VPN plan regardless of the devices on your LAN (as many commercial VPNs limit the number of simultaneous connections). Instead of routing your network's Internet traffic through your ISP, it will encrypt and tunnel it to your VPN provider.

Running a VPN on your router is ideal if you have lots of devices. TVs, set-top boxes, games consoles, mobile devices, laptops and PCs can all get the benefits. And you only need to install and maintain it on one device instead of a dozen! If you're seriously into technology, or run a home network for your family or friends, this is the way to go.

Some routers have OpenVPN built right in. A broadband router is essentially a locked-down embedded computer, usually running a variant of Linux as the operating system. Some manufacturers install extra utilities like OpenVPN for power users to configure. A router given by your ISP may not have that functionality, or they might only offer a proxy option (not very secure at all).

Log in to your router's administrative panel and look for a VPN, OpenVPN, or private network settings page. If you have the option then follow the on-screen prompts to set it up, or if they're as bad as they normally are, contact your VPN provider for help with setting it up.

If your router doesn't support a VPN, it might be worth investing in a new router. Modern open-source routers are many times faster, more secure, and feature-rich than the generic routers provided by an ISP. Look for a router which supports OpenVPN or, if privacy and security is your primary concern, look for dedicated VPN appliances which may include a broadband router built-in, or may sit alongside your existing router (offsetting most of the workload).

Choosing a commercial VPN provider

So the next step is to choose a VPN provider and dive in. Arguably this is the most difficult part of installing a VPN! Wading through sales material to find the right VPN is time-consuming and confusing. Are they really safe and secure? Does it really unblock that website? That's why I set up ServerComparator.com to help new (and seasoned) users get onboard with the right package.

Don't panic. You can make mistakes. Most VPNs offer a money-back guarantee so, if you later realise they don't support your operating system or router, or they don't unblock XYZ, or even if you can't get past the first dialog box, they should refund you without argument on the first request. Also a reputable VPN provider will be more than happy to help you get set up and keep you as a life-long customer.

Things to look out for when choosing a VPN provider;

  • Active devices - most providers limit the number of devices/clients which can be logged in at any one time
  • Quotas - a few providers limit how much data you can transfer in a day or month, or throttle the speed
  • Jurisdiction - if P2P torrents are your thing, and you might accidentally share some copyrighted material, look for a VPN company based in countries with reasonable legal statutes such as Sweden
  • Security - if total security is required you should choose a VPN with secure encryption, as not all VPNs are configured for this
  • Speed - if gaming or video streaming is high on your list, you might look for a VPN with lower security measures (as they slow down your data transit)

In summary

That covers the basics of how a commercial VPN works and how to get started using a VPN. If you enjoyed reading, stay tuned for our VPN guides series which will go into more detail, but already you should be armed with enough knowledge now to get stuck in and set up your first VPN tunnel. Good luck!

About the author

John is a guest writer and technical author passionate about Internet technology. He enjoys keeping updated in the latest tech trends and emerging technologies and writing about them.