What Is a VPN (Virtual Private Network)?

VPN software works by encrypting your web traffic and rerouting it through a remote server before reaching your desired website, service, or application.

There are several different types of virtual private networks but by far the most common are personal VPNs, which anyone can use on their devices.

In this beginner’s guide to VPNs, we’ll explain how they work, the different types of VPN configurations, the benefits and limitations of using a personal VPN.

A VPN works by establishing an encrypted connection between your device and a remote VPN server. This secure connection is known as the VPN tunnel.

Once connected, all the data leaving your device is routed through the VPN tunnel to the VPN server. The VPN server then forwards it on to the website you’re visiting, application you’re using, or company network you’re accessing remotely.

Data from the website or application then travels back to your device along the same route. It is first sent to the VPN server, which then transfers it through the VPN tunnel to your device.

There are five key stages to this process:

1. Handshake & Authentication

The VPN software on your device and the VPN server first authenticate themselves to each other. This is known as the VPN handshake.

During the handshake, the VPN client initiates a connection to the VPN server, indicating the intention to establish a secure tunnel. The two computers then verify their identities to each other using a password, digital certificate, or another authentication method.

Once authentication is complete, this connection is then used to securely share an encryption ‘key’ between client and server. This key is what is used to encrypt and decrypt the data at either end of the VPN tunnel for your entire browsing session.

2. Encryption

With the connection to the VPN server established, the VPN client on your device then uses the agreed-upon ‘key’ and an encryption cipher to encrypt all of your internet activity.

In simple terms, this means that all of the plaintext data associated with your web traffic requests will be converted into strings of letters and numbers that are only intelligible to someone with the decryption key.

3. Encapsulation

Your encrypted traffic is then wrapped in an additional layer of unencrypted traffic, which contains information about how to route it to the VPN server. This process is known as encapsulation, and is performed by dedicated VPN tunneling protocols.

This is like taking an envelope with a written letter inside, and putting it inside a second envelope with a new address on. Your actual message becomes completely hidden from the outside world.

Your VPN client then hands the encapsulated traffic over to your ISP, ​​which sends it to the VPN server. Due to the encryption, the only thing the ISP can see is the VPN server’s IP address.

4. Decryption, Forwarding, and Re-Encryption

Upon reaching the VPN server, this layer of encapsulation is removed, and the original data is decrypted using the encryption key.

This is like opening the outer layer of the letter to reveal the original message inside – thereby giving the VPN server access to the true destination of your connection request.

The server can then forward your request onto the website, service or application you require.

When the web server sends your request information back to you, it sends it to the VPN server where it is encrypted again and sent back through the VPN tunnel until it reaches your device.

The VPN client software on your device then decrypts the data, so that it can appear legibly on your screen.

5. Hash Authentication

As a final precaution, the VPN service also uses Secure Hash Algorithms (SHA) to authenticate the integrity of transmitted data and client-server connections. These ensure that no information has been altered in transit between source and destination.

If the alternative message the client generates differs from the alternative message the server generated, it means the message has been tampered with and so the data is rejected. If they are the same, it is accepted.

VPN Protocols & Encryption Ciphers

This process can involve different protocols and encryption ciphers, depending on the VPN service you’re using and how it’s configured.

The VPN protocol determines how the VPN tunnel is formed, while the encryption cipher is used to encrypt the data that flows through that tunnel.

Depending on the protocol in use, a VPN may have different speeds, capabilities, and vulnerabilities. Most services will let you choose which protocol you’d like to use within the app settings.

The encryption cipher is the algorithm (i.e. a set of rules) used to encrypt and decrypt data.

Ciphers are usually paired with a specific key-length. Generally, the longer the key length, the more secure the encryption is. For example, AES-256 is considered more secure than AES-128. Where possible, we recommend using a VPN with AES or ChaCha20 encryption.

There are different types of VPN depending on the type of connection a user requires.

Personal VPN services are designed for everyday internet users who want to improve their online privacy, security, and access. For this reason, they are sometimes referred to as consumer VPNs.

By contrast, remote access VPNs, mobile VPNs, and site-to-site VPNs are all types of business VPN. They are designed for remote employees to gain secure access to internal resources.

Below is a quick overview of the four main types of virtual private networks and how they differ from one another:

1. Personal VPN Services

A personal VPN service provides individual users with encrypted access to a remote VPN server that’s owned by the VPN provider.

It lets users create a secure connection to servers in a range of different locations, which they can then use to protect their identity, spoof their geographic location, and evade surveillance as they browse the internet.

They can be used on most devices, including iOS and Android smartphones, macOS and Windows computers, and even installed directly onto your WiFi router at home.

Personal VPNs are the most common type of VPN service, and are also the type of VPN we focus on here at Top10VPN.

2. Remote Access VPNs

Remote Access VPNs provide employees with encrypted access to a company’s internal network while working remotely. They are the most common type of business VPN.

Unlike personal VPN services, remote access VPNs aren’t designed for users looking to access online services and applications.

Instead, the purpose is to enable employees to access company resources, files, and applications securely regardless of their physical location, and to ensure that any company data transmitted is protected from unauthorized access or interception.

Popular examples of remote access VPNs include Access Server by OpenVPN and Cisco AnyConnect.

3. Mobile VPNs

A mobile VPN is similar to a remote access VPN in that it safely connects remote employees to a company network.

However, while remote access VPNs are designed for users working from a static location, mobile VPNs are designed for users who are regularly switching between cellular and WiFi networks or whose connection is likely to drop from time to time.

A mobile VPN is designed to stay connected despite these interruptions and instability. They are therefore particularly useful for mobile workers, such as firefighters or police officers.

Importantly, mobile VPNs are compatible with any device and any network connection. They are not only for smartphone users.

4. Site-to-Site VPNs

Site-to-site VPNs are used to securely expand a single company network to include multiple different premises or office spaces in different physical locations.

They differ from the other types of business VPN in that they are designed to connect two or more networks together, rather than connecting an individual employee to the office network.

As we mentioned above, at Top10VPN we focus primarily on testing and reviewing personal VPNs. And to this day there is still a lot of false or misleading information on what they can and can’t do.

This misinformation is far from ideal and makes it tricky for beginners to know whether they actually need a VPN or not.

So, let’s clarify a few things. A personal VPN has two primary benefits:

• It hides your IP address and geographic location from the websites, services and applications you use. Without this information, it’s much harder to link your online activity to your identity, in turn making it more difficult to track, profile, or block you.
• It hides your activity from your ISP or network administrator. Encrypting your data transfers makes it almost impossible for your ISP, mobile carrier, WiFi administrator, or eavesdroppers on a public WiFi network to see which websites you’re visiting, the files you upload or download, or any personal details you enter into HTTP websites.

Thanks to these two functions, a VPN can be used for various purposes related to improved internet privacy, security and access.

Here are the most popular reasons why people use a VPN, from a survey we conducted in collaboration with GlobalWebIndex:

And the table below summarizes everything you can and can’t do with a VPN:

What you can do with a VPN	What you cannot do with a VPN
Protect yourself from traffic interception and Man-in-the-Middle attacks when using unsecured public WiFi networks.	Protect yourself from all forms of cyberattack, particularly those that trick you into downloading malware or disclosing personal information.
Spoof your location in order to unblock geo-restricted movies and TV shows, video games, or sport events that are not available in your geographic region.	Hide your physical location from websites and applications that use WiFi Location Tracking. Most VPNs can’t spoof your device’s GPS location data, either.
Make it harder for ISPs, advertisers, schools, employers, and government agencies to monitor and record your browsing activity.	A VPN will not stop a determined entity from tracking you via cookies, fingerprinting, or behavior profiling, for example.
Prevent your ISP from throttling your connection while streaming, gaming and torrenting.	Watch Netflix, HBO Max, or any other streaming service for free.
Access websites and material that’s censored by the government, or unblock websites at school and work.	Hide your browsing activity from employers and school WiFi admins that use screen monitoring software.
Bypass IP-based website bans.	Prevent your ISP from knowing your real IP address and location.
Avoid location-based price discrimination while shopping online.	Avoid price discrimination tactics that rely on tracking cookies or other forms of profiling based on browsing behavior.
Give remote employees reliable and secure access to sensitive files and resources on the company’s internal network.	Bypass email- or account-based website bans.
	Hide how much data you are consuming from your ISP or cell phone carrier. A VPN will actually increase how much data you use.

If you still have more questions about VPNs, you can find more in-depth answers in the guides listed below: