How Does a VPN Work?

A virtual private network (VPN) service encrypts your internet connection and re-routes your data through a remote VPN server. As a result, VPNs keep your internet browsing private, change your IP address and location, and protect you on public WiFi.

But how do VPNs actually work? We’ve found that having a clearer understanding of what’s happening when you connect to a VPN server helps you get the most out of this easy-to-use yet powerful software.

This process allows a VPN to mask your IP address and location from the websites you visit, and to hide your online activity from your ISP, WiFi network administrator, or anyone else monitoring your connection.

This is all you really need to know to start getting the benefits of a VPN, but keep reading if you want gain a deeper understanding of how a VPN actually works and to unlock the full potential of the software.

The diagram below illustrates how a typical VPN connection handles your web traffic:

You can see the individual phases of this process in order below. Note that steps 1-3 constitute the “VPN handshake“, while steps 8-10 continue throughout the VPN session.

These steps provide us with a blueprint for a general understanding of how a VPN works. However, the specific implementation of these steps depends on which VPN protocol is used and how the provider has configured the network.

Use the links or keep reading to learn about each phase of the VPN connection in more detail.

VPN Client-Server Initial Contact

The initial contact phase is as follows:

Once these steps are complete, the handshake to fully set up encryption can now take place. Here’s how the major VPN protocols handle the initial exchanges:

• OpenVPN, SSL/TLS, SSTP:
  • Client sends Client Hello packet.
  • Server responds with Server Hello packet.
• WireGuard:
  • Client and server exchange handshake initiation and response messages.
  • Messages include ephemeral public keys and cryptographic parameters.
• L2TP/IPSec and IKEv2:
  • Client and server exchange IKE (Internet Key Exchange) initiation packets IKE_SA_INIT.

Many leading VPNs also offer their own proprietary protocols, which are often based on modified versions of WireGuard or OpenVPN and follow initiation processes similar to their base protocols.

Here’s an example of an OpenVPN initial contact packet:

^{Back to VPN connection phases overview ↩}

VPN Client-Server Authentication

The authentication phase ensures that clients only connect to genuine VPN servers. Authentication methods vary in complexity and security, often combining multiple techniques to ensure a robust connection.

While VPN protocols like OpenVPN and IPSec offer high configurability, most authentication processes involve some combination of certificates, pre-shared keys (PSK), and username/password verification.

VPN Protocol	Primary Authentication Methods	Key Features
OpenVPN	Certificate-based authentication, Username and password	Uses HMAC for packet authentication, creates separate TLS control channel for ongoing session authentication
WireGuard	Public-key cryptography	No traditional handshake process, authentication occurs with the first packet sent, uses pre-shared private and public keys for each peer
IKEv2	Pre-shared keys (PSK), X.509 digital certificates, user-based authentication via EAP (Extensible Authentication Protocol)	Supports sequential authentication for enhanced security, uses encrypted IKE_AUTH packets for privacy
L2TP/IPSec	Two-phase authentication: L2TP authenticates VPN endpoints, IPSec authenticates the user	L2TP uses PPP (Point-to-point Protocol) methods (e.g. PAP, CHAP, MS-CHAP), IPSec establishes an encrypted tunnel before L2TP authentication, ensuring overall security

^{Back to VPN connection phases overview ↩}

VPN Key Exchange

Key exchange is the cryptographic process where two parties securely establish a shared secret key over an insecure communication channel, without actually transmitting the key itself.

This shared secret key enables symmetric encryption for subsequent communications, effectively creating the secure VPN tunnel between client and server.

For a more detailed explanation of how various key exchange methods work, refer to the VPN handshakes section.

Here, we’ll focus on how the most popular VPN protocols handle key exchange:

As you can see, key exchange methods vary significantly between protocols in terms of complexity, performance and most importantly, security.

This flexibility allows VPNs to be configured for various use cases. However, the increased complexity can lead to misconfigurations by less-experienced developers, potentially resulting in security vulnerabilities.

Refer to our our investigation into security flaws in free Android VPNs for numerous examples of this.

^{Back to VPN connection phases overview ↩}

VPN Tunnel Creation

Once the VPN handshake is complete, a secure tunnel is established between the client and the server.

For a more detailed explanation of VPN tunnels, refer to the VPN tunnels section. Here, we’ll focus on the general process of tunnel creation and how different protocols handle it.

Here’s how the main VPN protocols handle VPN tunnel creation:

• OpenVPN:
  • Uses tun/tap virtual network interface, configurable for IP or Ethernet (layer 2) modes.
  • Exchanges IP addresses, routes, and other network settings.
  • Activates VPN tunnel is activated, routing traffic through the virtual interface.
  • Sets up additional features like compression or fragmentation, if configured.
• WireGuard:
  • Employs a minimalist tunnel setup focused on performance, with low overhead compared to other protocols.
  • Creates a simple virtual network interface, typically named wg0.
  • Can send persistent keepalive packets to maintain the connection.
• L2TP/IPSec:
  • IPSec layer creates the tunnel for L2TP packets.
  • Establishes L2TP control connection within the IPSec tunnel.
  • Creates L2TP session for data transfer.
  • Activates VPN tunnel, routing traffic through the L2TP tunnel protected by IPSec.
• IKEv2:
  • Establishes IPSec tunnel.
  • Can route different traffic flows through additional IPSec Child SAs.

^{Back to VPN connection phases overview ↩}

IP Assignment

The assignment of a new VPN IP address is a crucial stage in the VPN connection process. For a general overview of IP masking, refer to the section on how a VPN hides your IP address.

Each VPN protocol handles IP assignment differently. Here’s a breakdown of how the main protocols manage this process:

Your device’s routing table is updated as part of this process to send traffic between your device and the VPN server over your normal internet connection, and new rules are added to send all other internet traffic through the tunnel via the VPN server en route to its destination.

If split-tunneling is available and enabled in the client, further rules will be added to the device’s routing table to send traffic from whichever apps you’ve specified outside of the tunnel and over your normal internet connection.

^{Back to VPN connection phases overview ↩}

DNS Resolution

In order to keep your internet activity completely private, VPNs typically route your DNS queries through the encrypted tunnel with the rest of your traffic. Ideally, the provider will also use its own DNS servers rather than your ISP’s or another third party’s servers.

When this doesn’t happen, it’s known as a DNS leak, which compromises your privacy.

Here’s how the main VPN protocols protect DNS resolution:

As you can see, the choice of VPN protocol significantly impacts DNS handling, affecting both security and functionality.

Modern VPN protocols offer robust DNS protection but are easily misconfigured by less-experienced administrators.

It’s even more common to find VPN providers, especially free services, who don’t invest in operating their own DNS servers. This means that even if DNS queries do go via the tunnel, they can still end up being logged by the owners of third-party DNS servers.

Over 80% of free Android VPNs leaked DNS requests in some way, according to our latest research.

^{Back to VPN connection phases overview ↩}

Data Transmission, Encryption & Decryption

Now that the secure VPN connection is fully established, the client encrypts your data and sends it through the tunnel to the VPN server. The server decrypts this data and forwards it to its final destination, i.e. the website or app you’re using.

Responses from the destination servers are received and similarly encrypted by the VPN server and sent back through the tunnel for decryption by the client.

The specific cipher used for encryption, along with packet structure and handling, is determined by the VPN protocol in use. For a general overview of VPN encryption, refer to the section on how VPN encryption works.

The following table compares how popular VPN protocols handle data transmission and encryption/decryption. Hit the button to expand it then scroll down to see how each protocol handles the various aspects of the process.

Without a VPN, your device connects directly to a website’s server, which needs your IP address to send content back.

Your IP address is your unique internet identifier, like a digital passport. It tells other computers where to send information.

Your IP address reveals personal information, including your location and online activity. Many people use VPNs to hide this data.

With a VPN connected, your connection is rerouted through a remote server before reaching websites.

Your real IP address is concealed as websites only interact with the VPN server’s IP address. Websites send information to the VPN server, which then forwards it to your device.

The benefits of masking your IP address in this way include:

• Preventing websites and advertisers from directly tracking your online activities.
• Unblocking geo-restricted content by appearing to browse from a different country.
• Making it harder for bad actors to target your device or network.

A VPN tunnel is simply a secure channel established between your device and the VPN server, creating a safe, private route through the public internet.

It’s referred to as a tunnel because your original traffic is encrypted and wrapped in a layer of unencrypted traffic.

Think of it as placing a sealed envelope inside another envelope with a different address, concealing your original message and making it unreadable by anyone who might intercept it.

This process, called encapsulation, is performed by tunneling protocols.

VPN Encryption Ciphers

Encryption transforms plaintext data into a secret code, making it unreadable to anyone without the necessary key to decrypt it.

VPNs use encryption to hide your browsing activity between your device and the VPN server, protecting you from various forms of surveillance.

VPNs use encryption ciphers to convert your online activity into unreadable code. A cipher is a mathematical algorithm (i.e. a set of rules) that encrypts and decrypts data, often paired with a specific key length.

The key is a string of characters that is used to alter the data being encrypted. Only someone in possession of the same key is able to decrypt the data.

Longer key lengths generally offer more security. For example, AES-256 is considered more secure than AES-128.

Some VPN protocols use static keys, designed for long-term use, while others use ephemeral keys that expire after a single session or transaction.

Here’s how encryption ciphers work:

1. The cipher uses a key to encrypt the data before sending it.
2. The same or a related key is used to decrypt the data at the receiving end.
3. Only those with the correct key can decrypt and read the information.

The cipher used by a VPN is often determined by the degree to which its developers prioritized security over performance, as stronger ciphers tend to require more processing power.

Newer ciphers also emerge over time and are incorporated by higher quality services.

The most commonly used ciphers in VPN services are:

• Advanced Encryption Standard (AES)
  • Gold standard for online encryption
  • Available in 128-bit and 256-bit key-lengths
  • AES-256 preferred for stronger protection
  • Considered quantum-resistant
• Blowfish
  • Designed in 1993, largely replaced by AES-256
  • 128-bit key length (32 to 448 bits possible)
  • Has known weaknesses
  • Used as fallback to AES-256
• ChaCha20
  • Newer cipher gaining popularity
  • 256-bit key length
  • Comparable security to AES-256
  • Faster performance, especially on mobile devices
• Camellia
  • Developed in 2000
  • Security and speed comparable to AES
  • Not certified by NIST
  • Limited availability in VPN services

Encryption modes determine how ciphers like AES encrypt data. They’re crucial for VPN security, affecting both privacy and performance. Here are the most common modes used in VPNs:

• CBC (Cipher Block Chaining)
  • Traditional mode
  • Creates chain of dependent blocks
  • Can be slower than newer modes
  • Requires additional security measures
• GCM (Galois/Counter Mode)
  • Provides encryption and authentication
  • Faster than CBC
  • Considered very secure
  • Widely used in modern VPNs
• CTR (Counter)
  • Turns block cipher into stream cipher
  • Fast and allows parallel processing
  • Doesn’t provide authentication alone
  • Used by ChaCha20
• OCB (Offset Codebook Mode)
  • Provides authenticated encryption in single pass
  • Very efficient
  • Limited adoption due to patent concerns

Other modes are best avoided in VPNs. ECB (Electronic Codebook) in particular is too simple to be secure, while CFB (Cipher Feedback) and OFB are both prone to misconfiguration due to their complexity as well as being considered outdated. Any mode without integrity checks should also be avoided unless paired with a separate authentication mechanism.

Most top-tier VPNs now use GCM mode with AES or the ChaCha20-Poly1305 combination, as these provide a good balance of security and performance. When reviewing VPNs, we look for these modern, authenticated encryption modes.

VPN Protocols

VPN protocols are the sets of rules and processes used to establish secure connections between your device and the VPN server.

They determine how the VPN tunnel is formed and managed, while encryption ciphers secure the data within the tunnel.

Each protocol offers a unique balance of speed, security and compatibility. Most VPN services will default to a particular protocol but allow you to change it in the app settings.

VPN Handshakes

VPN handshakes are crucial for initiating secure connections. This process involves:

1. Authentication: Verifying the identity of both the VPN client and server.
2. Key Exchange: Securely sharing encryption keys for the session.
3. Parameter Negotiation: Agreeing on communication rules and cipher suites.

During a VPN handshake, your device and the VPN server exchange information to establish a secure channel. This exchange results in a shared secret key used for encrypting and decrypting data throughout the VPN session.

VPN handshakes typically use the RSA (Rivest-Shamir-Adleman) algorithm. RSA has been the basis for internet security for the last two decades. However, key length is critical.

For adequate security, use VPN services implementing RSA-2048 or RSA-4096. RSA-1024 is no longer considered secure due to advances in computing power.

While broadly secure, the handshake process generates a ‘master key’ that could potentially decrypt all sessions on that server if compromised.

In such a scenario, an attacker could hack into the VPN server and gain access to all data flowing through the VPN tunnel.

To mitigate this risk, we recommend using VPN services with Perfect Forward Secrecy.

Perfect Forward Secrecy

Perfect Forward Secrecy (PFS) is a critical security feature in modern VPN protocols. It uses Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) algorithms to generate unique temporary session keys.

Perfect Forward Secrecy ensures encryption keys are never exchanged across the connection.

Key benefits of PFS include:

1. Independent key generation: Both the VPN server and client independently derive the same encryption key without exchanging it.
2. Session isolation: Each connection uses a unique key, limiting the potential damage from a single compromised session.
3. Temporal security: Keys are temporary and discarded after use, preventing future decryption of any captured data.

While RSA is crucial for authentication, it cannot provide PFS on its own. Implementing PFS requires the inclusion of DH or ECDH in the cipher suite. ECDH offers robust security for handshakes, while DH should only be used together with other measures due to potential vulnerabilities otherwise.

OpenVPN and WireGuard, our recommended VPN protocols, both support Perfect Forward Secrecy.

Hash Authentication

Secure Hash Algorithms (SHA) play a vital role in VPN security by:

1. Verifying data integrity during transmission
2. Authenticating client-server connections
3. Preventing unauthorized data manipulation

SHAs use a hash function to convert source data into a fixed-length string of characters, known as the “hash value”. This is a one-way process and can’t be reversed; changing even one character in the input drastically alters the output.

This is how it works in VPN communications:

1. The sender applies an agreed-upon hash function to the data.
2. The recipient generates a hash from the received data using the same function.
3. If the generated hash matches the transmitted hash, the data’s integrity is confirmed.
4. Mismatched hashes indicate potential tampering, and the data is discarded.

SHA hash authentication prevents man-in-the-middle attacks by detecting certificate tampering, which stops hackers from impersonating legitimate VPN servers.

For maximum security, we recommend VPN services using SHA-2 or higher. SHA-1 has known weaknesses that can compromise security.