A VPN Tunnel or virtual private network tunnel is a link between two network endpoints which provides encapsulation and encryption for the data flowing through it. This is essentially required to hide your identity as well to secure your data. In simple words, VPN tunnel is a network channel or a virtual pipe through which your internet data transmits from your laptop to the target host while keeping data encrypted and your identity hidden.
The process of tunneling requires the use of different VPN protocols for encapsulation and encryption of the data packets. Several protocols like carrier protocol, encapsulation protocol, and passenger protocol are necessary for creating a tunnel. Moreover, there are two types of tunneling namely, Voluntary Tunneling and Compulsory Tunneling.
Let’s say you are working from home and wants to connect to your office network. You may need to access several sensitive files and also may need to transmit data which is private and sensitive in nature. For obvious, you don’t want all these information to be exposed to the public network. That’s where VPN tunnel will help you.
Remember that some of the features provided by VPN and proxy server sound similar but yet they are quite different. Read proxy vs VPN to understand more about it.
Tunneling – How it works?
Let’s understand how tunneling operates. Any data sent through the network is segmented into packets. Your VPN client accepts this packets and encapsulates them with some other protocols called carrier protocol or base protocol.
Besides, VPN client is also responsible for encrypting the actual message or the data packets. Data packets are encrypted at the source with an encryption key which is only known to the VPN server.
While your data is in the move through the public network, it remains encapsulated as well as encrypted.
At the final destination, which is at the location of the VPN Server, the data packets are de-encrypted and DE-capsulated. After that, they are sent to the server which hosts the targeted website. Therefore to the website, it appears as though the data has been posted by the VPN server.
Same way data flows back to the recipient from where communication first originated.
VPN tunnel ensures security
Data flowing through the public network is not safe. Anyone, such as your Internet Service Provider (ISP), government agencies or someone snooping around the internet can intercept your data and look at it.
But data flowing through a tunnel is unreadable unless one has encryption key which is only available to the client or the VPN server. That way, your data is safe and secure.
In a nutshell, it provides a mechanism for private data to be securely transmitted along a public network.
VPN tunnel ensures anonymity
As the data leaving your network is encapsulated with carrier protocols, anyone looking at the data will not know the actual address to which your packets are destined to.
All the Internet Service Provider would get to know because of tunneling is that your computer is connected to the VPN Server. That means any online activity that you would perform would be utterly oblivious to the ISP and anyone snooping around.
Can you guess how it is going to help? This would get you access to any restricted content which you were unable to access previously due to your location. Isn’t that interesting?
If you want to watch your favorite movie which is not available in your country but in the neighboring one, VPN tunneling will help you do that.
Types of VPN tunneling
There are two types of VPN Tunneling which are Voluntary Tunneling and Compulsory Tunneling.
Voluntary tunneling involves a VPN Client which creates a VPN connection with the VPN server. For it to happen the VPN Client software and the necessary tunneling protocol must be installed on your computer. There can be two situations resulting from this.
One is the possibility of a dial-up situation. In the dial-up case, the VPN Client must first connect with the network before setting up a tunnel.
One of the best examples is the Internet Dial-up wherein, you must first dial-up the ISP to create an internet connection before creating the tunnel over the internet.
For the second possibility, there is already a connection to the network for the LAN-attached computer. This case is possible if you have a broadband connection which is always on.
Here the network is already established which will provide the routing of encapsulated payloads to the VPN server through the tunnel.
Compulsory Tunneling differs from voluntary tunneling in a sense that it is the ISP which establishes the VPN connection between your device and the VPN server.
While Voluntary Tunneling was a two-step process, Compulsory Tunneling involves only a single step. When the VPN Client makes a regular connection with the ISP, the ISP immediately creates a VPN connection.
Here, your computer is not the endpoint. The network access server (NAS) present with the ISP is the endpoint and the one which serves as the VPN Client. The access server performs this operation on behalf of a dial-up connection.
In Compulsory Tunneling, you would need to connect to the NAS first. The NAS will then establish the tunnel between your computer and the remote VPN Server. It is known as Compulsory Tunneling because you have to connect to the NAS initially. Without it, the tunnel cannot be created.
In compulsory tunneling, the management control shifts from the VPN Client to the ISP. The NAS has built-in logic which identifies your device with the location of the remote VPN server.
Unlike Voluntary Tunneling which creates a separate tunnel for each user, Compulsory Tunneling can involve multiple users over a single tunnel. This tunnel is not disconnected until the final user has exited the tunnel.
Protocols required for tunneling
Tunneling protocols encapsulate data packets with the help of different protocols. These protocols add another header to the payload of a data packet.
This header possesses the information which is used in routing the data packets through the tunnel. For the process of creating a tunnel, following protocols are necessary:
The Carrier Protocols transport the final data packets after encapsulation. Point to Point Protocol (PPP) is an example of a carrier protocol.
The Encapsulation protocol will encapsulate the payload of the data packet. IPSec, PPTP, L2TP, etc. are some of the examples of an encapsulation protocol.
These protocols represent the original data packets that were to be carried out between the two devices of the tunnel. The network that is connected through the tunnels uses it. For example, IP, IPX, etc.
Types of protocols used for VPN tunneling?
Many security protocols have been developed for VPN tunnel each offering different features. But following three of them are most popular and competing with each other for the wider consumer acceptance.
A consortium of vendors like Microsoft, Ascend Communications, and few others have released point to point tunneling (PPTP) protocol back in 1999. But it is generally associated with Microsoft because it is widely used and compatible with all of the Windows Operating Systems.
The PPTP, in general, does not encrypt data instead encapsulates it through a Point to Point Protocol (PPP) and transmit it over a secure channel to the VPN server which is present at a remote location.
PPTP creates a Transmission Control Protocol (TCP) connection between the VPN Client present on your computer and the VPN Server. The TCP together with the Internet Protocol (IP) determine how the data will be sent along the internet.
A Generic Routing Encapsulation (GRE) method is used to encapsulate the data packets. Since it is one of the older protocols, there have been a lot of security deficiencies and vulnerabilities.
PPTP is getting obsolete but Microsoft is continuing to improve its PPTP support though.
Layer 2 tunneling protocol
L2TP is an evaluated version of the PPTP. It combines the strengths of Cisco’s Layer 2 Forwarding (L2F) and Microsoft’s PPTP approach. L2TP exists in the data link layer, i.e., the layer two of the OSI Model, which is evident in its name.
The L2TP doesn’t possess VPN encryption characteristics, which is the reason why it is used along with IPSec protocol. The IPSec protocol provides the necessary encryption. L2TP, unlike PPTP, utilizes AES-256 bit key for encryption.
This makes it more secure compared to the PPTP. As such, L2TP has been used by many government agencies to encrypt their confidential data. It is compatible with all the Operating systems released after Windows XP and MacOS 10.3.
The L2TP adds an extra header to every data packet which contains important routing details. This additional header results in the data packet having double encryption. While it does provide additional security, it may lead to low speeds while transmitting data.
IPSec is a combination of different prevalent protocols. It provides enhanced security features and better encryption as compared to previous protocols. It also provides a comprehensive authentication. The IPSec protocol primarily consists of two parts.
The first part is the Authentication Header (AH). It as the name suggests accounts for only the authentication related processes. The second part is Encapsulating Security Payload (ESP) which encrypts as well as authenticates the data packets.
Moreover, the IPSec protocol consists of two modes, namely tunnel mode, and transport mode. The tunnel mode encapsulates the whole IP Packet whereas the transport mode encapsulates only the IP Payload for transmission.
Over to you on VPN tunneling
VPN Tunneling method has resulted in providing a robust security mechanism for the protection of the internet traffic originating from your device. It not only help encapsulates the data but also encrypts it keeping your data secure and away from the prying eyes of hackers.
You should consider using the virtual private network (VPN) and VPN tunnel if you want peace of mind while using the internet and sending sensitive data through it.