How a VPN works – then next, How to Setup your own VPN on a VPS

4GoodHosting-VPNs

If you are not currently using a VPN ( a “Virtual Private Network” [remote server connection]) to help restore privacy to your online world, then you probably are not aware that about 20% internet users worldwide in 2016 already periodically use a VPN to help them connect to the full global internet; especially in totalitarian countries that ban such services such as youtube.

People’s motivations vary from reason to reason (and there are quite a number of good reasons; many of them we’ll cover in this article). Reasons typically vary from a desire for privacy & increased anonyminity and general security, to overcoming censorship, and even *improving* their internet connection globally as some ISP restrict, limit (or as it is termed “shape”), connection speeds to certain websites – making them less attractive to use, some ISPs block p2p (peer to peer connection such as torrents) , and some VPNs supply data buffering to help even out slower, or shaped/moderated, connections.

How did VPNs come about? In this article we will go over the history of this technology of how VPN use has generally progressed over time. In a subsequent article we’ll go more into advanced topics such as encryption.

The Beginnings of a Secure Internet

In the late 1990s, PPTP (that is “Point-to-Point Tunneling Protocol”) was developed. PPTP was the first internet protocol for creating virtual networks. This is one aspect of technology Microsoft was a leader (instead of a follower or hijacker in some cases) in pioneering; as much of PTPP was initially developed in-house at Microsoft. Microsoft saw the growing need to allow internet users to have a secure/encrypted connection to work effectively and securely from home – for companies to be able to provide a work-from-anywhere infrastructure. PTPP a big milestone event and henceforth set the stage for the birth and evolution Virtual Private Networks.

VPN Technology

Over the years, different types of VPN technology have come about. Today there are different types of VPNs (mainly Personal and Corporate) with different protocols (PPTP, OpenVPN, L2TP/IPsec, SoftEther, SSTP).

How does VPN security work?

A VPN is technically a WAN (Wide Area Network). the front end (that is, your browser or other connected application) retains the same functionality and appearance as it would your ISPs unsecured, point or origin, network.

You are probably wondering just how it all works. It can appear to be a complicated business, with unfamiliar words like ‘encapsulation’ and ‘tunnelling’. Don’t be scared though, using a VPN just requires a couple of mouse clicks, and sometimes, depending on your setup – a user name and or perhaps just a password to log into the remote VPN server.

You already know from having read the above, a VPN secures traffic to & from your computer straight through your ISP connection; so hackers nor creepy spies (creepies) will be able see your data or keyboard inputs while it is in transmission (and most importantly your IP address is changed to your VPN ip-address).

But how exactly does a VPN do this?

Think of VPNs as private networks ‘tunneling’ to someplace deeper inside the Internet.

As with any private network, information your computer sends & receive on a between your computer and VPN is effectively walled/sealed off from any other possible other computers eavesdropping/tapping or intrusion. Nobody outside the network, even the peeping-tom NSA, can see what is going on your virtual private network. That is how using a VPN gives you additional privacy and security.

How you connect to a VPN

How can you connect to a VPN server over the notoriously public Internet? To use a VPN, both the remote VPS server and the client (that is, your computer) need compatible software installed so the two points can communicate together.

On the VPN provider’s side a remote access server (RAS) must run. The RAS applications is what your computer connects to when using a VPN. The RAS authenticates either your computer, you, or both; using any one of an assortment of authentication methods. That is the VPN’s first layer of security, but only one of several layers of protection.

On the client side (your computer), the application establishes (and moew importantly *maintains*) your connection through VPN server. The client software sets up a “tunnel” connection to the RAS. The software is also responsible for managing (transmitting and deciphering) the encryption which secures your connection. Let’s have a closer look at what these are;

To understand tunnelling, you first need to understand that all data that is conveyed over the Internet and is split into small pieces called ‘packets.’ Every packet also carries with it additional information as per the protocol (such as HTTP, Telnet, Bittorrent and so on) + necessarily the sender’s IP address.

However, on a VPN’s tunnelled connection every data packet is placed inside another data packet before it is sent over the Internet – much like postal envelopes, putting one envelope inside another will still get the job done. That process is called “encapsulation” – the other “big” word. See, not so complex as it first all sounded.

You can now just use your imagination to think up how useful encapsulation and tunnelling are in securing your data and privacy. Basically the outer packet provides a layer of security that guards the *encrypted* contents safe from public or spying views.

Encryption 101

It is not just not enough to guard your connection to tunnel your computer’s data transmissions back and forth from the RAS. Encryption is the next layer of security. This simply means that data is encoded (jazzed up a secret way) so that the data in your internet packets can only be created and read by your VPN client and server, and vice-versa. Encryption allows for the ‘secure’ connection. Prying eyes hate encryption as it takes a supercomputer many hours, days, or even months to ‘guess/crack’ the encryption.

VPNs can use various security protocols to encrypt data. The most common is IPSec (Internet Protocol Security). IPSec functions this way: encapsulated data packet’s contents is encrypted with with an encryption key. The key is shared only between the VPNs server & clients. IPSec protocol can also be used in tandem with other protocols to increase their combined level of security.
Layer 2 Tunneling Protocol (L2TP)

The L2TP and IPsec protocols combine their best individual features to create a highly secure VPN client. L2TP generates the tunnel providing channel security and data integrity checks which insure all of the packets have arrived and provides confirmation that the tunnel itself has not been compromised.

Transport Layer Security (TLS) and Secure Sockets Layer (SSL): are used all over the internet mainly for the security of online retailers and other service providers. These 2 protocols operate uses what is called a “handshake” method. As you might already know a http://-based SSL connection is always initiated by the client using a URL starting with https:// instead of with http://. At the beginning of an SSL session, an SSL handshake is performed and results in the cryptographic parameters of the session. These are typically “digital certificates”, which is the means by which the two systems are able to exchange encryption keys in order to create the additionally secure connection.

Another frequently used VPN protocol is Secure Shell (SSH). SSH creates both the VPN tunnel and the encryption that protects it. This allows two computers to transfer otherwise unsecured data by routing the traffic from remote fileservers through an encrypted channel. The data itself isn’t encrypted by SSH but the channel its moving through is. SSH connections are created by the SSH client, which forwards traffic from a local port one on the remote server. All data between the two ends of the tunnel flow through these specified ports.

SSH tunnels are the primary means of subverting content filters. For example, if an internet firewall or filter prohibits access to TCP port 80, which handles HTTP (common webpages), all user access to the Internet is cut off. However, by using SSH, the user can forward traffic from port 80 to another on the local machine which will still connect to the remote VPN server’s port 80. So as long as the remote server, somewhere else on the internet, allows outgoing http:// connections, the bypass/bridge will allow the user’s computer to surf webpages. SSH also allows other protocols that could be blocked by an ISP’s firewall, such as those for torrenting, effectively geting past the wall by “wrapping” themselves in the shell of a protocol that the firewall does allow. Some countries prohibit VOIP (Voice over IP) phone connections. A VPN can get the dial tone back.

So whether you are in a work cubicle, a file-sharing downloader, or just don’t want corporations of other creepy people having a full view to your surfing habits, virtual private networks are the best means of securing traffic besides short of sharing data via flash drive back and forth.

In the next 4GoodHosting article, we’ll get more into aspects of data encryption as it is an interesting topic within itself. We’ll also show you how to create your own VPN server by leasing a VPS from us (if you don’t want to use a third-party VPN service).

Post Navigation