Sections

Services

Information

UK United Kingdom

Explainer: what is a virtual private network (VPN)?

Have you ever wanted to exist in more than one place at the same time? The laws of physics suggest wormholes through space and time are hypothetical; but wormholes do exist in cyberspace and wonders can…

The ways in which we use VPNs have changed. Stephan Geyer

Have you ever wanted to exist in more than one place at the same time?

The laws of physics suggest wormholes through space and time are hypothetical; but wormholes do exist in cyberspace and wonders can be found on the other side.

We call these cyberspace wormholes virtual private network (VPN) connections.

Point-to-point

A VPN is a point-to-point connection between a VPN client and server, or a site-to-site connection between two VPN servers. In the diagram below the connection between the branch office and headquarters could be a permanent site to site VPN connection.

Home and mobile users are able to create client on-demand VPN connections to the VPN server at the branch office or the headquarters.

All internet-connected devices have a local public or private internet protocol (IP) address (eg. 192.168.1.20). When connected using a VPN the device gains access to the network at the other end of the VPN and is provided with an IP address on the remote network, even though it is not physically there.

Mark Gregory

Most devices that connect to the internet today include VPN client software that can be used to create a VPN tunnel from the client computer to the VPN server. Site-to-site VPNs are usually created between firewalls or routers that include VPN server functionality.

The most important thing to know about VPNs is that they provide security and privacy through a combination of the point-to-point tunnelling protocol used and encryption of the information sent over the point-to-point tunnel using, for example, Internet Protocol Security (IPSec), datagram transport layer security or Secure Socket Tunnelling Protocol (SSTP).

Reasons to use

As the internet has evolved so have the ways in which we use VPNs.

A VPN might be used by teleworkers as a secure connection to their office. Students can use VPNs to connect to their school or university.

We can use a VPN to connect to our home network when we’re away from home to transfer photos, documents or other items to our home computer or network storage device.

But to understand what makes a VPN special we need to consider how the internet is being used today by business, government and other organisations such as law enforcement or national security agencies.

Multinationals use geo-blocking to segment the world into markets and control access to products and pricing. The Australian government commenced an inquiry into IT pricing in May 2012, and a submission by the Australian consumer advocate Choice in July 2012 highlighted that Australian consumers are paying substantially more for IT hardware, software and digital media such as music and movies.

Business is learning how to identify, gather and track information about us online, and every time we use the internet we leave a trail of data that business collects, analyses and uses for targeted advertising.

Governments and their agencies are also trying – to varying degrees – to identify, track and limit what what we’re doing on the internet.

Unblocking geo-blocking

The first problem that a VPN can help solve is how to get around geo-blocking.

If you want to watch a television show that is being broadcast over the internet but is only accessible by viewers in one country you can use a VPN to gain access.

If you want to buy products from a company and find those products cheaper on, say, the company’s UK online store you can use a VPN to gain access to the online store.

The diagram below provides a description of how VPNs can be used to connect home and mobile users to VPN servers in other countries and be provided with public IP addresses in those countries.

Mark Gregory

Using a VPN makes it difficult for anyone to identify and track what you do on the internet.

Your traffic is encrypted until it reaches the VPN server at the other end of the VPN tunnel. If the VPN server is in another country it’s not possible for your ISP to determine what is passing over the VPN tunnel.

In practice, when you connect to a VPN server in another country your home computer or mobile device will be allocated an IP address in that country, and when you disconnect the IP address would be allocated to the next VPN connection.

VPN servers being used to provide inter-country VPN connections often have large pools of IP addresses that are allocated randomly to VPN connections as they occur.

Many people, possibly thousands, share a pool of IP addresses and only the VPN service provider would know who is connected to each IP address. That said, VPN service providers that offer inter-country VPN services generally do not keep any records of which IP address was allocated to customer VPNs.

For anyone that captures traffic going to and from VPN IP addresses it would appear as a jumble of information that could be attributed to many thousands of people from countries all around the world.

Blocking VPNs

Earlier this month, Iranian authorities blocked the use of VPNs out of Iran. Iranians had been using them to bypass the government’s internet filter, which prevents Iranians from accessing websites the government has deemed offensive or criminal – including Facebook, Google Mail and Yahoo.

VPN system developers including Microsoft have been working to develop VPN tunnels that pass through firewalls and internet filters by utilising typically open internet web IP network sockets that use port 80 (HTTP) and port 443 (HTTPS) protocols.

VPN service providers

There are a large number of VPN service providers available today. When choosing one you should consider:

  • whether the service includes VPN end points in one or more countries
  • what protocols are provided
  • the level of security
  • the size of the IP address pool used for VPN connections
  • whether your connection details are logged or deleted immediately after you terminate a VPN
  • whether the VPN system includes anti-malware and anti-spyware protection
  • support for mobile devices
  • reliability and bandwidth
  • price

There are a number of “free” VPN service providers that provide limited services and gain revenue by serving you with advertisements while you’re connected to the VPN.

Another option is to set up VPNs to the homes of relatives or friends that live overseas.

The most important benefits of using a VPN are security, privacy and anonymity.

Why don’t you use a VPN today?

Join the conversation

9 Comments sorted by

    1. Mark A Gregory

      Senior Lecturer in Electrical and Computer Engineering at RMIT University

      In reply to Gavin Moodie

      Hi Gavin, VPNs are in widespread use today to break down barriers and provide excellent opportunities. Hope you find one that provides you an opportunity to explore.

      report
  1. George Michaelson

    Person

    When you use a VPN, In passing to the exit point in the VPN providers network. your packets pass through other people's hands. It is not sensible to assume they are not able to leverage value from this. Of course you hope they don't, But it might pay to ask yourself, what value you place on your data packets, and who is exposed to them. The same is true of internet in general, but in this case you invoke a third party you have little or no direct relationship with (I exclude office VPNs and other…

    Read more
    1. Mark A Gregory

      Senior Lecturer in Electrical and Computer Engineering at RMIT University

      In reply to George Michaelson

      Hi George, thank you for the comment. You raise a couple of points. There is no doubt that when using a VPN you appear on the network somewhere but what is important is that every time you connect to a VPN you would get a different IP address making it much harder for tracking to occur. The point about identifying yourself when you browse a website is also correct, though using a third party email provider in another country and where required a mail forwarding company - see my earlier article on…

      Read more
    2. George Michaelson

      Person

      In reply to Mark A Gregory

      People who provide general telecommunications services get specific immunity if they are a carrier, in many legislations (like ours). If you operate a service like a VPN termination, or a TOR exit router and are not eligible for carrier exemptions, then you, as the operator of the service, will be liable for the consequences of packetflows which comes from your IP ranges exposed into the global networks.

      Thats quite a large liability. I'd think twice before putting up a UK tv VPN endpoint, if…

      Read more
    3. Mark A Gregory

      Senior Lecturer in Electrical and Computer Engineering at RMIT University

      In reply to George Michaelson

      Hi George - great points. There are many VPN providers that now provide endpoints in many countries. They advertise the VPN service and how it provides security and anonymity - which is very true. Can you stop someone providing such a service - it would be hard. Still as you suggest we may see action taken against such a provider but the horse may have already bolted.

      report
  2. Markie Linhart

    Rouleur

    Fascinating piece, thank you for the explainer. Even though I regularly subscribe to The Conversation, I actually came across it via Delimeter, which I also subscribe to.
    A raging topic on Delimeter currently is of course the NBN in its current incarnation and the opposition's 'NBN Lite'.
    One of the criticisms raised re 'NBN Lite' is that there won't be the bandwidth to support large downloads without buffering, and this is by way of a sop to Murdoch's pay tv machinations.
    So, my question is will it be a necessity to have fast broadband to make full use of a vpn provider. I raise this because I'm an avid ABC/BBC programme watcher and there's no way in the world I'll be subscribing to anything owned and operated by the Emperor of Australia…

    report
  3. Ala Bala Azima

    logged in via Facebook

    Hi Mark
    You mentioned Iran. IS it possible for someone in another country(with heavy internet censorship) to connect to my VPN in Canada, and become able to access Facebook and YouTube and so on? is it theoretically possible or also practically possible.... thanks

    report
    1. Mark A Gregory

      Senior Lecturer in Electrical and Computer Engineering at RMIT University

      In reply to Ala Bala Azima

      Yes, it is technically possible if the ports needed are open between your computer and the person that wants to connect.
      regards, Mark Gregory

      report