What are VPN Tunnels and How do They Work

December 3, 2019

Virtual Private Networks (VPNs) have become one of the cornerstones of secure communications over the internet. However, there has been a lot of confusion around what VPNs can and cannot do. That confusion has led many technologists to choose a VPN solution that may not be well suited for their particular environment. However, that confusion can be quickly eliminated with a little bit of education, especially when it comes to VPN Tunnels. One major concern around VPNs is the issue of how secure they are. In other words, can VPNs fully protect the privacy and content of the data being transmitted?

What is a VPN Tunnel?

Before one can fully grasp the concept of a VPN Tunnel, they have to know what exactly what a VPN is. VPNs are a connection method used to add security and privacy to data transmitted between two systems. VPNs encapsulate data and encrypt the data using an algorithm contained within the transmission protocol. VPN traffic is encrypted and decrypted at the transmission and receiving ends of the connection.

Today’s VPNs primarily use one of the three major protocols, each of which has its advantages and disadvantages:

  • PPTP is one of the oldest protocols and came into existence back in the days of Windows 95. PPTP proves to be one of the easiest protocols to deploy and is natively supported by most major operating systems. However, PPTP uses what is known as GRE (Generic Routing Encapsulation), which has been found to have vulnerabilities. In other words, PPTP may be easy to set up, but it’s security is the weakest of the common VPN protocols.
  • VPNs can also be set up using L2TP/IPsec protocols, which proves to have much stronger encryption than PPTP. L2TP/IPsec are actually a combination of two secure protocols that work in concert to establish a secure connection and then encrypt the traffic. L2TP/IPsec is a little more difficult to setup than PPTP, and can add some latency to a connection.
  • Another protocol that is gaining favor is OpenVPN, which is based upon SSL (Secure Sockets Layer) for it’s encryption protocol. OpenVPN is open source and freely available. However, OpenVPN requires a certificate, which means users of the protocol may have to purchase a certificate from a certificate authority.

Regardless of which protocol you choose, VPNs need to “Tunnel” the data between the two devices. So, in essence, a VPN Tunnel is the actual connection mechanism, it is the data link that surrounds the encrypted traffic and establishes a secure connection.

Why Use a VPN Tunnel?

VPNs have become an established method to ensure privacy, protect data, and are becoming very popular among internet users. Many organizations are now offering VPNs for private use, with the primary goal of protecting Internet users’ privacy. The way these services work is by offering a VPN host, which the end user connects to via a piece of client software on their device. All of the traffic between the device and the host is encrypted and protected from snooping. In other words, ISPs, broadband service providers, and any other entity that exists between the client and the host can not see the data that is in the VPN Tunnel, which preserves privacy.

While personal privacy is naturally a major concern, businesses and organizations should also be focused on privacy and protecting data. Organizations that have multiple offices or remote workers should also be encrypting and protecting data. Today’s businesses are transmitting proprietary information, intellectual property, and perhaps even customer data across the internet. Many businesses are also bound by compliance regulations, directing those businesses to protect customer privacy, as well as other data.

However, VPNs may not be the best solution for all businesses. Simply put, VPN Tunnels are still subject to man in the middle attacks and the interception of data. While encryption may be very hard to break, it is not completely impossible. What’s more, in the not too distant future, Quantum Computers may be able to crack any of the existing encryption methodologies in a matter of minutes. That means those concerned with keeping data secure will have to look beyond the VPN Tunnel.

Establishing Security Beyond VPN Tunnels:

Arguably, the best way to prevent data from being intercepted over the internet is not to use the internet at all. However, for the majority of organizations that is simply not feasible. The internet has become the connective tissue between businesses sites and is a necessity for transmitting email, data files, and even web traffic.

However, enterprises can still secure their data communications and encrypt critical data without the risk of interception by using SD-WAN technology. A Software Defined Wide Area Network can be used to establish connection privacy between sites. SD-WANs bring forth concepts such as VLANs (Virtual Local Area Networks) that can communicate across an SD-WAN platform to establish secure connections. What’s more, SD-WANs can incorporate a full security stack, meaning that all traffic is examined for malware, intrusion attempts, and any other malicious activity. SD-WANs also prove easier to manage than multiple VPN clients and servers and offer the flexibility to adapt to changing business needs.

SD-WAN: The Future of Secure Connectivity

SD-WAN technology allows users to manage and optimize their wide area networks, reducing costs and creating a virtual overlay on top of many different transport mechanisms. SD-WAN technology, as offered by Cato Networks supports multiple transport protocols, such as cable broadband, DSL, fiber, 4G, 5G, satellite and any other TCP/IP transport mechanism. The Cato implementation of SD-WAN eliminates the need for multiple point solutions, dedicated hardware firewalls and so on. Cato’s offering also eliminates the need for traditional, dedicated VPN solutions, by replacing the VPN with a secure SD-WAN.

To learn more about Cato Networks, please feel free to contact us and to learn more about SD-WAN solutions, please download the Cato Networks WhitePaper.

Dave Greenfield

Dave Greenfield

Dave Greenfield is a veteran of IT industry. He’s spent more than 20 years as an award-winning journalist and independent technology consultant. Today, he serves as a secure networking evangelist for Cato Networks.