VPN and Tunneling
[!NOTE] This module explores the core principles of VPN and Tunneling, deriving solutions from first principles and hardware constraints to build world-class, production-ready expertise.
1. What is a VPN?
A Virtual Private Network (VPN) creates a secure, encrypted “tunnel” between your device and a remote server (or between two offices). It makes your device appear as if it is inside a private network, even if you are using public Wi-Fi.
The Tunneling Concept
Tunneling is like putting one packet inside another.
- Original Packet: your internal data (e.g., source IP
10.0.0.5). - Tunnel Packet: an encrypted wrapper with a Public IP source/destination.
- Result: Routers on the Internet see the “Wrapper” but cannot see the “Internal” data.
2. Common VPN Types
| Type | Use Case | Protocol |
|---|---|---|
| Remote Access | Individual employees connecting to the office. | SSL/TLS (OpenVPN, WireGuard). |
| Site-to-Site | Connecting two whole offices together persistently. | IPsec. |
3. IPsec (Internet Protocol Security)
A suite of protocols used to secure IP communications by authenticating and encrypting each IP packet.
- AH (Authentication Header): Ensures data integrity and origin. (No Encryption).
- ESP (Encapsulating Security Payload): Provides Encryption, integrity, and authentication. (Most common).
- Tunnel Mode: Encrypts the entire packet (Header + Payload).
- Transport Mode: Encrypts only the payload.
4. Interactive: Tunneling Trace
Watch the packet get wrapped.
5. Split Tunneling
A VPN feature that allows you to route some traffic through the tunnel (Office apps) while sending other traffic (YouTube, Netflix) directly through your local ISP.
- Pros: Saves office bandwidth; faster for local traffic.
- Cons: Less security for the local traffic.