My IP Number

Virtual Private Networks

Virtual Private Networks, VPN

A Virtual Private Network (VPN) allows communication between two devices located on different subnets, such that each appears to the other as though it is on the same subnet. For example, an employee working from home would be able to access an office printer as though it were connected to the home computer. In effect, the office private network is extended, over the public internet, to the home-worker's private network.

In order to prevent third parties from monitoring the data sent over the VPN, the content is encrypted. In addition, steps must be taken to ensure that only authorised machines can connect to the VPN.

To create a VPN connection over the internet, tunneling software must be run at each end of the connection which transparently re-routes packets addressed to a local IP, so that they are forwarded to the remote IP before being sent to the relevant resource on the remote network. The response is then similarly forwarded back to the original machine and made to appear as though it came from a local resource.

The sequence of operations for a client requesting data from a remote server over a VPN would be as follows:

  1. The VPN client software establishes a connection with the VPN server. Usually some kind of authentication is required, such as a password or digital certificate.
  2. The VPN server returns a local IP address which will be used to identify the client at the server's end of the connection.
  3. The client prepares a message addressed to the local IP address of the remote resource, using the IP address from step 2 as its sender address. This message is encrypted by the client's VPN software, and forwarded over the internet to the server's VPN software.
  4. The server decrypts the message and forwards it to the relevant device. When the device replies, it will be addressed to the IP from step 2. The server's VPN software knows which remote IP is expecting this information, and encrypts and forwards the packet accordingly.
  5. The VPN software on the client machine then decrypts the packet and passes it to the originating software.

The overall effect is that the client communicates securely with the remote resource as though it were connected locally.

See also: Private IP Addresses.