A Virtual Private Network (VPN) gateway is a device that securely connects two or more computers, computer systems, or other VPNs together over long distances. This allows a private connection to be secured and encrypted against hackers. The gateway creates networks that can be worldwide in scope.

A VPN is a cost-effective alternative for a corporation in need of a private network between two remote locations. This is because a VPN uses the internet to carry data between end points. The corporation only needs to own or rent third-party gateway hardware at each end of the link.

In addition to business use, personal VPNs are becoming more popular as a means of protecting personal data such as banking transactions, passwords, emails, or other legal matters from thieves and hackers. The VPN gateway provides a proxy IP address, encrypts and decrypts information, allows a person to mask their true location and also access blocked websites.

A VPN gateway is an essential component of the VPN. It can be a server, router, firewall or another device with networking and data transmission functions. However, it is usually a router, installed at both the core and remote sites. Gateways filter VPN traffic, blocking some traffic while allowing other traffic, and routing the information through the internet to the end destination.

They do these tasks using routing and tunneling protocols, IP address assignment, name resolution, verifying legitimate users, encrypting/decrypting and encapsulating the data to provide security against prying eyes. They also perform integrity checks on the data, ensuring no data is lost in transit. Gateways are also aware of the network paths between the endpoints and can dynamically change the route a data packet takes if some portion of the internet is unavailable.

VPN providers offer free or paid VPNs. Paid VPNs are the preferred option as they offer more services than the free VPN providers.

VPN devices

VPNs operate at level 3 of the OSI model, which means the device is between the actual physical transmission medium (copper or fiber optic cables) layer and the layer that organizes the data for transmission. The VPN device will take the data, analyze it and determine what actions to take with the data. Routers are usually the preferred device, but some level 3 switches, firewalls or other specialized devices, such as hardware VPNs, can perform the same functions.

Routing to the destination

Routing is the process of receiving data, deciding what to do with that data, and forwarding it on to the next stop. It involves determining the best, most efficient way to get data from one point to another. The route that data travels can change due to factors such as congestion or downed segments of the internet. Routers communicate among themselves, constantly updating information about the routes and conditions between the endpoints.

Routes can, and often do, change frequently when a message is in transit. With thousands of data packets sent over short periods of time, some routes can slow down due to congestion. Maintenance may take a router or other device down for a time, necessitating a route change. Disasters may break a particular route. The internet has many ways to get from one point to another; routers have the ability to determine the optimal route between points.

Routing protocols

Engineers have created several protocols, or rules, to allow routers to make decisions on the best path to send data. Some are static, meaning they are input into the router and do not change; others are dynamic, meaning they can change as conditions on the internet change. Some dynamic routing protocols are the Routing Information Protocol (RIP) and Open Shortest Path First (OSPF).

Tunneling protocols

Tunneling protocols allow private data to move across the public network outside of normal protocols. It uses encapsulation to repackage the data into another form, depending on the protocol used. Tunneling protocols encrypt the data for greater security. Some examples of tunneling protocols are Generic Routing Encapsulation (GRE), IPSec (Internet Protocol Security), and the Layer 2 Tunneling Protocol (L2TP).

VPN security

VPNs use dedicated connections and encryption protocols to secure the data they transmit. In addition to IPSec and L2TP mentioned above, there are others such as Secure Sockets Layer (SSL), Transport Layer Security (TLS) and Secure Shell (SSH). Using these connections and protocols means that even if a hacker got some private information, they would still be unable to read the data due to the encryption.

IPSec operates in two modes: Transport mode, encrypting the message, or Tunneling mode, which encrypts the entire packet. L2TP generates a tunnel, and along with IPSec encrypting the data, creates a highly secure VPN. SSL and TLS operate by using a “handshake” between the two systems to create a secure connection. SSH creates both the tunnel and the encryption of the data.

Certificates

Computer certificates serve a range of purposes in networking. One use is to create a secure connection between a local computer and a remote server. Issued by Certificate Authorities (CA), they verify the identity of a user or computer. Usually, the computer issues and trusts certificates automatically, but a user, using a web browser or computer file, can create a certificate manually.

IP address assignments

One way VPNs configure privacy is by giving a new IP address to the client computer. Using a DHCP Relay Agent, a proxy IP address replaces the actual address. The VPN uses the new address. This allows a user to hide or change their IP address and mask their location. Using a VPN, a user can hide their country of origin and access blocked websites.

A VPN manages the IP addresses by keeping track of a client computer’s real IP address and giving another IP address to the internet. This address is from a pool of addresses in the VPN. When data goes to the client computer, the VPN translates the internet address to the real address and delivers the information to the client computer.

Name resolution

The internet locates computers by either their IP address or an assigned name. The VPN router has a table that cross-references the IP address and the computer name, for both local and remote resources that it knows about. For those resources that it doesn’t have in its table, it queries a DHCP server to find the correct name or IP address.

PC-based tools such as firewalls, anti-virus, and anti-malware programs fight off threats from the internet. However, they only protect the data on the system they are on. VPNs protect the data while it is in transit over the internet from one computer to another. Using a VPN as a company or an individual is important to safeguard data from hackers and thieves.