How does a VPN work?
VPN uses encryption to create secure VPN tunnels
The VPN technology uses data encryption algorithms to create secure tunnels from your device (point A) to the destination server (point B). For example, you have AdGuard VPN enabled on your device and want to access YouTube:
You establish an encrypted connection between your device and a VPN server of your VPN provider, such as AdGuard VPN
Your Internet traffic is encrypted and routed through the established VPN tunnel to the VPN server
The VPN server partially decrypts your information at the transport and VPN layers. Your data, such as user credentials, cookies, payment details or viewed videos, remains encrypted at the protocol layer with TLS encryption and is unknown to the VPN provider
The VPN server connects to a YouTube server and forwards the request from your browser or YouTube app
The YouTube server responds with data to the VPN server
The VPN server receives TLS-encrypted traffic, adds the VPN encryption layer, and sends it to your device
Your device receives the encrypted traffic, decrypts it, and forwards it to the browser or YouTube app that initiated the request
In a nutshell, the VPN technology allows you to hide your online identity by routing your traffic through a remote VPN server with a different IP address, location, and other associated data. It also adds an extra layer of protection by encrypting your traffic.
Your ISP, advertisers, government agencies, hackers, and other third parties may try to monitor your traffic between your device and the VPN server. VPN ensures that your traffic is encrypted and observers can't extract any useful information from the encrypted data stream. Keep in mind, that even with a hidden IP address, your online activity can still be tracked through cookies and device fingerprinting.
VPN protocols and their types
A VPN protocol is a set of rules for allowed authentication and transport protocols and encryption methods. It determines how the connection is established between you and the VPN server. VPN protocols vary in speed, security, supported networks, and platforms.
Let's examine the most popular VPN protocols and describe their strengths and weaknesses.
Internet Protocol Security (IPsec) is a secure network protocol that authenticates, encrypts, and establishes mutual authentication between two agents: host-to-host, security gateways (network-to-network), or a host and a gateway. The protocol provides security for Internet traffic through the following features:
Confidentiality: Only the sender and the receiver can access the unencrypted data
Integrity: Data packets have corresponding hash values that change when the data is modified. The parties calculate the hash value for each data packet to confirm that the data is authentic
Anti-reply: IPsec uses sequence data to avoid sending duplicate packets. Even if hackers capture the packet, they can't send it again
Authentication: Both the sender and receiver are authenticated, so they can be sure that the data is going to the intended party
OpenVPN (TCP and UDP)
One of the most popular free protocols is OpenVPN. By default, it uses UDP transport: all network packets are encapsulated into UDP datagrams and then sent to a VPN server. However, UDP traffic is often restricted on public networks. As a workaround, TCP encapsulation can be used, with some additional configuration on the server side. Many users praise the flexibility of its settings and its compatibility with different platforms. However, using this protocol requires some technical knowledge.
The Point-to-Point Tunneling Protocol (PPTP) is one of the first such tools, released for Windows 95. It’s now obsolete and is not widely used because it has some protocol vulnerabilities and is easy to hack.
Layer Two Tunneling Protocol (L2TP), an extension of PPTP, is used to support VPNs or as part of ISP service delivery. The protocol encrypts only its control messages, not the content. It establishes a tunnel at the data link layer (Layer 2 of the OSI network communication model) that can be transmitted over a network layer encryption protocol, such as IPsec.
The lightweight codebase of Jason A. Donenfeld’s protocol provides good connection speed. It is easy to use and offers high security thanks to its clean design and modern elliptic-curve cryptography. However, because it doesn't support TCP, it may not work on networks that block UDP traffic. Also, unlike IPsec, you have to download a special app to use the protocol because it’s not natively supported by consumer operating systems.
The Secure Socket Tunneling protocol was developed by Microsoft for Windows-based devices. If you are using Microsoft Azure, you need Windows 8.1 or later, which supports TLS 1.2 and has SSTP. As a proprietary TLS-based protocol, SSTP can penetrate firewalls, most of which leave outbound TCP port 443 open. SSTP provides a mechanism for transmitting PPP traffic over an SSL/TLS channel with protection at the transport layer.
The primary goal of the protocols and related software described above is to provide private networks within organizations. They are not designed to bypass firewalls or port blocking, or to hide the fact that their clients are using a VPN. Their use within a commercial software may be limited due to licensing restrictions.
That’s why large public VPN service providers develop their own VPN protocols. This category includes LightWay by ExpressVPN, Hydra by Hotspot Shield, and our own proprietary AdGuard VPN protocol.
In particular, the AdGuard VPN protocol is designed to be fast, energy-efficient, and indistinguishable from regular HTTPS traffic.
Why do you need a VPN?
In this age of widespread digital transformation, your online activity is being monitored. Just as your home address is used to deliver mail, your IP address is used to determine where to send Internet traffic or to track the origin of a particular search query or website visit. And that is how the government, hackers, or other third parties can find you. Also, some websites may block certain locations from accessing their data.
How can a VPN help? A virtual private network allows you to avoid revealing your true IP address by proxying all your data through a secure connection to a dedicated server.
Here are a few reasons to use VPN:
To stay safe on public Wi-Fi. Using public Wi-Fi networks, especially those that are not password protected, puts you in a vulnerable position. Your traffic becomes an easy target for data miners. VPN solves this problem by encrypting all traffic and DNS requests
To hide your online activity from your Internet Service Provider (ISP). ISPs can track which websites you visit and what you do there. All your visits and clicks are stored and can be sold to advertising companies or given to intelligence agencies. With a VPN, your browsing history is hidden from your ISP
To avoid geographical pricing. Some online retailers set up prices based on the user's location. For example, the same shirt might cost $20 in India and $30 in the US. By visiting the site from an IP address in a different country, you will save money
To watch your favorite TV shows when you are in another country. Because your IP address shows where the traffic is coming from, site admins can easily block access for certain countries. With a VPN, you can pretend that your device is in your home region and access your usual content