Virtual Private Network (VPN)
An encrypted tunnel between devices or networks over an untrusted network that provides confidentiality, authentication, and integrity.
Also known as: VPN, VPNs, Virtual Private Network
Category: Software Development
Tags: networking, security, privacy, infrastructure
Explanation
A Virtual Private Network (VPN) creates an encrypted tunnel between devices or networks over an untrusted network (typically the internet). It provides confidentiality (encryption), authentication (identity verification), and integrity (tamper detection) for traffic flowing through the tunnel.
## Types
- **Remote access VPN**: Connects individual devices to a private network (e.g., employee laptop to corporate network)
- **Site-to-site VPN**: Connects entire networks together (e.g., branch office to headquarters)
- **Mesh VPN**: Every node connects directly to every other node, forming a peer-to-peer overlay network
## Protocols
- **WireGuard**: Modern, minimal, fast. The current gold standard for new deployments
- **OpenVPN**: Mature, widely supported, runs in userspace. More complex to configure
- **IPsec/IKEv2**: Enterprise standard, built into most operating systems. Complex protocol suite
- **SSL/TLS VPN**: Browser-based or clientless access, common in enterprise remote access
## Modern Overlay Networks
Traditional VPNs route traffic through a central gateway, creating a bottleneck. Modern solutions build mesh overlay networks on top of WireGuard, adding identity-based access control, automatic peer discovery, and NAT traversal. Examples include Tailscale, NetBird, and ZeroTier.
## Use Cases
- **Privacy**: Encrypting internet traffic from ISPs and network observers
- **Remote work**: Secure access to corporate resources from anywhere
- **Geo-restriction bypass**: Accessing content limited to specific regions
- **Network security**: Protecting communications on untrusted networks like public WiFi
Related Concepts
← Back to all concepts