VPNs really work

How VPNs really work

VPN is often explained as this magical encrypted tunnel that “protects” your identity. But these descriptions are very abstract and often sometimes misleading. I’m not an expert in networking but I know enough to explain what really happens under the hood when you enable a VPN. So I’m going to assume I’m talking to software engineers (those are my audience after all) To know how VPN works here is a simple example with an http server. Lets say you want to connect to google (e.g. IP 1.2.3.4) port 80 let us assume your source ip is 6.6.6.6. This is really your public router IP and not your private laptop IP so I’m going to skip NAT for simplicity. Normally with no VPN, your client sends a SYN segment to port 80 that goes into an IP packet with a destination IP 1.2.3.4 and source ip 6.6.6.6 and google replies back directly to you with a SYN/ACK destination IP 6.6.6.6 and source IP 1.2.3.4 and this goes on. Your ISP sees the IP packet you are sending back and forth to 1.2.3.4. They can choose to deep inspect it, and see the content, they (the ISP and pretty much anyone in between) can do that in case of plaintext HTTP (port 80) but not really on HTTPS (port 443). Now say you deploy a UDP based VPN, and you use a VPN server on IP 3.3.3.3. The client still produces the SYN ip packet with destination 1.2.3.4 and source ip 6.6.6.6 but then the vpn client captures that IP packet, encrypts it and put it on a new UDP datagram with VPN info and that UDP goes into a new IP packet destination ip is 3.3.3.3 source is 6.6.6.6.

Click