What is a VPN tunnel, and how it works?

Ruheni Mathenge  - Cybersecurity editor
Last updated: September 11, 2022
Read time: 11 minutes Disclosure
Share

A VPN (virtual private network) tunnel helps cloak some of your activities online by encapsulating and encrypting traffic between the VPN server and your device. How does it work? This article explains all.

The increasing regulations and censorship are threatening internet freedom around the world. At the same time, there has been a surge of technologies to protect people’s online security and privacy. One typical example is the Virtual Private Network (VPN).

This handy tool will encrypt your traffic and route it through an intermediary server before reaching its destination. The encrypted channel between your device and the server is known as the ‘tunnel’. So, as long as the VPN is active, your ISP and other third parties cannot see what you are doing online.

Read on to find out how VPN tunneling works, types of VPN tunnel protocols, best VPNs that use tunneling, and more.

What is a VPN tunnel?

A VPN tunnel is the encrypted connection established when you connect to a VPN server. It is almost impossible to crack without a cryptographic key, preventing your ISP and other third parties from accessing your data. This will hide what you are doing online and protect your connections.

Essentially, a VPN tunnel provides an anonymous route to the internet through intermediary servers. That is why you should consider using a VPN if you are cautious with your privacy.

How it works

In simple terms, VPN tunneling is a result of using a VPN service. So, explaining how a VPN tunnel works is the same as showing how a VPN works.

What does a VPN tunnel do?

  • Traffic encryption. Connecting to a VPN server protects your traffic with strong encryption to keep you safe from malicious third parties. 
  • Masks your IP address. Using a VPN will route your traffic through an intermediary server, hiding your actual IP address. As a result, it is impossible to trace your location.
  • Public WiFi protection. Free WiFi hotspots in public places like libraries, airports, and coffee shops are infested with hackers and other malicious actors. However, with a VPN, you don’t have to worry about your security and privacy when on these networks.

For VPN tunneling to work, you need to get a reliable VPN service. A VPN tunnel will be established when you connect to the VPN server of your choice. Without a VPN, your ISP and other third parties can see everything you are doing online. However, this will become impossible when you connect to a VPN server as it will hide your IP address and encrypt web traffic.

One of the crucial things to look out for when choosing a VPN is the logging practices. A reliable service should have a strict no-logs policy, which means it doesn’t monitor or retain personally identifiable data. So, confirm that the provider you choose has a long-standing reputation or is independently audited by known firms. For example, ExpressVPN and NordVPN are audited by PricewaterhouseCoopers (PwC) and Cure53.


Is VPN tunnel the safest route for web traffic?

VPN tunneling
(Gettyimages)

If a VPN introduces a secure connection to the internet, can it be hacked? Unfortunately, yes, but it is not that easy because of the encryption involved. In fact, this shouldn’t be your concern if you are a regular user, as hackers mostly go for high-value targets.

So, how can a hacker gain access to a VPN tunnel? Well, breaking the robust encryption is almost impossible, except if there is a known vulnerability. However, by stealing the encryption key, it is easy to infiltrate a VPN. That is why we encourage you to use a reputable VPN provider to minimize the risk. For instance, NordVPN uses a 4096-bit DH key cipher, protecting the key exchange in a VPN connection.

How to check whether your VPN tunnel is working

One of the easiest ways to know if your VPN tunnel is working correctly is by checking the ping rate. First, look at the ping before you connect to the VPN and after establishing the connection. Then, compare the results to see whether the VPN connection is successful.

Here is how to check the ping on Windows 10:

  1. Launch the Command Prompt
  2. Input ‘ping 8.8.8.8
  3. Press Enter
  4. Wait for the results

Usually, the ping should be significantly higher when using a VPN than the one you get without a VPN.

Types of VPN tunnel protocols

A VPN tunneling protocol is software that facilitates sending and receiving data among networks securely. Some may be good in security but lack sufficient speed and vice versa.

Currently, the most popular tunneling protocols include OpenVPN, L2TP/IPSec, and IKEv2/IPSec. However, WireGuard got launched not too long ago and is becoming famous for its improved speed and security.

Below, we will explain the VPN tunnel protocols in detail. First, however, remember that VPN providers don’t provide a similar set of protocols, and if they do, availability will vary across different operating systems.

WireGuard

  • Speed: Very high
  • Security: Very high

At the moment, WireGuard is the best tunneling protocol with extraordinary security. What’s more, it is open-source, which makes it easy to implement and audit. The protocol is faster than its rivals because of the lightweight code of only 4000 lines.

Since WireGuard is built from the ground up, it is not affected by the drawbacks of an outdated framework. In addition, the negative impact of network changes doesn’t affect the protocol, making it an excellent choice for mobile users.


OpenVPN

  • Speed: High
  • Security: High

OpenVPN is perhaps the most popular VPN protocol, although it was introduced almost two decades ago. However, the advent of WireGuard is making the protocol lose its position slowly. Nonetheless, it still offers top-notch security and fast speeds. The protocol comes with two versions – UDP and TCP. The former is faster while the latter is more stable.


IKEv2/IPSec

  • Speed: High
  • Security: High

The combination of IKEv2 and IPSec protocols produces a highly secure and fast configuration. It is favored on iPads and iPhones because of the native support. In particular, IKEv2 is excellent at maintaining connection when switching between networks.


L2TP/IPSec

  • Speed: Average
  • Security: Average

L2TP/IPSec protocol combination has ruled the VPN industry for a while, but its reign is soon coming to an end. However, it is still available on some services, especially those without OpenVPN on iOS. It has been a secure protocol, but being mentioned in Snowden’s leaks raises serious questions. If his words are anything to go by, then L2TP/IPSec is compromised by the NSA.


SSTP

  • Speed: Average
  • Security: High

In terms of speed, there isn’t much difference between SSTP and L2TP/IPSec. However, the former is more versatile as it is compatible with more devices. On the other hand, SSTP was developed by Microsoft, so it works only on Windows. Also, the developers may have left open back doors if the NSA asks for data. Fortunately, it is good at bypassing the Great Firewall of China.


PPTP

  • Speed: Poor
  • Security: High

PPTP is an old VPN protocol that you should avoid, as Microsoft created it during Windows 95 days. However, unlike SSTP, it is available on major platforms like Linux without a VPN. Sadly, there are several well-known security vulnerabilities associated with the PPTP protocol.


Which tunneling protocol is the best

Avoid PPTP if you want to protect your internet connection and data. Conversely, although L2TP/IPSec offers 256-bit encryption, it is slower and has fixed ports that struggle with firewalls. In addition, SSTP is secure, but it is only available on Windows and may have backdoor vulnerability

On the other hand, OpenVPN comes with open source code, robust encryption, and easily bypass firewalls. This makes it an excellent choice VPN tunneling protocol to safeguard your internet data. However, it needs third-party software, which isn’t available on most operating systems. In a nutshell, the best tunneling protocol for you is the one that suits your needs best.

Best VPNs today that use tunneling

A reliable VPN provider should offer multiple tunneling protocols so you can choose the one you want. Below is a list of the reputable VPNs that use secure tunneling.

1. NordVPN

NordVPN-best-for-gaming-purposes

Key features:

  • 5,156 servers in 60 countries
  • Available on iOS, Windows, Android, macOS, and Linux
  • 30-day money-back guarantee

NordVPN boasts an extensive network, with over 5,156 servers across 60 countries. Fortunately, most servers are super-fast and will enable you to stream high-quality content on Netflix and other streaming services.

It will protect your connection with leak-proof encryption and other security features like kill switch, multi-hop (double) VPN, and DNS leak protection. Also, it supports multiple tunneling protocols, including NordLynx (Wireguard), IKEv2, and OpenVPN.

NordVPN offers native apps for almost all operating systems like Windows, macOS, iOS, Android, and Linux. In addition, it has installation guides for other devices, including Amazon Firestick, Apple TV, Android TV, and routers. Luckily, you can connect up to five devices at the same time. 

Pros:

  • Blazing-fast servers
  • Does not keep logs
  • Unblocks popular streaming services

Cons:

  • Android app lacks a kill switch

2. Surfshark

SurfShark 600x300

Key features:

  • 3,600 servers in 65 countries
  • Supports Android, macOS, iOS, Linux, and Windows
  • 30-day money-back guarantee

Surfshark is an affordable VPN provider that doesn’t hold back on speed and privacy. It has a decent-sized network of around 3,500 servers in 65 countries. So, besides keeping you safe online, you will also be able to access geo-blocked content on Amazon Prime, Hulu, to name a couple.

The VPN works well with all major devices, including macOS, Windows, iOS, Android, Linux, and Fire TV. Fortunately, it supports unlimited simultaneous connections, allowing you to connect as many devices as you want.

Surfshark will secure your internet traffic with AES 256-bit encryption, kill switch, perfect forward secrecy, and DNS leak protection. Also, it offers several tunneling protocols such as OpenVPN, IKEv2, Shadowsocks, and WireGuard.

Pros:

  • Strong encryption
  • Unlimited simultaneous connections
  • Budget-friendly plans

Cons:

  • Average speed on some servers

3. ExpressVPN

ExpressVPN

Key features:

  • 3,000 servers in 94 countries
  • Native apps for Windows, Linux, Android, macOS, and iOS
  • 30-day money-back guarantee

ExpressVPN is another premium VPN service that provides excellent performance. In addition, it successfully bypasses region restrictions of streaming services like Netflix, Hotstar, DAZN, and more. Furthermore, most of the servers provide sufficient speed to stream in Ultra HD and even download torrents.

The VPN allows you to connect six simultaneous devices and has apps for Android, macOS, iOS, Windows, Linux, Fire TV, and some routers. They use robust encryption and are leak-proof to keep you safe online. In addition, the provider does not keep logs to maintain your privacy.

ExpressVPN supports multiple tunneling protocols, including Lightway (proprietary protocol), IKEv2, OpenVPN, and L2TP. In addition, it has a split tunneling feature that will let you choose the apps and websites to go through the encrypted tunnel.

Pros:

  • User-friendly apps
  • Extremely secure
  • Bypasses geo-restrictions

Cons:

  • Slightly costlier

VPN split tunneling

Split tunneling is a popular VPN feature that allows you to decide the traffic to route through the encrypted tunnel. For example, you can stream a geo-blocked show in the US and access your local bank online portal.

Unfortunately, not all providers offer this feature. And for those that do, chances are the feature will be available on specific operating systems and devices only. So, confirm with your preferred service before taking a long-term commitment.

Final word

So you now know a VPN tunnel connects your smartphone, tablet, computer, or laptop to another network in which your actual IP address gets hidden and all the generated data while surfing the internet is encrypted.

VPN tunneling key is to actually use a VPN service. If you do not connect to your VPN before accessing the internet, the provider won’t be able to encrypt the data you receive and send or keep your identity private.

Also, ensure enabling VPN protection on all devices you use to surf the web. It won’t help if you protect your smartphone with a VPN only to leave your laptop unprotected when logging onto the internet using it.

The bottom line is, VPN tunneling is critical for robust online privacy today. Just make sure you use your VPN provider once you have signed up with one.

FAQs

There is no setup required if you are using a VPN app. It will establish automatically when you connect to a VPN server and choose a tunneling protocol. Thankfully, some VPN providers offer manual configuration tutorials for different devices like smart TVs and routers. 

A VPN tunnel uses a protocol to link your device with your traffic destination. As a result, this will hide your IP address and encrypt your connection. The security and speed of the tunnel will depend on the protocol type, encryption level, and other additional security features used.

A VPN helps to protect your internet traffic and data. This will prevent your internet service provider (ISP) and other third parties from snooping on your activities. Also, by connecting to a VPN server, you can unblock content in whatever country you want.

No, they are not the same thing. Essentially, a VPN relies on tunneling to establish a connection between your device and the server.

Share this article

About the Author

Ruheni Mathenge

Ruheni Mathenge

Cybersecurity editor
148 Posts

Tech researcher and writer with a passion for cybersecurity. Alex is a strong advocate of digital freedom and online privacy.

More from Ruheni Mathenge

Comments

No comments.