How does a VPN work?

On this page, we are going to explain how a VPN works.  We will attempt to keep it relatively non-technical; however there will be some points where we will have to stray into a technical discussion, sorry.

We are going to assume two things for the sake of simplicity that

    You already have a VPN client installed and configured on your device; a VPN client is just a software application, designed to do a particular thing like any other.  Don’t worry; we will explain what a VPN client is and how it works, in more depth later.  Suffice to say the VPN client sits between your application, i.e. Internet browser and the internet and encrypts any outbound traffic and decrypts any inbound traffic.

    Your device is connected to the internet; it doesn’t matter if it’s connected using a wired, wireless or cellular connection.

You start the VPN client on your device and connect to your VPN provider.  This will establish an encrypted connection to a VPN providers server; this process varies from client to client, but usually entails providing login details, i.e. user name and password and clicking connect/OK, most clients, have the option to save your login details, so you don’t have to remember them.  At this point the VPN magic starts.  Any data you send is encrypted, before it leaves your machine.  All this happens even before your ISP (Internet Service Provider), WiFi network provider or Cellular provider sees it.  The data is then routed or sent via the VPN to your VPN provider’s server and then onwards to where you want it to go; this destination can be a banking web site, search engine or any other website you care to visit.  At the online destination, the data is seen as being sent from the VPN server, and it’s location, and any responses are sent back to the VPN server which then forwards them onto your device.  In most cases, the destination device has no knowledge of your device or where it is located.  Apart from if you have to login to the end point.

Let’s look at this in a bit more depth.

Firstly we will consider what happens to your data if you connect without using a VPN.  The internet is designed to work using a series of standards or protocols; these define how information is sent from device to device.  For example from an internet browser user’s perspective, all they know is that they type in a web address and almost instantly, a web page is rendered in their browser.  At a technical level there is a lot more going on.  But basically if you useHTTP you send an unencrypted request for information to a remote device, and it returns that information to you.  To illustrate how this is done We can use the example of a postcard.  

Image of a postcard

As you can see, anyone who handles the postcard can see the information on it.  Both the sender and receivers address and the contents of the message, so it’s not very secure.  This is fine if you are sending a message saying “Hi having a great holiday” it’s not fine at all if you are sending a message saying “hi my banking user name and password are….”

It should be noted it’s becoming more common to use HTTPS. This is a certificate based service providing encrypted traffic between the client and server.  Currently the standards are a changing, as there are moves to remove HTTP altogether and send all traffic over HTTPS, including DNS requests.

If we now consider what happens to your data when you connect using a VPN.  When you use a VPN Client to initiate a connection, the following happens.

    The VPN client, typically a piece of software, on your device establishes an encrypted connection to a VPN server provided by your VPN supplier.

    Any data requests you make are forwarded securely to the VPN server which then requests data from the destination you wish to access, this is typically unencrypted, unless using HTTPS, typically this data is passed on minus your user information.  It should be noted that your Internet Provider can see that you are connected to a VPN server; however they cannot see the unencrypted content of any traffic sent.

    The destination replies with unencrypted data to the VPN server, which then encrypts the data and sends it back via the VPN client on your device to your browser.

To illustrate this, we can use the example of a letter.

Image of a letter

As you can see, anyone who handles the letter can only see who it is from and where it’s going to they cannot without opening the letter see the contents of the message.  If you receive a letter that has been opened you can consider that any information contained within it is in the public domain. So if this was banking login details you would contact your bank and ask them to reset and resend them to you.