How VPN services work

A Virtual Private Network (VPN) is a new technology that creates a secure tunnel through the internet. Each node on the VPN network will have a VPN device which is a specially designed router or hub switch this creates an invisible tunnel through the internet. The VPN device at the senders end takes the split up data called packets or frames and encapsulates it with a VPN frame so it knows how to process the frame (put the split data back together) This encapsulation is quite complex since it travels through an unsecured network like the public internet.

VPN services start with a user connecting a VPN device to at an ISP via a modem. Next the user’s computer generates a piece of data such as a web request message which is in HTTP protocol. This data then goes through the OSI model layers of transport and network adding TCP and IP packets. A data link layer protocol is then added for example a dial up protocol used is Point-to-Point Protocol (PPP) At this point the web request is ready for transmission under normal non VPN environments. But the VPN device encrypts the frame and encapsulates it with a VPN protocol such as Layer Two tunnelling Protocol (L2TP) The VPN device then places another internet protocol around the packet so the packet can travel through the internet and find the required VPN device. The frame which now has its final IP encapsulated (inside a L2TP which has a PPP, TCP, IP and then a HTTP) is now ready for secure transmission through the internet. As the packets reach the destination the process is reversed stripping each protocol down as it goes through the different devices.

There are three types of VPN: Intranet, Extranet and access. An intranet VPN provides virtual circuits between organisation offices or departments in neighbouring buildings. For example the ECU computer labs use a physical intranet; a virtual intranet is one which uses the internet to connect, where ECU uses CAT 5 cable. An extranet VPN is the same as an intranet VPN only it connects computers through different organisations. An access VPN enables employees to access an organisation network from a remote location as though the were inside the building.


Carr, H. H. & Synder, C. A. (2007) Data Communications & network security. United States of America: McGraw-Hill/Irwin pg 124-129

Dennis, A. (2002). Networking In The Internet Age Application Architectures. United States of America: John Wiley and Sons, Inc

Dostálek, L., & Kabelová. A. (2006). Understanding TCP/IP. Retrieved August 6, 2006 from