How VPNs really work

I got asked an interesting question I thought I’ll explore it here






There are many explanations of VPN as a magical tunnel that protects your identity. These descriptions, however, are very vague and often misleading. I am not an expert in networking, but know how to explain what occurs under the hood when a VPN is enabled. So, I suppose I'm talking to software engineers. They are my audience after all. It is a simple example, using the HTTP server, of how VPN works. .

 Let's say your source IP is 6.6.6.6., so let's suppose you want to join Google using an IP 1.2.3.4 port 80 then we need to make sure our source IP is 6.6.6.6. That is your public IP router, not your personal laptop's private IP, so for simplicity I will skip NAT.

 Normally with no VPN, your client sends a SYN segment to port 80 that goes into an IP packet with a destination IP 1.2.3.4 and source ip 6.6.6.6 and google replies back directly to you with a SYN/ACK destination IP 6.6.6.6 and and the source IP 1.2.3.4, and so on. 
The IP packet you are sending back and forth to 1.2.3.4 is visible to your ISP. When using plaintext HTTP (port 80),
they (the ISP and essentially anybody in between) have the option to deeply analyse it and view the content, but they are not able to do so when using HTTPS (port 443).

Let's imagine you set up an UDP-based VPN and connect to a VPN server with IP 3.3.3.3. The VPN client then grabs the IP packet, encrypts it, and puts it on a new UDP datagram with VPN information. This UDP goes into a new IP packet with a target IP of 3.3.3.3. The client continues to make SYN IP packets with destination IPs of 1.2.3.4 and 6.6.6.6. The VPN server, which recognises that this packet needs to reach you (6.6.6.6), responds to 3.3.3.3 with SYN/ACK. As a result, it generates a new IP packet with the SYN/ACK and the source IP address as 3.3.3.3 and the destination IP as 6.6.6.6. 

 In conclusion, the VPN just passes the SYN through, allowing you to establish an end-to-end TCP connection with Google over this encrypted tunnel, rather than terminating the TCP. Keep in mind that when you utilise TLS, the TLS client greeting is sent across the VPN to Google in the same manner as any other packet. Because of this, you also have end-to-end encryption, and HTTPS traffic cannot be read by the VPN.

Comments

Post a Comment

Popular posts from this blog

You Just Need To Be Consistent

Image
  This title came out when I was lying over on my bed. I don’t know what to do; I procrastinate a lot and do nothing for my writing. So, I decided to just do nothing. I stop scrolling on social media and start thinking about what I can do to improve my writing. Then I keep on searching for something that I could improve in my writing. I thought that my writing session wasn’t effectively done. I thought that I needed to plan more about my writing. I wrote for two days straight before, and then stopped. After I stopped, I evaluated and tried to plan another new writing session. It all happens many times. Do you ever experience that? The problem If you keep doing that, you might actually procrastinate on what you have to do. You are trying to do something productive while you are actually procrastinating about what you should face. You don’t even realize that you are procrastinating because you do something that you think will help you take action. You are not taking any action. You j...
Read more

The 5 W’s Of Career Planning — Who, What, Why, Where And When

Image
  Career planning is essential for achieving your goals and aspirations. Don’t believe us? Then check out this brief rundown of what career planning actually is and learn how it can benefit you in the long run. WHO? Everybody can benefit from having a career plan. Whether you’re still studying and planning for the future, or you’ve already been working for several years, having a career plan should be high on your agenda. University student? Create a career plan to set your goals after completing your studies. Employed? Create a career plan to strategise how to move up in your company or how to enter a new career. Business owner? Create a career plan to visualise where you want to be in 5 years and how you’re going to get there. WHAT? A career plan is a flexible, dynamic strategy that helps you get from Point A to Point B. It begins with identifying what Point B means to you (a new job? A promotion?) and then looks at the steps you need to take to in order to get there. These steps...
Read more

Motivation Comes From Action

Image
  Are you lacking motivation? If you do, I guess you need to wait until you have motivation to accomplish what you want. Don’t find motivation in action. It won’t work. It only comes from waiting on your bed. Motivation comes from scrolling through Instagram. When you find David Goggins videos about motivation, maybe you will get motivated. If not, keep scrolling. It will be alright. Just relax. I want you to not succeed. I want you to keep scrolling and procrastinating. Just keep doing that until your enemy becomes stronger than you. Keep doing that until you don’t achieve anything in your life. Wait, you don’t want that? Well, good luck with that! Procrastinator I was that guy, and I still do that sometimes, finding motivation through scrolling social media. I’m hoping that David Goggins will come in front of my house and tell me to do push-ups. Scrolling through social media is so easy. It takes a little effort to do it. Social media gives me more easy stuff that helps me become...
Read more