What is a VPN
VPN stands for VIRTUAL PRIVATE NETWORK.
VPN is a virtual network useful to garantee privacy and increase security on browsing data.
It is “private” network because no one can access it without the configuration file or without right credentials.
Connecting to a VPN server located anywhere in the world it is as if you were connected with an ethernet network cable to that same external network. Then all internet traffic you generate is made not by your public IP address but by the VPN’s public IP address. Therefore, since you are not generating that traffic, anonymity is guaranteed.
Furthermore, the traffic between your device and the VPN server is all encrypted (AES-based algorithms) so that no one who can sniff the traffic will be able to read the data.
So it can be very useful to browse anonymously since once connected with the VPN server all the requests made on the internet from your PC will be encrypted by it and sent to the VPN server which will decrypt and forward them on the network. The replies that arrive at the VPN server will be encrypted by it and sent back to your PC which will decrypt them. So, internet requests will be made from the IP address of the VPN server and not from your IP address.
This is useful, as well as for anonymity, also to evade restrictions and censorships present on some Countries or to evade geographical blocks imposed by some internet sites, without being spied on. Imagine being in a Country with censorship laws and not being able to access a censored site. Just connect to a VPN server resident in another Country without censorship and thus access the censored site.
There are various VPN services, paid and free, to which you can connect. Obviously one is inclined to use a free one but the question is that surely on the free ones there is no guarantee that they do not spy your traffic or that they do not save your activities in log files. The paid ones at least “say” that they have no log files that tracks your activities but even in this case there is no absolute certainty.
Furthermore, to be even more anonymous, it is important to set on your device the DNS servers recommended by the VPN service you have chosen and make sure that VPN service is able, in case of connection problems with the server, to block your internet traffic until the connection is restored.
These two things are very important to avoid a possible DNS leak and to prevent your IP address from appearing during a request.
DNS leak occurs when your request reaches an unprotected DNS server instead of going through the VPN. In this case your data are not anonymous.
To name a few, the most popular paid VPN services, to date, are EXPRESSVPN, NORDVPN, PUREVPN, PROTONVPN, SURFSHARK, and IPVANISHVPN.
OpenVPN
An alternative, if you own another device in an another external network, is to set this other device as server. You can use “OpenVPN” software to do it. It allows to configure both the server side and the client side so that you can connect to your own VPN server.
This obviously has nothing in common with anonymity since, in any case, if the device that works as server and its network are your property the traffic to the internet contains IP address of your remote network (so it’s always your ip address). But the traffic between your two devices will certainly be encrypted.
Very short presentation of OpenVPN:
OpenVPN is an open source VPN software that allows you to encrypt both client-to-client, gateway-to-client or gateway-to-gateway traffic. It is based on the SSL/TSL protocol and it is therefore more secure than other types of VPN protocols such as PPTP, IPSec or L2TP/IPSec, although it is more complicated to configure.
OpenVPN can run in Windows, Linux, Android and all Apple systems. It can be set to run over TCP or UDP protocol and two types of network interface can be used: TUN and TAP. With TUN you can create point-to-point IP tunnel at layer 3 of the OSI stack while with TAP you can create virtual Ethernet interfaces at level 2 on which to convey the entire Ethernet traffic.
OpenVPN’s standard port is 1194.
Authentication on OpenVPN can be done through:
- shared secret key
- digital certificates
- user/password authentication
As you can imagine user/password method isn’t so secure. The strongest method is to use digital certificates but this is also the most complex method to configure.
Conclusions
In conclusion, using a VPN may be necessary for business reasons to connect to a remote corporate network in an extremely secure way (for example this may be the case with OpenVPN seen above) or for reasons of anonymity and security in internet browsing.
In the first case, once connected on a remote network (for example a company network) via VPN it will be as if we were physically connected there with our device and we could have access to the shared data of that network or we could access any remote device that is configured for connection with, for example, VNC, FTP, or any other type of insecure connection. This because, passing through a VPN, it is as if the insecure connection (VNC, FTP, etc …) took place locally and not remotely.