VPN
A VPN (Virtual Private Network) creates an encrypted tunnel between a device and a remote network or gateway over the public internet, making traffic appear as if it originates from the VPN endpoint and shielding it from intermediaries.…
Definition
A VPN (Virtual Private Network) creates an encrypted tunnel between a device and a remote network or gateway over the public internet, making traffic appear as if it originates from the VPN endpoint and shielding it from intermediaries. VPNs are used both for secure remote access to private corporate networks and for general privacy/geolocation masking by consumers.
Overview
A VPN works by encapsulating and encrypting network traffic between a client and a VPN server or gateway, so that anyone observing traffic on the path between them (such as an ISP or attacker on public Wi-Fi) sees only encrypted data rather than the underlying content or, in some cases, the destination. Common VPN protocols include IPsec, OpenVPN, and the newer, leaner WireGuard, each differing in performance, configuration complexity, and cryptographic design. There are two broad categories of VPN use. Remote-access VPNs let individual users or employees connect securely to a private network — for example, an employee working from home tunneling into a corporate network to access internal systems as if physically on-site. Site-to-site VPNs connect entire networks (e.g. two office branches) over the internet as if they were on the same private network, commonly used before or alongside modern SD-WAN and Zero Trust approaches. Consumer VPN services (NordVPN, ExpressVPN, Mullvad, etc.) route a user's traffic through a third-party server, primarily to mask the user's IP address/location from websites and to encrypt traffic on untrusted networks like public Wi-Fi. This does not make a user anonymous end-to-end — the VPN provider itself can typically see the traffic — and effectiveness depends on the provider's logging policy and jurisdiction. In enterprise security, VPNs have historically been the default way to grant remote access, but they are increasingly being supplemented or replaced by Zero Trust Network Access (ZTNA) solutions, which authorize access per-application/per-resource rather than granting broad network-level access once connected.
Specification
- Encrypted tunnel between a client device and a VPN server/gateway
- Hides traffic content and, in many cases, real IP address from observers
- Common protocols: IPsec, OpenVPN, WireGuard
- Remote-access VPNs for individual users; site-to-site VPNs for connecting networks
- Widely used to secure traffic on untrusted networks (e.g. public Wi-Fi)
- Can be used to bypass geographic content restrictions
- Increasingly supplemented by Zero Trust Network Access (ZTNA) in enterprises
Use Cases
Alternatives
History
A Virtual Private Network (VPN) creates an encrypted "tunnel" that carries private traffic securely across a public network such as the Internet. The term itself dates to 1996, when Microsoft engineer Gurdeep Singh-Pall developed the Point-to-Point Tunneling Protocol (PPTP), the first widely used VPN protocol. In parallel, IPsec emerged in the mid-1990s — influenced by the 1993 experimental swIPe protocol from John Ioannidis and Matt Blaze — to authenticate and encrypt IP traffic at the network layer, with a "tunnel mode" well suited to site-to-site VPNs. As PPTP's cryptographic weaknesses became clear, IPsec and L2TP, and later protocols such as OpenVPN and WireGuard, became the standards. VPNs began as tools for secure remote corporate access and later became mainstream privacy tools.
Sources
- Palo Alto Networks — "What Is the History of VPN?" · as of 2026-07-17
- ExpressVPN — "VPN history: how virtual private networks evolved" · as of 2026-07-17