Recommended by:

What is a VPN?

A Virtual Private Network (VPN) allows you to securely connect to the internet, hides your IP address, and protects your data by sending it via an encrypted tunnel.

Get Started

How does a VPN work?

what is a VPN

This is how a virtual private network works


The very first step is making a DNS (Domain Naming Service) request. That’s how you get the IP address of your VPN server. Then, you build secret keys with your VPN that help you create a secure channel and encrypt your data. The VPN protocol your provider uses helps make all of that happen! 

Let’s go through this again, this time in English. First, you say that you want to connect to the Internet (that’s the DNS request part). Then, you make sure that your connection will be secure and private (secret keys & encryption help with that). And that’s it – you have a “tunnel” that you can now use to go online without any prying eyes following you around.

VPN protocols

VPN protocols

  • OpenVPN is an open-source VPN protocol. It’s fast, secure, and works best for long-distance connections. 
  • IKEv2 (Internet Key Exchange version 2) is another fast and secure VPN protocol, but it works better for shorter distance connections. 
  • PP2P and LT2P (sometimes, LT2P/IPSec) are outdated tunneling protocols, and we highly recommend not to use them. They can offer neither the security nor reliability of OpenVPN or IKEv2. 
  • IPSec is a security protocol that enables encryption, which is why it’s used in combination with outdated tunneling protocols such as LT2P.
  • Transport Layer Security (SSL/TLS) is used very commonly. For example, in your browser! It can secure your connection to some degree.
  • Secure Shell (SSH) VPN is a tunneling protocol used to connect from one VPN server to another. However, there are better (more secure and reliable) alternatives.
  • Wireguard is a new communication protocol. It hasn’t been around long enough to make any definite statements about its security and reliability.

VPN encryption

First of all, you do what’s called a handshake with asymmetric key exchange. You use RSA (public key cryptosystem) for it and create a secure, encrypted channel with four keys: a public key and a private key for you, and the same for the VPN server. It also makes sure that you’re communicating with the right server. 

Then, you have something called a symmetric key exchange, which you use to achieve perfect forward secrecy. In English, that means if your encrypted channel from the previous step was compromised, your data stays secure. If somebody wanted to see it, they’d have to decrypt each session separately. You now create another key that you will use for the encryption algorithm. 

The encryption algorithm uses the symmetric key derived before. One such algorithm is AES-256-GCM. You now encrypt all your data with it.

There are also integrity algorithms. Simply put, you use a hash function to scramble a part of the information that you’re sending. The receiving party can now check both this function and your private key. If we have a match, that means the information hasn’t been tampered with.

VPN encryption

What can you do with a VPN?

Hide your IP address

Masking your IP makes sure that your city, country, and torrent download history aren’t linked to your identity. This is essential to becoming private online.

Stay safe on public Wi-Fi

A VPN helps to secure your personal information when you use free Wi-Fi in airports or anywhere else.

Access blocked websites

You can unblock sites by connecting to a VPN server in a different country. Many sites are restricted due to growing internet censorship or geo-blocking.

Hide your location

With a VPN, you can pick from a list of different countries and choose the one you want to appear to be in. Hiding your location is great for more privacy.

Unblock streaming services

Connect to a VPN server in a different country to enjoy content from streaming services like Netflix, BBC iPlayer, Hulu, and many others.

Torrent freely & safely

To prevent threatening letters from your ISP when you torrent, simply connect to a VPN and enjoy P2P sharing privately.

How to set up a VPN?

Download VPN applications

The easiest way to set up a VPN is to download a VPN application. All you need to do is pick a reputable VPN service provider and download their application for your device. If you can install an app, you can install a VPN.

Set up a VPN manually

Of course, you can set up a VPN manually, too. Here’s how you can do it: set up a VPN on your router or configure a personal home VPN server. Not all routers can support secure VPN protocols, so it’s important to choose one that does. However, if you’re a first-time user, we recommend using VPN apps.

Are there any VPN alternatives?

Tor (The Onion Router)

Tor offers the Tor Network, which has many server nodes across the world. Tor is based on distributed trust: you don’t know who’s behind the server nodes. It might be a party you cannot trust. The whole idea behind it is to complicate the process of tracking you, instead of making it pretty much impossible.


A HTTP proxy is somewhat similar to a VPN, but the main difference is that you can only send HTTP traffic through it – and not DNS, FTP, or SMTP requests. For example, some blocked streaming (or other) sites may remain blocked, and your email communication will not get additional protection, among other things. 

DNS resolver

It depends on what protocols your DNS resolver uses. If it offers DNS over HTTPS or DNS over TLS, then it’s secure, and your ISP cannot see what you’re up to (try it out with our own free Trust DNS app for Android). But if a DNS resolver works with different protocols, then your traffic remains visible, and you’re not private.

What are common virtual private network myths?

Are you completely anonymous with VPN?

Unfortunately, there is no such thing as being anonymous online. A VPN does offer you privacy & security and makes it extremely hard for anyone to decipher your activities. However, the only way to be 100% anonymous digitally is not only to never use the internet but also to never use any services that may store information about you online. For most of us, that’s impossible. 

A good VPN provider will only have minimal data about you (such as your email address), will not keep any activity or connection logs, will not log your IP addresses, used bandwidth, network traffic, and similar data.

Can you be tracked if you are using a VPN?

Yes, a VPN makes you private online, and it would be ridiculously difficult to crack any of the security systems to extract information about you. However, hackers and spies usually follow the path of least resistance. Your social media posts may offer sufficient information to track you online. Spear-phishing campaigns where scammers target a specific person for information or money are surprisingly effective. Whether you can be tracked online doesn’t just depend on your VPN provider, but also on your digital literacy, how well you assess risk, and how much you share online.

Can a VPN make your Internet connection faster?

Yes, in some cases, a VPN can actually make your Internet connection faster. While a lot of the time you may experience a slight drop in speed (in the best-case scenario, it’s not noticeable by simply using your device as you normally do), it’s a different story if you experience throttling.

Throttling is a practice used by a lot of ISPs. Sometimes it is a necessary thing to do in order to manage the data load for all users so that everyone gets adequate speeds.  However, some providers take it to extremes and cap bandwidth for specific services or apps – like Amazon, Netflix, Skype, or YouTube. That can significantly damage your call or video quality, but if you use a VPN, you can get around it! Your provider will not be able to throttle your speed, because they will not know what you’re up to.

Secure your digital life with Surfshark

Get Started