Virtual private network - Wikipedia
Jump to content
From Wikipedia, the free encyclopedia
Extension of a private network across a public one
"VPN" redirects here. For other uses, see
VPN (disambiguation)
. For commercial services, see
VPN service
This article
needs additional citations for
verification
Please help
improve this article
by
adding citations to reliable sources
. Unsourced material may be challenged and removed.
Find sources:
"Virtual private network"
news
newspapers
books
scholar
JSTOR
September 2025
Learn how and when to remove this message
VPN connectivity overview, showing intranet site-to-site and remote-work configurations used together
virtual private network
VPN
) is an
overlay network
that uses
network virtualization
to extend a
private network
across a public network, such as the
Internet
, via the use of
encryption
and
tunneling protocols
In a VPN, a tunneling protocol is used to transfer network messages from one
network host
to another.
Host-to-network VPNs are commonly used by organizations to allow off-site users secure access to an office network over the Internet.
Site-to-site VPNs connect two networks, such as an office network and a datacenter.
Provider-provisioned VPNs
isolate parts of the provider's own network infrastructure in virtual segments, in ways that make the contents of each segment private with respect to the others. Individuals also use VPNs to encrypt and
anonymize
their
network traffic
, with
VPN services
selling access to their own private networks.
VPNs can enhance usage privacy by making an ISP unable to access the private data exchanged across the VPN. Through
encryption
, VPNs enhance
confidentiality
and reduce the risk of successful
data sniffing
attacks.
Background
edit
Main article:
Computer network
network
is a group of communicating
computers
known as
hosts
, which
communicate data
to other hosts via
communication protocols
, as facilitated by
networking hardware
. Within a computer network, computers are identified by
network addresses
, which allow rule-based systems such as
Internet Protocol
to locate and identify hosts. Hosts may also have
hostnames
, memorable labels for the host
nodes
, which are rarely changed after initial assignment. The
transmission medium
that supports
information exchange
includes
wired media
like copper cables,
optical fibers
, and wireless
radio-frequency
media. The arrangement of hosts and hardware within a
network architecture
is known as the
network topology
Apart from physical transmission media, networks comprise
network nodes
such as
network interface controllers
repeaters
hubs
bridges
switches
routers
, and
modems
The
network interface controller
(NIC) is
computer hardware
that connects the computer to the
network media
. In Ethernet networks, each NIC has a unique
Media Access Control (MAC) address
, usually stored in the controller's permanent memory.
repeater
is an electronic device that receives a network
signal
, cleans it of unnecessary noise and regenerates it. The signal is
retransmitted
at a higher power level, or to the other side of obstruction so that the signal can cover longer distances without degradation.
An Ethernet repeater with multiple ports is known as an
Ethernet hub
. In addition to reconditioning and distributing network signals, a hub assists with collision detection and fault isolation for the network. Hubs and repeaters in LANs have been largely made obsolete by modern network switches.
Unlike hubs, which forward communication to all ports,
network switches
forward frames only to the ports involved in the communication. Switches normally have numerous ports, facilitating a star topology for devices, and for cascading additional switches.
Network bridges
are analogous to a two-port switch.
Bridges and switches operate at the
data link layer
of the
OSI model
and bridge traffic between two or more
network segments
to form a single local network. Both are devices that forward
frames
of data between
ports
based on the destination MAC address in each frame.
Network segmentation
through bridging and switching helps break down a large, congested network into an aggregation of smaller, more efficient networks.
router
is an internetworking device that forwards packets between networks by processing the addressing or routing information included in the packet.
Modems
(modulator-demodulator) are used to connect network nodes via wire not originally designed for digital network traffic, or for wireless.
Network communication
edit
communication protocol
is a set of rules for exchanging information over a network. Communication protocols have various characteristics, such as being
connection-oriented
or
connectionless
, or using
circuit switching
or
packet switching
In a
protocol stack
, often constructed per the
OSI model
, communications functions are divided into protocol layers, where each layer leverages the services of the layer below it until the lowest layer controls the hardware that sends information across the media. The use of protocol layering is ubiquitous across the field of computer networking. An important example of a protocol stack is
HTTP
, the
World Wide Web
protocol. HTTP runs over
TCP
over
IP
, the Internet protocols, which in turn run over
IEEE 802.11
, the Wi-Fi protocol. This stack is used between a
wireless router
and a personal computer when accessing the web.
Most modern computer networks use protocols based on
packet-mode
transmission. A
network packet
is a formatted unit of
data
carried by a
packet-switched
network. Packets consist of two types of data: control information and user data (payload). The control information provides data the network needs to deliver the user data, for example, source and destination
network addresses
error detection
codes, and sequencing information. Typically, control information is found in
packet headers
and
trailers
, with
payload data
in between.
The
Internet protocol suite
, also called TCP/IP, is the foundation of all modern networking and the defining set of protocols for the Internet. It offers connection-less and connection-oriented services over an inherently unreliable network traversed by datagram transmission using Internet protocol (IP). At its core, the protocol suite defines the addressing, identification, and routing specifications for
Internet Protocol Version 4
(IPv4) and for
IPv6
, the next generation of the protocol with a much enlarged addressing capability.
Security
edit
VPNs do not make connected users anonymous or unidentifiable to the untrusted medium network provider, such as an
internet service provider
(ISP). However, VPNs can enhance usage privacy by making an ISP unable to access the private data exchanged across the VPN. Through
encryption
, VPNs enhance
confidentiality
and reduce the risk of successful
data sniffing
attacks.
Data packets
travelling across a VPN may also be secured by
tamper proofing
via a
message authentication code
, prevents the message from being altered or
tampered
without being rejected, enhancing
data integrity
citation needed
A number of other implementations exist to ensure
authentication
of connecting parties.
Tunnel endpoints
can be authenticated in various ways during the VPN access initiation, such as by the whitelisting of endpoint
IP address
. Authentication may also occur after actual tunnels are already active, for example, with a
web captive portal
. Remote-access VPNs may also use
passwords
biometrics
two-factor authentication
, or other
cryptographic
methods. Site-to-site VPNs often use passwords (
pre-shared keys
) or
digital certificates
citation needed
Split tunneling
edit
Split tunneling
allows a user to access distinct
security domains
at the same time, using the same or different network connections.
This connection state is usually facilitated through the simultaneous use of a LAN
network interface controller
(NIC), radio NIC,
Wireless LAN
NIC, and virtual private network client software application. Split tunneling is most commonly configured via the use of a remote-access VPN client, which allows the user to simultaneously connect to a nearby
wireless network
, resources on an off-site
corporate network
, as well as websites over the internet.
Not every VPN allows split tunneling.
10
Advantages of split tunneling include alleviating
bottlenecks
, conserving
bandwidth
(as internet traffic does not have to pass through the VPN server), and enabling a user to not have to continually connect and disconnect when remotely accessing resources..
citation needed
Disadvantages include
DNS leaks
and potentially bypassing gateway-level security that might be in place within the company infrastructure.
11
Internet service providers
often use split tunneling to that implement for
DNS hijacking
purposes.
Classification
edit
VPN classification tree based on the topology first, then on the technology used
Topology
edit
host-to-network
configuration is analogous to joining one or more computers to a network to which they cannot be directly connected. This type of extension provides computer access to a
local area network
of a remote site, or any wider enterprise networks, such as an
intranet
. Each computer is in charge of activating its own tunnel towards the network it wants to join. The joined network is only aware of a single remote host for each tunnel. This may be employed for
remote workers
, or to enable people accessing their private home or company resources without exposing them on the public Internet.
citation needed
site-to-site
configuration connects two networks. This configuration expands a network across geographically disparate locations. Tunneling is only done between gateway devices located at each network location. These devices then make the tunnel available to other local network hosts that aim to reach any host on the other side. This is useful to keep sites connected to each other in a stable manner, like office networks to their headquarters or datacenter. In this case, any side may be configured to initiate the communication as long as it knows how to reach the other. In the context of site-to-site configurations, the terms
intranet
and
extranet
are used to describe two different use cases.
12
An
intranet
site-to-site VPN describes a configuration where the sites connected by the VPN belong to the same organization, whereas an
extranet
site-to-site VPN joins sites belonging to multiple organizations.
citation needed
A limitation of traditional VPNs is that they are
point-to-point
connections and do not tend to support
broadcast domains
. Therefore, communication, software, and networking that are based on
layer 2
and broadcast
packets
(such as
NetBIOS
used in
Windows networking
) may not be fully supported as on a
local area network
. Variants on VPN such as
Virtual Private LAN Service
(VPLS) and layer 2 tunneling protocols are designed to overcome this limitation.
13
Trusted and secure delivery networks
edit
Trusted VPNs do not use cryptographic tunneling; instead, they rely on the security of a single provider's network to protect the traffic.
14
Multiprotocol Label Switching
(MPLS) often overlays trusted VPNs, often with quality-of-service control over a trusted delivery network. A secure VPN either trusts the underlying delivery network or enforces security with an internal mechanism. Unless the trusted delivery network runs among physically secure sites only, both trusted and secure models need an authentication mechanism for users to gain access to the VPN.
citation needed
Types
edit
Mobile VPN
edit
Mobile virtual private networks
are used in settings where an endpoint of the VPN is not fixed to a single
IP address
, but instead roams across various networks such as data networks from cellular carriers or between multiple
Wi-Fi
access points without dropping the secure VPN session or losing application sessions.
15
Mobile VPNs are widely used in
public safety
where they give law-enforcement officers access to applications such as
computer-assisted dispatch
and criminal databases,
16
and in other organizations with similar requirements such as
field service management
and healthcare.
17
need quotation to verify
DMVPN
edit
Dynamic Multipoint Virtual Private Network
(DMVPN)
18
is a dynamic
tunneling
form of a virtual private network supported on
Cisco IOS
-based
routers
, Huawei AR G3 routers,
19
and
Unix
-like operating systems.
DMVPN provides the capability for creating a
dynamic-mesh
VPN network without having to statically pre-configure all possible tunnel end-point peers, such as
IPsec
and
ISAKMP
peers.
20
DMVPN is initially configured to build a
hub-and-spoke network
by statically configuring the hubs (VPN headends) on the spokes; no change in the configuration on the hub is required to accept new spokes. Using this initial hub-and-spoke network, tunnels between spokes are dynamically built on demand without additional configuration on the hubs or spokes. This dynamic-mesh capability alleviates the need for any load on the hub to route data between the spoke networks.
citation needed
EVPN
edit
Ethernet VPN
(EVPN) is a technology for carrying
OSI layer 2
Ethernet
traffic as a virtual private network using
wide area network
protocols. EVPN technologies include
Ethernet over Multiprotocol Label Switching (MPLS)
and
Ethernet over
Virtual Extensible LAN
21
22
MPLS VPN
edit
Multiprotocol Label Switching
(MPLS) is a routing technique in
telecommunications networks
that directs data from one
node
to the next based on labels rather than network addresses.
23
Whereas network addresses identify
endpoints
, MPLS labels identify established paths between endpoints. MPLS can encapsulate packets of various
network protocols
In practice, MPLS is mainly used to forward
IP
protocol data units
and
Virtual Private LAN Service
Ethernet traffic. Major applications of MPLS are telecommunications traffic engineering and
MPLS VPN
. MPLS works in conjunction with the
Internet Protocol
(IP) and its routing protocols, usually
interior gateway protocols
(IGPs) and supports the creation of dynamic, transparent virtual networks with support for traffic engineering, the ability to transport layer VPNs with overlapping address spaces, and for layer-2
pseudowires
that are capable of transporting a variety of transport payloads (
IPv4
IPv6
, ATM, Frame Relay, etc.).
24
25
VPLS
edit
Virtual Private LAN Service
(VPLS) is a virtual private network technology that provides Ethernet-based multipoint-to-multipoint communication over
IP
or
MPLS
networks. It allows geographically dispersed sites to share an Ethernet
broadcast domain
by connecting sites (including both servers and clients) through
pseudowires
26
The technologies that can be used as pseudo-wire can be
Ethernet over MPLS
L2TPv3
or even
GRE
. There are two
IETF
standards-track
RFCs
(RFC 4761 and RFC 4762) describing VPLS establishment. In contrast to L2TPv3, which allows only
point-to-point
OSI layer 2
tunnels, VPLS allows any-to-any (multipoint) connectivity.
27
28
PPVPN
edit
provider-provisioned VPN
(PPVPN) is a virtual private network (VPN) implemented by a connectivity service provider or large enterprise on a network they operate on their own, as opposed to a "customer-provisioned VPN" where the VPN is implemented by the customer who acquires the connectivity service on top of the technical specificities of the provider.
Protocols
edit
The life cycle phases of an IPSec tunnel in a virtual private network
A virtual private network is based on a
tunneling protocol
, and may be combined with other
network
or
application protocols
to provide additional security and capabilities.
IPSec (1996)
edit
Internet Protocol Security
(IPsec) is a standards-based security protocol, initially developed by the
Internet Engineering Task Force
(IETF) for
IPv6
, and was required in all standards-compliant implementations of IPv6 before RFC 6434 made it only a recommendation.
29
It is also widely used with
IPv4
The design of IPSec meets most security goals:
availability, integrity, and confidentiality
. IPsec uses encryption,
encapsulating
an IP packet inside an IPsec packet. De-encapsulation happens at the end of the tunnel, where the original IP packet is decrypted and forwarded to its intended destination. IPsec is also often supported by network hardware accelerators,
30
which makes IPsec VPN desirable for low-power scenarios, like always-on remote access VPN configurations.
31
32
IPsec tunnels are set up by the
Internet Key Exchange (IKE)
protocol. IPsec tunnels made with IKE version 1 (also known as IKEv1 tunnels, or often just "IPsec tunnels") can be used alone to provide VPN but are often combined with the
Layer 2 Tunneling Protocol (L2TP)
to reuse existing L2TP-related implementations for more flexible authentication features (e.g.
Xauth
).
IKE version 2, which was created by Microsoft and Cisco, can be used alone to provide IPsec VPN functionality. Its primary advantages are the native support for authenticating via the
Extensible Authentication Protocol (EAP)
and that the tunnel can be seamlessly restored when the IP address of the associated host is changing, which is typical of a roaming mobile device, whether on
3G
or
4G
LTE
networks.
TLS/SSL (1999)
edit
Transport Layer Security
(SSL/TLS) can tunnel an entire network's traffic (as it does in the
OpenVPN
project and
SoftEther VPN
project
33
) or secure an individual connection. A number of vendors provide remote-access VPN capabilities through TLS. A VPN based on TLS can connect from locations where the usual TLS web navigation (
HTTPS
) is supported without requiring additional configuration.
OpenSSH (1999)
edit
OpenSSH
offers VPN tunneling (distinct from
port forwarding
) to secure
ambiguous
remote connections to a network, inter-network links, and remote systems. OpenSSH server provides a limited number of concurrent tunnels. The VPN feature itself does not support personal authentication.
34
SSH is more often used to remotely connect to machines or networks instead of a site to site VPN connection.
OpenVPN (2001)
edit
OpenVPN
is a
free and open-source
VPN protocol based on the TLS protocol. It supports perfect
forward-secrecy
, and most modern secure cipher suites, like
AES
Serpent
TwoFish
, etc. It is currently
may be outdated as of March 2023
being developed and updated by OpenVPN Inc., a
non-profit
providing secure VPN technologies.
SSTP (2007)
edit
Secure Socket Tunneling Protocol (SSTP)
is a form of VPN tunnel that provides a mechanism to transport
Point-to-Point Protocol
(PPP) traffic through an
SSL/TLS
channel.
Wireguard (2015)
edit
WireGuard
is a protocol designed to be more lightweight than OpenVPN.
35
In 2020, WireGuard support was added to both the Linux
36
and Android
37
kernels, opening it up to adoption by VPN providers. By default, WireGuard utilizes the
Curve25519
protocol for
key exchange
and
ChaCha20-Poly1305
for encryption and message authentication, but also includes the ability to pre-share a
symmetric key
between the client and server.
38
Other
edit
Datagram Transport Layer Security
DTLS
) – used in Cisco
AnyConnect
VPN and in
OpenConnect
VPN
39
to solve the issues
TLS
has with tunneling over
TCP
(SSL/TLS are TCP-based, and tunneling TCP over TCP can lead to big delays and connection aborts
40
).
Microsoft Point-to-Point Encryption
MPPE
) works with the
Point-to-Point Tunneling Protocol
and in several compatible implementations on other platforms.
Microsoft
Secure Socket Tunneling Protocol
SSTP
) tunnels
Point-to-Point Protocol
(PPP) or Layer 2 Tunneling Protocol traffic through an
SSL/TLS
channel (SSTP was introduced in
Windows Server 2008
and in
Windows Vista
Service Pack 1).
Multi Path Virtual Private Network (MPVPN). Ragula Systems Development Company owns the registered
trademark
"MPVPN".
relevant?
41
Crypto IP Encapsulation (CIPE) is a free and open-source VPN implementation for tunneling
IPv4 packets
over
UDP
via
encapsulation
42
CIPE was developed for
Linux
operating systems by Olaf Titz, with a
Windows
port
implemented by Damion K. Wilson.
43
Development for CIPE ended in 2002.
44
L2TP
45
which is a standards-based replacement for two proprietary VPN protocols: Cisco's
Layer 2 Forwarding (L2F)
46
(obsolete as of 2009
[update]
) and Microsoft's
Point-to-Point Tunneling Protocol (PPTP)
47
Native and third-party support
edit
Desktop, smartphone and other end-user device operating systems usually support configuring remote access VPN from their
graphical
or
command-line
tools.
48
49
50
However, due to the variety of, often non standard, VPN protocols, there exist many third-party applications that implement additional protocols not yet or no longer natively supported by the OS. For instance,
Android
lacked native
IPsec IKEv2
support until version 11,
51
and users needed to install third-party apps in order to connect that kind of VPN. Conversely, Windows does not natively support plain IPsec IKEv1 remote access native VPN configuration (commonly used by
Cisco
and
Fritz!Box
VPN solutions).
Network appliances, such as firewalls, often include VPN gateway functionality for either remote access or site-to-site configurations. Their administration interfaces often facilitate setting up virtual private networks with a selection of supported protocols. In some cases, like in the open source operating systems devoted to firewalls and network devices (like
OpenWrt
IPFire
PfSense
or
OPNsense
), it is possible to add support for additional VPN protocols by installing missing software components or third-party apps.
citation needed
Commercial appliances with VPN features based on proprietary hardware or software platforms usually support a consistent VPN protocol across their products, but do not allow customizations outside the use cases they implement. This is often the case for appliances that rely on hardware acceleration of VPNs to provide higher throughput or support a larger number of simultaneously connected users.
citation needed
Society and culture
edit
Individual users
edit
As of 2025
[update]
, approximately 1.75 billion people used VPNs. By 2027, this market is projected to grow to $76 billion.
52
See also
edit
Free Software portal
Internet portal
Internet privacy
Opportunistic encryption
VPNLab
References
edit
"virtual private network"
NIST Computer Security Resource Center Glossary
Archived
from the original on 2 January 2023
. Retrieved
2 January
2023
"What Is a VPN? - Virtual Private Network"
Cisco
Archived
from the original on 31 December 2021
. Retrieved
5 September
2021
Mason, Andrew G. (2002).
Cisco Secure Virtual Private Network
. Cisco Press. p.
ISBN
978-1-58705-033-6
Peterson, Larry; Davie, Bruce (2000).
Computer Networks: A Systems Approach
. Singapore: Harcourt Asia.
ISBN
978-981-4066-43-3
. Retrieved
24 May
2025
Anniss, Matthew (2015).
Understanding Computer Networks
. United States: Capstone.
ISBN
978-1-4846-0907-1
Tanenbaum, Andrew S.
(2003).
Computer Networks
(4th ed.).
Prentice Hall
"What is VPN Split Tunneling?"
Fortinet
. Retrieved
11 June
2025
"VPN split tunneling"
NordVPN
Long, Moe (22 July 2021).
"Best VPN for Split Tunneling"
Tech Up Your Life
. Retrieved
21 October
2021
"What is VPN split tunneling? All you need to know"
Surfshark
. Retrieved
11 June
2025
Remote Access VPN and a Twist on the Dangers of Split Tunneling
, 10 May 2005
, retrieved
5 December
2017
RFC 3809 - Generic Requirements for Provider Provisioned Virtual Private Networks
IETF
. sec. 1.1.
doi
10.17487/RFC3809
RFC
3809
Sowells, Julia (7 August 2017).
"Virtual Private Network (VPN): What VPN Is And How It Works"
Hackercombat
Archived
from the original on 17 June 2022
. Retrieved
7 November
2021
Cisco Systems, Inc. (2004).
Internetworking Technologies Handbook
. Networking Technology Series (4 ed.). Cisco Press. p. 233.
ISBN
978-1-58705-119-7
. Retrieved
15 February
2013
[...] VPNs using dedicated circuits, such as Frame Relay [...] are sometimes called
trusted VPN
s, because customers trust that the network facilities operated by the service providers will not be compromised.
Phifer, Lisa.
"Mobile VPN: Closing the Gap"
Archived
6 July 2020 at the
Wayback Machine
SearchMobileComputing.com
, 16 July 2006.
Willett, Andy.
"Solving the Computing Challenges of Mobile Officers"
Archived
12 April 2020 at the
Wayback Machine
www.officer.com
, May, 2006.
Cheng, Roger.
"Lost Connections"
Archived
28 March 2018 at the
Wayback Machine
The Wall Street Journal
, 11 December 2007.
Cisco engineers.
"Dynamic Multipoint IPsec VPNs (Using Multipoint GRE/NHRP to Scale IPsec VPNs)"
Cisco
. Cisco
. Retrieved
24 September
2017
Huawei DSVPN Configuration
Kurniadi, S. H.; Utami, E.; Wibowo, F. W. (December 2018).
"Building Dynamic Mesh VPN Network using MikroTik Router"
Journal of Physics: Conference Series
1140
012039.
doi
10.1088/1742-6596/1140/1/012039
ISSN
1742-6596
"EVPN Overview - TechLibrary - Juniper Networks"
www.juniper.net
. Archived from
the original
on 11 May 2017
. Retrieved
19 December
2019
"Understanding EVPN with VXLAN Data Plane Encapsulation - TechLibrary - Juniper Networks"
www.juniper.net
. Archived from
the original
on 13 May 2017
. Retrieved
19 December
2019
Sturt, Robert; Rosencrance, Linda; Scarpati, Jessica (28 March 2023).
"What is Multiprotocol Label Switching (MPLS)?"
techtarget.com
. Retrieved
21 July
2025
RFC
3031
S. Bryant; P. Pate, eds. (March 2005).
Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture
. Network Working Group.
doi
10.17487/RFC3985
RFC
3985
Informational.
Updated by
RFC
5462
H. Shah (Cisco Systems) (January 2015).
"RFC 7436: IP‑Only LAN Service (IPLS)"
. IETF
. Retrieved
7 August
2025
Rekhter, Yakov; Kompella, Kireeti (January 2007).
Virtual Private LAN Service (VPLS) Using BGP for Auto-Discovery and Signaling
(Report). Internet Engineering Task Force.
Lasserre, Marc; Kompella, Vach (January 2007).
Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling
(Report). Internet Engineering Task Force.
E. Jankiewicz; J. Loughney; T. Narten (December 2011).
IPv6 Node Requirements
Internet Engineering Task Force
doi
10.17487/RFC6434
ISSN
2070-1721
RFC
6434
Obsolete.
p. 17. Obsoleted by
RFC
8504
. Obsoletes
RFC
4294
Previously, IPv6 mandated implementation of IPsec and recommended the key management approach of IKE. This document updates that recommendation by making support of the IPsec Architecture RFC4301 a SHOULD for all IPv6 nodes.
"Security for VPNs with IPsec Configuration Guide, Cisco IOS Release 15S - VPN Acceleration Module [Support]"
Cisco
. Retrieved
9 July
2024
"VPN overview for Apple device deployment"
Apple Support
. Retrieved
9 July
2024
"About Always On VPN for Windows Server Remote Access"
learn.microsoft.com
. 22 May 2023
. Retrieved
9 July
2024
"1. Ultimate Powerful VPN Connectivity"
www.softether.org
. SoftEther VPN Project.
Archived
from the original on 8 October 2022
. Retrieved
8 October
2022
"ssh(1) – OpenBSD manual pages"
man.openbsd.org
Archived
from the original on 5 July 2022
. Retrieved
4 February
2018
Barschel, Colin.
"Unix Toolbox"
cb.vu
. Archived from
the original
on 28 May 2019
. Retrieved
2 August
2009
"SSH_VPN – Community Help Wiki"
help.ubuntu.com
Archived
from the original on 2 July 2022
. Retrieved
28 July
2009
Preneel, Bart; Vercauteren, Frederik, eds. (11 June 2018).
Applied Cryptography and Network Security
. Springer.
ISBN
978-3-319-93387-0
Archived
from the original on 18 February 2019
. Retrieved
25 June
2018
Salter, Jim (30 March 2020).
"WireGuard VPN makes it to 1.0.0—and into the next Linux kernel"
Ars Technica
Archived
from the original on 31 March 2020
. Retrieved
30 June
2020
"Diff - 99761f1eac33d14a4b1613ae4b7076f41cb2df94^! - kernel/common - Git at Google"
android.googlesource.com
Archived
from the original on 29 June 2022
. Retrieved
30 June
2020
Younglove, R. (December 2000).
"Virtual private networks - how they work"
Computing & Control Engineering Journal
11
(6):
260–
262.
doi
10.1049/cce:20000602
(inactive 12 July 2025).
ISSN
0956-3385
{{
cite journal
}}
: CS1 maint: DOI inactive as of July 2025 (
link
dead link
Benjamin Dowling, and Kenneth G. Paterson (12 June 2018). "A cryptographic analysis of the WireGuard protocol".
International Conference on Applied Cryptography and Network Security
ISBN
978-3-319-93386-3
"OpenConnect"
Archived
from the original on 29 June 2022
. Retrieved
8 April
2013
OpenConnect is a client for Cisco's AnyConnect SSL VPN [...] OpenConnect is not officially supported by, or associated in any way with, Cisco Systems. It just happens to interoperate with their equipment.
"Why TCP Over TCP Is A Bad Idea"
sites.inka.de
Archived
from the original on 6 March 2015
. Retrieved
24 October
2018
"Trademark Status & Document Retrieval"
tarr.uspto.gov
Archived
from the original on 21 March 2012
. Retrieved
8 October
2022
Fuller, Johnray; Ha, John (2002).
Red Hat Linux 9: Red Hat Linux Security Guide
(PDF)
. United States:
Red Hat, Inc.
pp.
48–
53.
Archived
(PDF)
from the original on 14 October 2022
. Retrieved
8 September
2022
Petersen, Richard (2004).
"Chapter 17: Internet Protocol Security: IPsec, Crypto IP Encapsulation for Virtual Private Networks"
Red Hat - The Complete Reference Enterprise Linux & Fedora Edition
. United States:
McGraw-Hill/Osborne
ISBN
0-07-223075-4
Archived
from the original on 17 January 2023
. Retrieved
17 January
2023
Titz, Olaf (20 December 2011).
"CIPE - Crypto IP Encapsulation"
CIPE - Crypto IP Encapsulation
Archived
from the original on 18 May 2022
. Retrieved
8 September
2022
Titz, Olaf (2 April 2013).
"CIPE - encrypted IP in UDP tunneling"
SourceForge
Archived
from the original on 8 September 2022
. Retrieved
8 September
2022
Wilson, Damion (19 October 2002).
"CIPE-Win32 - Crypto IP Encapsulation for Windows NT/2000"
SourceForge
Archived
from the original on 8 September 2022
. Retrieved
8 September
2022
Layer Two Tunneling Protocol "L2TP"
Archived
30 June 2022 at the
Wayback Machine
RFC
2661
, W. Townsley
et al.
, August 1999
IP Based Virtual Private Networks
Archived
9 July 2022 at the
Wayback Machine
RFC
2341
, A. Valencia
et al.
, May 1998
Point-to-Point Tunneling Protocol (PPTP)
Archived
2 July 2022 at the
Wayback Machine
RFC
2637
, K. Hamzeh
et al.
, July 1999
"Connect to a VPN in Windows - Microsoft Support"
support.microsoft.com
. Retrieved
11 July
2024
"Connect to a virtual private network (VPN) on Android"
. Retrieved
11 July
2024
"VPN settings overview for Apple devices"
Apple Support
. Retrieved
11 July
2024
"IPsec/IKEv2 Library"
Android Open Source Project
. Retrieved
11 July
2024
Hooson, Mark (3 March 2025).
"VPN Statistics"
Forbes UK
. Retrieved
19 March
2025
Further reading
edit
Kelly, Sean (August 2001).
"Necessity is the mother of VPN invention"
Communication News
26–
28.
ISSN
0010-3632
. Archived from
the original
on 17 December 2001.
Virtual private networking
Communication protocols
DTLS
DirectAccess
EVPN
IPsec
L2F
L2TP
L2TPv3
PPTP
SSTP
Split tunneling
SSL/TLS
Opportunistic
tcpcrypt
TLS
Connection applications
FreeLAN
FreeS/WAN
Libreswan
n2n
OpenConnect
OpenIKED
Openswan
OpenVPN
Social VPN
SoftEther VPN
strongSwan
tcpcrypt
tinc
VTun
WireGuard
Shadowsocks
Enterprise software
Avast SecureLine VPN
Check Point VPN-1
LogMeIn Hamachi
Risk vectors
Content-control software
Deep content inspection
Deep packet inspection
IP address blocking
Network enumeration
Stateful firewall
TCP reset attack
VPN blocking
VPN services
Avast
HMA
SecureLine
Kape Technologies
ExpressVPN
Private Internet Access
McAfee
TunnelBear
Tesonet
NordVPN
NordLayer
Surfshark
Ziff Davis
IPVanish
StrongVPN
Hola
IVPN
Mozilla VPN
Mullvad
Nym
PrivadoVPN
Proton VPN
PureVPN
SaferVPN
Tailscale
Windscribe
Cryptographic software
Email clients
Apple Mail
Autocrypt
Claws Mail
Enigmail
GPG
Gpg4win
GPG Mail
Kontact
Outlook
p≡p
PGP
Proton Mail
Sylpheed
Thunderbird
Secure
communication
OTR
Adium
BitlBee
Centericq
ChatSecure
climm
Jitsi
Kopete
Profanity
SSH
Dropbear
lsh
OpenSSH
PuTTY
SecureCRT
WinSCP
wolfSSH
TLS & SSL
BBM Enterprise
Bouncy Castle
BoringSSL
Botan
cryptlib
GnuTLS
JSSE
LibreSSL
MatrixSSL
NSS
OpenSSL
mbed TLS
BSAFE
SChannel
SSLeay
stunnel
TeamNote
wolfSSL
VPN
Check Point VPN-1
Hamachi
Openswan
OpenVPN
SoftEther VPN
strongSwan
Tinc
WireGuard
ZRTP
Jitsi
Linphone
Jami
Zfone
P2P
Bitmessage
Briar
RetroShare
Tox
DRA
Matrix
OMEMO
Cryptocat
ChatSecure
Proteus
Session
Signal Protocol
Facebook Messenger
Google Allo
Google Messages
Signal
TextSecure
WhatsApp
Disk encryption
Comparison
BestCrypt
BitLocker
Cryptoloop
dm-crypt
DriveSentry
E4M
eCryptfs
FileVault
FreeOTFE
GBDE
geli
LUKS
PGPDisk
Private Disk
Scramdisk
Sentry 2020
TrueCrypt
History
VeraCrypt
Anonymity
GNUnet
I2P
Java Anon Proxy
Mixnet
Tor
Vidalia
RetroShare
Ricochet
Wickr
File systems
List
EncFS
EFS
eCryptfs
LUKS
PEFS
Rubberhose
StegFS
Tahoe-LAFS
Security-focused
operating system
GrapheneOS
Tails
Qubes
Service providers
Hyphanet
NordLocker
Proton Drive
Tresorit
WinPT
Wuala
Educational
CrypTool
Anti–computer forensics
USBKill
BusKill
Related topics
Outline of cryptography
Timeline of cryptography
Hash functions
Cryptographic hash function
List of hash functions
Homomorphic encryption
End-to-end encryption
S/MIME
Category
Commons
Internet censorship circumvention
technologies
Background
Internet censorship
Internet censorship in China
National intranet
Censorship and blocking technologies
IP address blocking
DNS cache poisoning
Wordfilter
Great Firewall of China
Blocks on specific websites
GitHub
Wikipedia
Principles
With a
proxy server
P2P
Web proxies
SSH
VPN
PAC
Without a proxy server
HTTPS
IPv6 transition mechanism
hosts
DNSCrypt
Domain fronting
Refraction networking
Anti-censorship software
Free software
Psiphon
Shadowsocks
OnionShare
Orbot
Outline VPN
GoAgent
PirateBox
VPN Gate
WireGuard
Proprietary software
Lantern
Freegate
Ultrasurf
Hotspot Shield
Telex
Proxify
Shadowrocket
Browser extensions
Snowflake
uProxy
Anonymity
Anonymous software
Tor
JAP (JonDonym)
Flash proxy
Mixmaster
Anonymous P2P
network
Hyphanet
I2P
StealthNet
Tribler
ZeroNet
Physical circumvention methods
Sneakernet
USB dead drop
Relevant organizations
GreatFire
FreeWeibo
NetBlocks
OONI
Turkey Blocks
Reference
Great Cannon
Italics
indicates that maintenance of the tool has been discontinued.
Category
Commons
Retrieved from "
Categories
Network architecture
Internet privacy
Virtual private networks
Hidden categories:
Webarchive template wayback links
CS1 maint: DOI inactive as of July 2025
All articles with dead external links
Articles with dead external links from July 2024
Articles with short description
Short description is different from Wikidata
Articles needing additional references from September 2025
All articles needing additional references
Use dmy dates from August 2017
Use American English from April 2021
All Wikipedia articles written in American English
All articles with unsourced statements
Articles with unsourced statements from September 2025
Articles with unsourced statements from June 2023
Wikipedia articles needing factual verification from June 2018
Articles with unsourced statements from June 2025
Wikipedia articles needing clarification from March 2023
All Wikipedia articles in need of updating
Wikipedia articles in need of updating from March 2023
All articles that may have off-topic sections
Wikipedia articles that may have off-topic sections from March 2023
Articles containing potentially dated statements from 2009
All articles containing potentially dated statements
Articles containing potentially dated statements from 2025
Virtual private network
Add topic
US