What Is a VPN and How Does It Work? (Full Guide 2023)
VPNs are online apps that secure your traffic and hide your IP address. VPNs help you bypass annoying geo-blocks on popular streaming sites. And they’re also great at circumventing censorship in restrictive countries. Plus, VPNs also protect you from cyber attacks, which happen regularly nowadays.
But there’s more to VPNs than just a paragraph-long definition. So we covered everything you need to know about them in this guide. Keep reading to find out how a VPN actually works, what it’s used for, how to use the service, how to find a good provider, and more.
VPN stands for Virtual Private Network. A VPN is an online service that encrypts your online traffic and hides your IP address. That allows you to browse the web securely and unblock geo-restricted and censored content.
How Does a VPN Work?
A VPN allows you to connect to different VPN servers around the world — when you connect to a server, it replaces your real IP with its own IP. Any site you access while connected to the VPN will think your traffic is coming from the VPN server’s country. Also, a VPN encrypts your online traffic, making it unreadable.
How a VPN Works (Technical Explanation)
A VPN consists of a VPN app, which you install on your device, and VPN servers, which you connect to. When you connect to a VPN server, the VPN app and server establish an encrypted connection between them. Any data that passes through that connection is unreadable — if someone were to spy on it, they’d only see gibberish. For instance, instead of a connection request to “facebook.com”, they’d only see something like “HFYUh5432IDJku432”.
Also, when you access a site while connected to a VPN server, your connection to the site first passes through the VPN. So instead of this:
You → ISP Network → Website
Your connection will look like this:
You → VPN App → ISP Network → VPN Server → Website
Due to that, any website you access while connected to a VPN will think your traffic is coming from the VPN server. So the website will only see the VPN server’s IP address, while your IP remains hidden. That “tricks” the site into thinking you’re connecting to it from the VPN server’s country. Similarly, anyone who tries to collect your IP, like hackers and advertisers, will only see the VPN’s IP.
What Happens When You Connect to a VPN?
Here’s a step-by-step look at what happens when you use a VPN to go online:
- You use the VPN app on your device to connect to a VPN server.
- The VPN app encrypts your internet connection, making it unreadable, and establishes a connection to the VPN server.
- The VPN app sends the encrypted data to the VPN server.
- The VPN server receives your encrypted connection, decrypts it, and forwards it to the internet.
- When the VPN server receives the online data you requested from the web, it encrypts it and sends it to the VPN app on your device.
- The VPN app receives the encrypted data and decrypts it so that you can view it.
This process happens every time you access the internet via a VPN. It seems long and complicated, but it only takes a few seconds at most in real-time.
What Does a VPN Do?
Here’s a quick look at what exactly a VPN does:
- Creates a secure “tunnel” — the VPN establishes a secure connection between your device and a VPN server.
- Encrypts your traffic — this makes your data unreadable, so nobody can spy on it.
- Hides your IP address — allows you to browse the web using the VPN’s IP address.
What a VPN Doesn’t Do
And here’s what a VPN can’t do:
- Prevent malware infections — VPNs can’t protect your device from direct malware infections. They can only secure your online connections. For that kind of protection, you need to use an antivirus.
- Protect you from cookies — cookies are small text files that are stored on your device when you interact with sites. VPNs can’t intercept and store them on their servers instead of on your device. To make sure cookies don’t leak your real location while using a VPN, use your browser’s incognito/private mode.
- Bypass internet shutdowns — VPNs can bypass censorship, but not internet shutdowns. That’s when a government shuts down internet access country-wide. To use a VPN, you need to have online access.
Why Should You Use a VPN?
Here are the main reasons you should use a VPN:
- Access streaming sites and content — with a VPN, you can access videos and streaming platforms that are not available in your country. Or you can access sites that only work in your country when you travel abroad. That’s because the VPN hides your IP address, which reveals your location. So streaming sites can’t target you with geo-blocks.
- Bypass censorship — VPNs allow you to communicate with the web via an IP address that doesn’t have firewall restrictions linked to it. So you can use these services to access blocked sites in restrictive countries like China.
- Secure your data — VPNs encrypt your traffic, making it completely unreadable. That means cybercriminals can’t spy on your data when you use unsecured WiFi networks.
- Secure P2P traffic — using a VPN for torrenting prevents anyone from seeing your IP address in the torrent swarm. So copyright trolls and lawyers can’t collect it anymore. Also, a VPN prevents your ISP from seeing your P2P traffic.
- Prevent bandwidth throttling — when you use too much data, your ISP can throttle your speeds for certain online services. If they do that, you’ll have slower speeds. Well, a VPN encrypts your traffic, so your ISP can’t see what you’re doing online. Without that information, they can’t selectively throttle your connections.
- Protect yourself from DDoS attacks — a DDoS attack is when someone floods your network with too much traffic, forcing it offline. To target your network, they need your IP address. If you use a VPN, hackers can’t see your IP anymore, so they can’t DDoS you. They can DDoS the VPN, but most providers have anti-DDoS protection on their servers.
- Save money — VPNs can sometimes help you save money on plane tickets, car rentals, video games, accommodations, and more. Try connecting to VPN servers in lower-income countries and you might see lower prices when you buy things online.
- Lower ping — VPNs might lower your ping while gaming. If you connect to a VPN server in the same country as the gaming server, there’s a chance your traffic will be routed directly to the gaming server. Normally, your traffic might pass through multiple countries until it reaches the gaming server. And that increases your ping.
Who Should Use a VPN?
Here’s a quick look at who could benefit from using a VPN:
- People who want to secure their data on public WiFi.
- People who want to stop their ISPs from spying on their browsing or throttling their speeds.
- Anyone who wants to access geo-blocked content or sites.
- People who want to enjoy gaming without dealing with high ping and DDoS attacks.
- Torrent users who want to protect their privacy.
- People who live in or travel through restrictive countries.
- People who want to stop advertisers from tracking their online preferences.
- Journalists, whistleblowers, activists, or anyone else who needs strong security.
Types of VPNs
Here are the 4 most common types of VPNs:
1. Commercial VPNs
A commercial VPN is a service that allows any online user to connect to a VPN server to securely access the web. Commercial VPNs are designed to be very easy to use — you only need to install an app on your device and use it to connect to a server. So pretty much anyone from college students and gamers to senior citizens and freelancers can use commercial VPNs.
Commercial VPNs come with paid subscriptions, though free options are available.
Commercial VPN example: NordVPN.
2. Corporate VPNs
A corporate VPN allows users to remotely access private networks securely. Most companies that have remote workers use corporate VPNs to encrypt employee connections to the company’s servers. Unlike a commercial VPN, corporate VPNs don’t secure users’ privacy. Employers who use a corporate VPN often enable logging to check what sites their employees access while connected to the VPN.
Companies can buy corporate VPN services from a provider or set up their in-house VPN.
Corporate VPN example: NordLayer.
3. Mobile VPNs
Mobile VPNs, also called mVPNs, are similar to corporate VPNs — they provide secure remote access to private networks. But mobile VPNs are designed to resist network changes, like when a user switches from WiFi to mobile data or turns off their device for a while. For example, a remote worker who lives in an area with poor connectivity could use a mobile VPN to securely access their company’s servers.
The term “mobile VPN” refers to the fact that the VPN can be used on any connection, providing great mobility. A mobile VPN can be used on any device, not just on mobile devices.
Mobile VPN example: Bittium SafeMove Mobile VPN.
4. Site-to-Site VPNs
Site-to-site VPNs are used to join together 2 networks that are located in different places. For example, let’s say there are 2 companies, called Company A and Company B. Company A has a site-to-site VPN client on a computer. And Company B has site-to-site VPN server software running on its servers. An employee from Company A could use the site-to-site VPN client to securely access Company B’s servers.
Site-to-site VPN example: OpenVPN’s Access Server.
What Is a VPN? (In-Depth Explanation)
In this section, we’ll take a closer and more technical look at how a VPN works.
What Is a VPN Client?
A VPN client, also called a VPN app, is a software you install on your device, which you use to access the VPN service. A VPN client allows you to interact with the VPN — like connecting to VPN servers or changing VPN settings. The VPN client also encrypts your connection when you connect to a VPN server.
VPN clients provided by commercial VPNs are generally very intuitive and easy to use. Here’s a screenshot of NordVPN’s app for reference:
What Is a VPN Server?
A VPN server is a type of server that hosts VPN software – it delivers the VPN service. A VPN server is responsible for decrypting the secured data received from the VPN app on your device and forwarding it to the web. The server also encrypts the data received from the web before sending it to the VPN app.
VPN providers can have both physical and virtual servers:
- Physical VPN servers — these are standalone physical servers. They are usually housed in data centers the VPN provider either owns or works with.
- Virtual VPN servers — this is a virtual machine instance created within a physical server. Multiple virtual private servers can be hosted on one physical server. Virtual servers are cheaper than physical servers, but just as secure.
The total number of VPN servers a VPN provider has is called a VPN server network.
What Is VPN Encryption?
VPN encryption turns readable data into unreadable data. When a VPN encrypts your connection requests, it turns your traffic into gibberish. So if someone spies on your traffic, they can’t see what sites you access. Instead, they’ll only see random strings of numbers, letters, and special characters — like HJ5rfu$3fs.
VPN providers use different encryption ciphers — it usually depends on which VPN protocol is used. The industry standard for most VPNs is 256-bit AES encryption, also called military or bank-grade encryption.
VPNs provide end-to-end encryption, meaning only the VPN app and VPN server can encrypt and decrypt your data.
What Is VPN Tunneling?
VPN tunneling is the process of establishing a secure connection between the VPN app on your device and the VPN server you connect to. Once the VPN app and server establish a VPN tunnel, any data that passes through it is encrypted. So nobody can monitor the traffic passing through the VPN tunnel.
While it’s called a VPN “tunnel,” you can easily refer to it simply as a VPN connection.
What Are VPN Protocols?
A VPN protocol is a set of rules that dictates how the VPN connection between the VPN app and VPN server is established. As a user, which protocol you use will determine what security and speeds you get. Switching between VPN protocols is normally very easy, as it’s done inside the VPN app’s settings menu.
To make things easier for you, we split the protocols into 3 different categories:
1. The Most Common VPN Protocols
These are the protocols you’re likely to see in most VPN apps:
- OpenVPN — a very popular VPN protocol that provides excellent security and good speeds. Most people like OpenVPN because it’s available on most platforms and it’s open-source, meaning anyone can inspect the code. OpenVPN has also passed multiple security audits.
- WireGuard — a relatively new VPN protocol that works on most platforms and is also open-source. It provides great security through modern encryption ciphers. Also, due to its very light codebase, it provides blazing-fast speeds.
- IKEv2/IPSec — a secure and fast protocol that’s available on the most popular platforms. It’s designed to resist network changes, meaning the VPN connection won’t drop if you switch from mobile data to WiFi, for example.
- L2TP/IPSec — provides good security and fast speeds, but many people consider it less secure than OpenVPN, WireGuard, and IKEv2/IPSec.
2. VPN Protocols You Don’t See Often
These VPN protocols are not offered by most VPN providers:
- PPTP — provides very fast speeds and good cross-platform compatibility. That said, its security is extremely weak since its encryption can be cracked. Also, it’s very easy to block PPTP connections. Most top VPNs like NordVPN and ExpressVPN have dropped support for PPTP.
- SSTP — has good security and speeds, but is mainly available on Windows since it was developed by Microsoft. That said, there are ways to set up SSTP on macOS and Linux.
- SoftEther — an open-source protocol that provides excellent security and speeds. Many VPNs don’t offer it because integrating it into their service is difficult.
- IPSec — IPSec can be used as a standalone VPN protocol, which provides good speeds and security. But it’s mostly used on its own by corporate VPNs. Commercial VPNs usually pair it up with IKEv2 or L2TP for better speeds.
3. Proprietary VPN Protocols
These are protocols developed and owned by specific VPN providers, so you can’t use these protocols with every VPN service. There are tons of proprietary protocols, but here are some popular examples:
- NordLynx — this is NordVPN’s proprietary protocol. It’s a modified version of WireGuard that’s designed to offer better privacy.
- Lightway — ExpressVPN’s proprietary protocol, which provides excellent security and very fast speeds. Lightway is almost as fast as WireGuard.
- Chameleon — VyprVPN’s protocol that’s designed to be used in restrictive countries. It uses OpenVPN encryption but hides OpenVPN metadata to make the VPN connection look like a normal internet connection.
How to Pick the Right VPN
Here are the metrics you can use to pick the best VPN:
- Strong security — a good VPN should come with industry-standard VPN security features. That includes 256-bit AES encryption, a no-logs policy, a kill switch, and protection against IPv6, DNS, and WebRTC leaks.
- VPN protocols — the VPN should provide you with access to a few popular VPN protocols like WireGuard, OpenVPN, and IKEv2/IPSec. That way, you have more control over how secure and fast your VPN connection is.
- Large server network — a VPN should have hundreds or thousands of servers in many countries around the world. That way, you don’t have to use overcrowded servers, which slow down your speeds. Also, you can connect to nearby servers to get fast connections.
- Fast speeds — when you use a VPN, your speeds might slow down due to the encryption process. But a really good VPN will minimize the speed loss so that it’s not noticeable. Ideally, it shouldn’t slow down your speeds by more than 40–50%.
- Unlimited data — VPNs shouldn’t limit how much data you can use each day or month. Otherwise, you can’t use them to surf the web, download files, and watch movies and TV shows.
- Streaming support — a good VPN needs to work with popular streaming sites like Netflix and Amazon Prime. That way, you can watch your favorite shows anywhere in the world.
- Torrenting support — a VPN should also allow torrenting traffic either on all of its servers or on dedicated servers. It should also work with popular P2P apps like qBittorrent and Vuze without any issues.
- Ease of Use — a VPN provider should have dedicated apps for the most popular platforms, like Android, iOS, Windows, macOS, and Linux. What’s more, its apps need to be very intuitive and easy to navigate.
- Simultaneous connections — good VPNs allow you to use their service on multiple devices at the same time. The industry average is 5–7 simultaneous connections. But some VPNs also allow unlimited connections, like Surfshark for example.
- Additional features — it’s great if a VPN provides extra value by giving you access to additional features. That includes things like split-tunneling, a built-in speed test, double VPN connections, or an ad blocker.
- Pricing — a VPN should come with affordable prices, flexible plan lengths, and generous refunds. The industry standard is a 30-day money-back guarantee. Some VPNs also provide a free plan so that you can test the service before you buy it.
How to Install and Use a VPN
Here’s how to easily install and use a VPN in just 6 steps:
- Sign up for a good VPN — we recommend NordVPN.
- Download the right VPN app for your device.
- Install the VPN app — just follow the on-screen instructions.
- Open the VPN app.
- Connect to a VPN server.
- That’s it — you can now surf the web securely.
How to Set Up a VPN Manually
You can manually set up VPN connections on different operating systems. You can do it either by using the operating system’s built-in VPN support or a third-party VPN app, like the OpenVPN GUI. You’ll still need a VPN subscription, though, since you’ll have to use the provider’s servers.
For example, on Windows 10, you can open the start menu, type VPN, and select VPN settings. Next, pick Add a VPN connection and fill in the necessary info:
- VPN provider — pick Windows (built-in).
- Connection name — name the VPN connection whatever you want.
- Server name or address — enter the address of the VPN server you’ll use.
- VPN type — pick the VPN protocol you want to use. Make sure the VPN provider supports it, though.
- Type of sign-in info — most commercial VPNs will require a username and password .
- User name — add the VPN account username.
- Password — add the VPN account password.
To connect to the VPN, click the Network icon, select the VPN connection, and hit Connect. If prompted, enter your username and password.
Most top providers have step-by-step tutorials for manual setups. Their guides usually cover different operating systems and third-party apps. So make sure you check out your provider’s support section if you need help.
Can You Create Your Own VPN?
Yes — to do that, you’ll need to rent a virtual private server from a data center. Next, you need to manually set up VPN software on the server, so that it encrypts your data when you connect to it. When you’re done, connect to the server from your device, and then surf the web using it.
But you should only do this if you’re an advanced user since it requires a lot of technical knowledge — like using virtual machines and command lines. If you only want to surf the web securely and access streaming sites, you’re better off getting a commercial VPN like NordVPN. It’s cheaper and much easier to use.
Are There VPN Alternatives?
There are a few online services that work as VPN alternatives, depending on what you want to do with them. Based on our research, the best VPN alternatives are proxies, the Tor network, and Smart DNS tools:
How it’s similar to a VPN: like a VPN, it routes your traffic through a server, called a proxy server. That server acts as a middleman between you and the internet. So a proxy also hides your IP address.
Why it’s not as good as VPN: proxy servers either use weak encryption or don’t use any encryption at all. While they can hide your IP address, they can’t secure your traffic or prevent your ISP from throttling your bandwidth.
How it’s similar to a VPN: Tor is a privacy network that hides your IP address and encrypts your traffic. Unlike most VPNs, Tor is free to use — you only need to download and use the Tor browser.
Why it’s not as good as VPN: Tor sends your traffic through at least 3 servers instead of just 1 server like a VPN. The added layers of encryption significantly slow down your speeds. In our tests, we experienced 70–80% slowdowns with Tor, while top VPNs only slowed down our speeds by about 30–35%. In addition to that, Tor also has security issues since it can suffer IP leaks and malicious actors can run and operate Tor servers. Tor will only encrypt your Tor browser traffic — everything else remains unsecured.
How it’s similar to a VPN: a smart DNS also allows you to unblock geo-restricted sites because it prevents websites from seeing your geo-location.
Smart DNS it’s not as good as VPN: smart DNS tools hide your geo-location by spoofing your DNS data, not your IP address. What’s more, smart DNS services don’t use encryption. Due to that, you don’t get any security or privacy, as you do with a VPN. The lack of encryption also means that a smart DNS can’t prevent bandwidth throttling.
Virtual Private Network FAQs
These are the most common questions we have seen people asking about what VPNs are, how they work, what VPN stands for, and so on. If you have more questions, just leave them in the comments.
What Are VPNs?
VPNs are online apps that hide your IP address, masking your location, and encrypt your traffic, making it unreadable. People use VPNs to protect their data on the web, bypass censorship, and access geo-restricted sites and content. To use a VPN, you only need to download and install an easy-to-use app on your device.
Can I Use a Free VPN?
Free VPNs are available, but we don’t normally recommend using them. That’s because most free VPNs don’t have essential VPN security features, like a kill switch. Also, they have very slow speeds, bandwidth caps, buggy apps, and poor customer support. Plus, they don’t work with streaming sites or allow P2P traffic.
Still, if you insist on using a free VPN, try AtlasVPN’s free plan. It’s one of the only free VPN plans that allow unlimited connections and torrenting. Plus, you also get good security and fast speeds. However, the free plan limits you to 10 GB of data per month and servers in the US and the Netherlands, and you don’t get streaming support.
How Much Do VPNs Cost?
On average, a VPN’s monthly plans will cost anywhere from $5 to $13 per month. However, you can save a lot of money if you get a long-term plan instead. With a long-term plan, you only pay around $2–$6 per month, which is much more affordable.
Plus, many top VPNs add free months of service to your subscription if you get their longest plans. And with most top providers, you buy with no risk because they have generous money-back guarantees. The industry average is a 30-day money-back guarantee — if you’re not happy with the service, you simply ask for a refund.
Is a VPN Safe to Use?
Yes, VPNs are safe to use provided they come with essential security features:
- Strong encryption — makes your traffic unreadable.
- No-logs policy — prevents the VPN from logging your data.
- Kill switch — protects you from traffic leaks if the VPN disconnects.
- Leak protection — to prevent DNS, IPv6, and WebRTC leaks.
Some VPNs include advanced security features such as audited no-logs policy or RAM-only servers, meaning every server reset wipes all data.
If you want to test if the VPN is safe to use, do a leak test. Connect to a VPN server, then open ipleak.net and check the results — if you do not see your IP and DNS addresses, the VPN is not leaking your data and is safe to use.
Are VPNs Legal?
VPNs are legal in most countries, though some places ban VPNs. If you live in or travel through a restrictive country, we recommend researching the local laws to make sure it’s 100% safe to use a VPN. Keep in mind that using a VPN to engage in criminal activities is definitely against the law.
Can You Be Tracked If You Use a VPN?
VPNs prevent ISPs, hackers, and governments from tracking your internet browsing. That said, a VPN cannot provide 100% anonymity, so there are still ways you can be tracked online even if you use a VPN. For example, VPNs can’t prevent sites from using browser fingerprinting to track things like your device’s data.
What Are the Disadvantages of Using a VPN?
These are the most common drawbacks of using a VPN:
- It might slow down your speeds due to the encryption process and the distance between you and the VPN server.
- It might increase mobile data usage.
- Your bank might block your VPN connection.
- It can’t protect you from direct malware infections.
What Does a VPN Protect You from?
Here’s what a VPN protects you from:
- Government and ISP surveillance.
- Government censorship.
- Cybercriminals snooping on your traffic.
- ISPs sharing your browsing data with advertisers.
- Advertisers spying on your online preferences.
Do VPNs Work on Mobile?
Yes, most top VPNs have dedicated apps for iOS and Android smartphones, which you can get from the app store. Good VPNs like NordVPN have mobile apps that are designed for phone screens, so they’re very easy to navigate and use with your finger.
Do VPNs Work in Browsers?
Yes, many VPNs have extensions for popular browsers like Chrome, Opera, and Firefox. VPN browser extensions are usually proxies, not VPNs — they hide your IP, but don’t encrypt your traffic. Still, some VPN browser extensions can be configured to use SSL encryption, which can use the very secure AES-128 cipher.
What Is a VPN Used for?
Here’s what you can do with a VPN:
- Unblock geo-restricted streaming sites and content.
- Unblock censored sites in restrictive countries.
- Hide your P2P traffic.
- Hide your IP address.
- Encrypt your traffic to make it unreadable.
- Lower your ping while gaming.
- Get surprise discounts on plane tickets, car rentals, and more.
Does a VPN Make You Anonymous?
A VPN can protect your privacy on the internet, but it can’t make you 100% anonymous. A VPN will only encrypt your traffic, making it unreadable. It will hide your IP address, so that nobody can track your location and digital footprints.
However, a VPN can’t stop sites from seeing the payment info you share with them. Also, even if you use a VPN, your ISP still knows who you are — they’re the ones who assigned you your IP address, after all.
What Does VPN Mean?
The acronym VPN stands for Virtual Private Network, meaning the service creates a private network over the web when you use it. By “virtual private network,” we mean the VPN creates a secured connection over the internet that makes your data unreadable.
What Is a VPN Service?
A VPN service is a subscription-based online service you can purchase from a commercial VPN. It provides you with access to a VPN app, which lets you connect to VPN servers to securely browse the web and unblock geo-restricted sites. NordVPN is an example of a VPN service.
What Is a VPN Connection?
A VPN connection, also called a VPN tunnel, is a secure connection established between a VPN app and a VPN server. Any data that passes through the VPN connection is encrypted, meaning nobody can spy on it.
The Bottom Line
A VPN is an online service that lets you securely browse the web. It also provides access to censored content and geo-restricted sites. We did our best to cover everything related to VPNs in this in-depth guide. But if you think we missed anything, please let us know in the comments.
Also, we’d love to hear what your favorite VPNs are — please tell us what you like about them and what you use them for.