All VPNs have one thing in common: they make your internet connection more secure. Consumer VPNs are used as proxies to hide web browsing, circumvent geo-blocking for video streaming services, and secure browsing over public Wi-Fi.
Business VPNs safely connect employees to a network, be it a private network like corporate WANs, or a public network like the Internet. However, they differ according to the use case they serve, which forms the basis for their categorization.
These differences may also extend to their installation and operation. In this article, we’ll look at the different types of VPNs, their use cases, how they function, and how to choose one that fits your specific use case. But first, we’ll have to understand what a VPN is.
In the last couple of years, there have been two major trends in the business world: migration of corporate resources to the cloud and massive adoption of hybrid and remote work modes.
As a result of these trends, most corporate resources and many employees who use them no longer reside on-prem. Therefore, there’s a need to provide access to these resources without exposing them to cyber criminals.
This is where VPNs come in. A VPN is a technology that provides this much-needed secure remote access to corporate resources, whether they’re in the cloud or on-prem.
Most people that think of a VPN visualize a client software on their device, but the software is not the actual network. It’s usually offered as a service by a VPN provider and helps you connect your device to various company resources.
There are several types of VPNs you should know about as you’re deciding which one is best for your needs.
If you want to give your remote employees access to your company’s network individually, then Remote Access VPN is the way to go. All VPNs are essentially remote-access, except for legacy VPNs which aren’t (and shouldn’t) be used by your company. Switch to a cloud-based VPN for all of your security needs.
This kind of VPN operates a client-to-server connection type, which means that each user has credentials and registered devices (with client software installed on each device) only through which they can gain access to the private network on which the VPN is provisioned.
To gain access to this network, the following has to happen.
Examples of specific use cases include:
If you want to join two or more Local Area Networks (LANs) situated in different locations into a single Wide Area Network (WAN), consider Site-to-Site VPN.
There are two scenarios where a site-to-site VPN may be implemented.
Site-to-Site VPNs are adapted to particular use cases and are provisioned accordingly. However, there are two overarching ways to implement them.
In this scenario, the VPN utilizes the public internet to connect two or more LANs at different locations. Site-to-Site VPN may be provisioned in two ways under this scenario.
Here, networks are connected using gateways. The VPN establishes a tunnel between the gateways of the connecting LANs to facilitate encrypted communication. The sending network encrypts the communication, while the receiving network decrypts it.
A downside of using the IPsec tunnel is that, due to the level of configuration involved, it is complicated to scale as the number of connecting networks increases. This leads us to the second kind of VPN.
This method is used when the IPSec tunnel is not an option- usually when there are many LANs to connect (often in hundreds or thousands) and configuring IPSec tunnels is not feasible.
Instead of using the gateway-to-gateway connection as is obtainable in the IPSec tunnel VPN, DMVPN utilizes a hub-and-spoke model where all the branch office LANs connect to the main office LAN. Branch office LANs can also be configured to connect to one another.
Due to the use of network addresses to send data packets (which may have to go through many points before it gets to their destination), Internet-based VPN connections over a WAN may have latency issues and tend to deliver poor performance.
This problem is solved by MPLS, which uses ‘labels’ to route data packets through the shortest possible path to their destination. Reducing routing time coupled with the presence of multiple protocols will usually translate to increased network performance and, therefore, better user experience.
A downside of this method is its cost.
A personal VPN is built to facilitate anonymity and traffic encryption for private individuals who browse the internet.
A personal VPN is an intermediary between your device (on which it is implemented) and a remote server.
Say you type in a keyword on Google with your VPN active and click ‘search.’ The VPN will encrypt your query (so that it is unreadable to all other parties online except the VPN server) and send it to the VPN server via a tunnel created between your device and the VPN server.
This server will decrypt the traffic and send it to the receiving node. When the receiving node returns a response, this process is reversed, with your device as the receiving node.
An active VPN must authenticate, encrypt and transmit data. A VPN protocol is a body of rules and procedures by which it carries out these three duties.
There are many VPN protocols, the most relevant of which are:
IPSec weighs heavily on the side of security. It facilitates a secure data exchange by encrypting the traffic and authenticating traffic sources. With its dual mode- Transport and Tunnelling modes- it can encrypt just the message or the data packet and the message contained within it, respectively.
As its name implies, this VPN protocol is open-source, meaning anyone can review its code to enhance it.
Open VPN is hard to set up but delivers excellently on both security and speed, making it one of the most secure protocols.
WireGuard is the most recent and advanced of all the protocols. It is open-source and delivers excellently on security, speed, and stability.
L2TP facilitates a direct connection to the VPN with no security. It offers neither encryption of data nor does it authenticate sessions. To amend this downside, it is usually paired with IPSec.
Another downside of L2TP is that it is lacking in terms of speed.
This is one of the oldest VPN protocols and is considered weak and susceptible to brute-force attacks. What the PPTP lacks in security, it makes up for in speed.
Microsoft built this protocol. It is considered suitable for internet privacy and is integrated into almost all browsers.
A VPN protocol is what animates and directs a VPN. All protocols have strengths and vulnerabilities; therefore, it is essential to reconcile these attributes with your organization’s needs when choosing a VPN protocol.
Business needs for a VPN differ widely from personal needs; therefore, a business VPN will differ too from a personal VPN.
On the one hand, a business may implement a VPN for reasons such as to provide secure remote access and enhance network security, performance, and access control.
Such a business will require a protocol that provides high-level encryption, source authentication, and tunneling. Therefore, the protocols chosen here should be the ones that emphasize security and speed.
On the other hand, a consumer may only need a VPN to access geographically restricted content or to stream movies and games online. The emphasis here is speed and stability.
Buying a VPN may give you a choice between Multi-protocol VPNs and Single-protocol VPNs. As with making any other choice, you should consider how your needs align with the choices presented to you, and further in this, you should consider how dynamic or static your needs are. Here are factors to consider when making such a choice.
A multi-protocol VPN allows you two things:
So you can choose the protocol most suited to your current needs and still be able to switch when your needs change.
However, with a single-security VPN, you get the specific security attribute you need without any chance of variance in the future.
Due to multiple protocols, Multi-protocol VPNs may require more work to configure.
On the other hand, single-protocol VPNs will be easier to configure since there’s only one protocol.
Multi-protocol VPNs offer the chance to respond to network needs as they change. So when speed becomes paramount, you can switch to a fast protocol and a more secure one when you need more security. By being able to respond to network needs, performance is enhanced.
On the other hand, single-protocol VPNs are more specialized and will only deliver according to their specialty.
No matter the size or complexity of your network, there’s always the right VPN to ensure secure access to your off-prem resources.
Ready to choose a VPN that’s the best fit for your organization? Book a demo today.
