How Does a VPN Work? Guide for 2024

By Samuel Chapman

Last update: May 8, 2024

You’re here to learn the answer to the question, “How does a VPN work?” And for that, I salute you. It’s one thing to learn about the vital security features and exciting perks of the best VPNs — albeit, one very important thing — but it’s quite another to understand exactly how a virtual private network protects you.

Once you comprehend how a VPN works, you’ll be much better placed to reap the benefits of its protection, while also grasping which areas a VPN can’t protect. In this article, I’ll explain what “VPN” stands for, how a VPN protects you, and what you can and can’t do with a VPN. By the end, you’ll be able to pick the perfect VPN without falling into any of the common traps.

VPN Meaning Explained: What Does “VPN” Stand For?

VPN stands for virtual private network. Working backwards through that name provides a clear sense of what the technology does. It’s a network of servers, private because you can only access it with a subscription or credentials, and virtual because it only exists digitally. VPNs have physical data centers, but it’s their digital presence that matters.

As I explain in more depth in my What is a VPN? post, a VPN is a way to get online without broadcasting your identity to the world. The VPN app encrypts your internet traffic and then decrypts it at one of its own servers. As long as you’re connected, the internet only sees the VPN server, not your device.

What Types of VPNs Exist?

When I talk about VPNs, I’m usually referring to personal VPN client apps, which let individuals use encrypted servers to get online anonymously. This isn’t the only type of VPN, though. A remote access VPN can be used to access a secure network — like you’d find in a school or office — from another location. That’s actually the original purpose that VPNs were invented for.

You may also find a site-to-site VPN that links two secure networks into one, and extranet VPNs that control outside access to a system of multiple linked networks. I just wrote a longer explanation of the types of VPN, so I won’t go into much more detail here; click that link for the full story.

The History of the VPN

The first VPN protocol, PPTP (Point-to-Point Tunneling Protocol), was invented in 1996. At that time, businesses and institutions had begun connecting their on-site computers through intranets, which let them easily share files without using email. PPTP allowed users to connect to the intranet even when they were at home or traveling.

Through the VPN, employees could even use their work laptops like they were really at their desks. This led to an unintended benefit. If an employee connected to the larger internet while using their work computer remotely, their internet service provider (ISP) and destination websites only saw the work computer, not their home computer.

Some companies realized the business potential here and built networks of servers that could act as proxies:borrowed IP addresses that anybody could use to access the internet while hiding their real identity and location. Many of them built client apps to help inexperienced users connect, and the modern VPN service was born.

How Does a VPN Connection Work? 

A VPN connection depends on a VPN protocol. In the tech world, a protocol is a set of instructions that lets two devices interact even if they’ve never communicated before — like how you can speak to a complete stranger as long as you share a language. You’ve probably heard of the Hypertext Transfer Protocol (HTTP), which lets servers display web pages on your device.

VPN protocols connect unfamiliar devices in the same way as any other protocol, but they have an additional task: applying encryption to any data that moves between a computer and a VPN server. This secure connection, where data is encrypted on your computer and decrypted by the VPN, is known as a VPN tunnel. More on how that works in a moment.

When you’re protected by VPN encryption, anybody who monitors your internet connection — from the ISP to hackers to the government — can only see that a VPN server is requesting to view certain websites. All the information they could use to see who is making those requests, or where they’re coming from, is encrypted gibberish.

What Is a VPN Server?

A server is a computer that provides services to other computers. Most servers are used for hosting websites — while a web page can be visible on any browser, the server is where it’s actually located. A VPN server is different. Its purpose is not to host websites, but to interact with other servers on behalf of a user who hides behind an encrypted connection.

When you connect to a VPN, you’re actually connecting to one of the VPN’s servers. This server receives all your requests and sends them on to their destinations, while the world only sees the VPN server’s IP address. A VPN’s list of server locations is like a menu of identities you can assume.

Some VPNs use virtual servers to provide IP addresses in countries other than their physical locations. This is useful for countries like India and Russia, where having real servers is currently impractical. To learn more about virtual servers, read my What is a virtual server? guide.

The Technical Functionality of a VPN Tunnel

This part is going to get a little nerdy, but hey, you’ve already read this far. You likely know that the term “VPN tunnel” is a metaphor for how a VPN encrypts your connection, scrambling it before it leaves your router and only unscrambling it at the VPN server. It’s as though the traffic moves through a tunnel that keeps it invisible from the outside.

The trick is that each packet of data includes instructions that tell routers where to send it. Packets also have to be reassembled into complete messages at the destination. If all the data is encrypted, servers and ISPs don’t know where to send it in either direction.

VPN protocols solve that problem through encapsulation: wrapping each packet in another packet. The outer packet contains the instructions that get the data where it needs to go without ever breaking the encryption and revealing what’s inside. I’ve always thought that mailing a sealed package would be a better metaphor than a tunnel, but you can’t choose what sticks.

Do VPNs Work on a Phone? iPhone & Android Apps 

Yes! VPNs work on phones, tablets and other mobile devices with all operating systems, though most are best configured for iOS and Android. VPNs work exactly the same way on mobile as they do on desktop, though they can also encrypt traffic on cellular data networks.

In fact, whether it’s through a native app or an installation on a router, a VPN can protect any device capable of getting on the internet — from smart TVs to game consoles to Internet-of-Things refrigerators. Any device with an app store probably has at least a few VPN apps.

Can a VPN Protect My Data on Public WiFi? 

The main risk of using public WiFi is known as a man-in-the-middle (MITM) attack. Broadly, MITM refers to any exploit in which the hacker inserts themself into a transaction to steal information, access or money. Criminals can use data sniffers to search public WiFi traffic and find vulnerable devices.

A VPN can protect you here. With all your data encrypted, the hacker won’t be able to learn anything about your device, leaving them with nothing to exploit. I strongly recommend using a VPN if you’re ever transmitting financial information or other sensitive data on an unsecured network.

What Is a VPN Used For: Benefits of Using a VPN Service

Now that you know what a VPN does and how it works, the next question is why. This section is a (necessarily incomplete) list of all the things a VPN can do for you.

Disadvantages of Using a VPN Service 

Most of these are less disadvantages than they are things a VPN can’t do. VPN providers are prone to making pie-in-the-sky claims on their websites, so make sure to always check the marketing against this list before you spend money.

VPN Protocols Explained: Encryption

You’ve learned by now that a VPN protocol is the heart of any VPN software. The protocol mediates between your device, the VPN servers and the internet servers, maintaining your encryption until the opportune moment. Here are the most common VPN protocols.

• OpenVPN: This popular open-source protocol has been vetted by volunteer experts for over 20 years. It comes with two transport protocols: UDP (faster) and TCP (recommended if your connection keeps dropping).
• WireGuard: A trendy new protocol that I’ve found to be generally faster and more stable than OpenVPN. However, some of its speed comes from temporarily saving IP addresses, so make sure your VPN has a solution to regularly erase those logs.
• IKEv2: Developed by Microsoft and Cisco, this closed-source protocol uses IPsec (Internet Protocol Security) to authenticate connections. It’s recommended for unstable connections or mobile networks.
• SSTP: Another protocol owned by Microsoft. SSTP (Secure Socket Tunneling Protocol) is secure but hard to set up on non-Windows computers.
• L2TP: This protocol is not encrypted by default, so it uses IPsec to provide security. It’s largely considered to be outdated.
• PPTP: Microsoft’s first protocol is now obsolete, and it relies on a cracked encryption algorithm. Do not use PPTP.

Many VPNs advertise their “top-tier” or “bank-grade” encryption, but don’t be fooled: 99% of them are using the same two ciphers, AES-256 or ChaCha20. Both of these are considered secure by expert cryptographers.

How to Choose a VPN Provider

If I’ve convinced you that VPN technology is worth your money — and I hope protection, privacy and a world of streaming fun are enough to do that! — here are the factors to look for when shopping around. I’ll spare you some time and say I recommend ExpressVPN above all the others.

Setup: How to Install a VPN Provider

Of course, you can’t get any of a VPN’s benefits until you download and install it on the device you’re using. Here’s a quick guide to how that works, using ExpressVPN on a macOS laptop as an example. If you want to know why I always think of that service first, see my ExpressVPN review.

• 1. Go to the VPN’s Website

VPNs approach downloads and installation in different ways, but unless there’s a free plan, you usually have to pay and create an account before you can use any clients you download. On ExpressVPN, either click “get ExpressVPN” or find the download page for your device.

• 2. Subscribe to the VPN

If you’re using a paid VPN, select a plan, enter a payment method and create your account. Even with free VPN services, you’ll normally have to make an account at this point.

• 3. Download and Install the VPN

Download the latest version of the VPN for whichever device you’re using. On desktop, an installation wizard will take over for the setup. On mobile, you’ll just have to download the app from the relevant app store.

• 4. Log In With Your Credentials

Open the VPN app and use the account information you created to sign in. Now you’re ready to configure the settings, choose a server location and get browsing.

Conclusion

The more you know about how a VPN works, the better you can separate the hype from reality. I’ve seen VPNs claim they can double your download speed, unblock 100% of streaming libraries and protect you from every possible danger. Others like to state that bog-standard features like encryption are somehow a cool bonus.

Although the reality is more nuanced, VPNs are still remarkable pieces of software, backed up by infrastructure networks that span the world. They protect your browsing habits from prying eyes, conceal your location, make public networks safe and open up new entertainment options — all with a few relatively simple protocols.

Got any more questions about how VPNs work? Did anything I wrote above not make sense? Will you use your new knowledge to make a good choice for your next VPN? Let me know in the comments, and thanks for reading!

FAQ: How Does a VPN Work?

• How Exactly Do VPNs Work?

  VPNs encrypt all the data your device sends to the World Wide Web. The data goes to a VPN server, which decrypts it before sending it on to its destination web server. Because the first step of the trip is concealed, nobody can see exactly what you’re doing online.

• How Does a VPN Work With WiFi?

  VPN encryption begins on the device that has the VPN installed. By the time you reach WiFi, you’re already protected. Even if you’re using the WiFi at work, nobody else in the office will be able to see what you’re doing.

• Can a VPN Be Tracked?

  The biggest risk when using any VPN is the VPN provider itself. Even when your ISP can’t see what you’re doing, the VPN owner may have this ability. That’s why it’s so important to choose a provider like ExpressVPN with an independently corroborated reputation for privacy.

• What Actually Happens When You Use a VPN? 

  A VPN wraps every data packet that leaves your device in another packet. This encapsulation allows it to reach its destination while still being unreadable. Since it can’t be traced back to you, you can use the internet with the VPN server as your proxy, becoming functionally anonymous.