How VPN Tunneling Works | Generic Example | Remote User VPN

There are many “styles” of VPNs that exist, but the fundamentals of how everything works is basically the same. A VPN, or Virtual Private Network will essentially create an overlay network on top of an existing network fabric. Sometimes the existing network is the internet, but that’s not always the case, it could also be a private network. MPLS, VPLS, VXLAN are a few examples of VPNs that don’t necessarily use the internet as the underlay.

So how do VPNs actually work? Well, in most cases additional transport headers are added to all packets meant to traverse the VPN tunnel. This is why when a VPN is in use, it could also be referred to as “tunneling”. The underlay is used for transport from one VPN endpoint to another. These additional transport headers and VPN endpoints are what creates the overlay network (the VPN). Each VPN endpoint is going to either encapsulate or de-encapsulate the packets depending on if the data is leaving or arriving at that endpoint.

Some VPNs will add an additional IP header, such as IPIP, GRE, IPSec, etc. Other times, a label or tag will be added… Think MPLS or DOT1Q. Anyway, there’s quite a bit to familiarize yourself with here. Hopefully this quick video nails down the basics.

Did you find this page helpful?

PID: 20230405-00001