Types of VPNs
Here's a quick overview of Virtual Private Network (VPN) types:
TLS Point-to-Point
This is the most common type. You create an encrypted tunnel between your device and another device with a public IP address, which then proxies your data requests for you. This is typically done to bypass firewall restrictions, ensure all your Internet traffic is encrypted, and/or hide your web activity. For example, activating 1.1.1.1 or ProtonVPN while at the airport on a public WiFi hotspot, or connecting college servers with SoftEther, etc. While some critics point out you're trusting a third-party with your traffic, the same can be said for your ISP. A bigger caveat has historically been slower network speeds due to the encryption and extra hop in packet routing but this has become less of an issue recently with the WireGuard protocol (which has its own privacy concerns).
HTTPS Point-to-Point
While VPN is great for creating encrypted tunnels, some censoring parties (such as the Great Firewall of China) block them. To avoid detection, some VPN solutions mimic regular HTTPS traffic behavior to disguise their purpose. Examples of this are Brook and the Trojan Protocol.
IPsec Point-to-Point
If you're more worried about authenticating users than broadcasting your use of VPN (such as corporate remote-access servers), you can use X.509 certificates to authenticate connecting clients -- this is called IPsec and an example is strongSwan.
Hub-and-Spoke
P2P / Mesh
Accessing one remote server is fine when you just want to safely browse the Internet, but what about accessing a variety of devices in a remote network or protecting a whole network without the bottleneck of a gateway? Obviously setting up individual VPNs to each endpoint would be inefficient so a peer-to-peer mesh VPN allows you protect and access a whole network at once. This is especially useful when you want to communicate securely with a nearby server but a VPN gateway server would be far away. Normally you would incur a latency penalty shuttling all your traffic through the distant VPN gateway but mesh VPNs automatically determine the fastest route to your destination and optimize your traffic on the fly using advanced NAT traversal. Examples include Tinc, Nebula, ZeroTier¹, and Tailscale².
¹ can simulate hub-and-spoke with allowDefault
² can simulate hub-and-spoke with advertise-routes using 0.0.0.0/0 (available on unstable for IPv4 at the time of this writing)
Comments
Post a Comment
Keep it clean and professional...