How is “Tunneling” Accomplished in a VPN?

When you connect to a VPN, all of your internet traffic is routed through an encrypted tunnel. This tunnel makes it impossible for anyone to see what you’re doing online, including your ISP.

How is "Tunneling" Accomplished in a VPN?Checkout this video:


A VPN, or Virtual Private Network, accomplishes two goals: it hides your IP address and encrypts your traffic. The process of “tunneling” is how a VPN accomplishes these goals. Tunneling is the process of sending encrypted data through an untrusted network, such as the public internet.

There are two main types of tunneling: Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP). PPTP is less secure than L2TP, but it is easier to set up and does not require a third-party server. L2TP uses stronger encryption than PPTP, but it can be slower because of the extra overhead from the extra layer of encryption.

VPN providers usually offer both PPTP and L2VP, so you can choose the one that best meets your needs.

What is Tunneling?

Tunneling is the private network equivalent of sending a letter through the postal service. It’s a way of securely sending private data over a public network by encapsulating the data in a public network protocol. This section will cover all aspects of tunneling in a VPN.

Definition of Tunneling

In computer networks, a tunneling protocol is a communications protocol that allows for the movement of data from one network to another. It involves encapsulating a data packet within another packet, which is then routed through a network. A tunneling protocol can also be used to encrypt data, making it harder for third parties to intercept and read the information.

How Tunneling Works

In computer networks, a tunnel is simply a logical connection between two network nodes. When one node wants to send data to another node, it encapsulates (or tunnels) the data inside a protocol that the second node understands. The most common type of tunneling protocol is IPsec, although there are others (e.g., GRE, L2TP).

IPsec is a layer 3 protocol that uses either AES or Triple DES encryption to provide data confidentiality and integrity. It can also use RSA for authentication. IPsec can be used in either transport mode or tunnel mode. In transport mode, only the data (or payload) is encrypted; the headers are left intact. In tunnel mode, both the data and the headers are encrypted.

One advantage of using IPsec in tunnel mode is that it can be used to create a virtual private network (VPN). A VPN allows two or more nodes on different networks to communicate as if they were on the same network. For example, a company with offices in New York and London could use a VPN to allow employees in both locations to access the company’s internal network.

Tunneling is often accomplished by creating an encrypted connection between two routers, one at each end of the tunnel. This type of VPN is sometimes called a site-to-site VPN. Another type of VPN, called a remote-access VPN, allows individual users to connect to the VPN server from their own computers.

In either case, all traffic between the two nodes passes through the secure tunnel, ensuring that it remains confidential and integrity-protected.

Types of Tunneling

Tunneling is the process of encapsulating data within other data packets. When this is done, the original data packets are effectively hidden from view, and can be transmitted across a network without being detected. There are two main types of tunneling: point-to-point tunneling and multipoint tunneling.

Point-to-Point Tunneling Protocol (PPTP)

Point-to-Point Tunneling Protocol (PPTP) is a protocol used to support virtual private networks (VPNs). PPTP uses a control channel over an IP network to set up, maintain, and terminate the tunnel. A PPTP tunnel is set up by using generic routing encapsulation (GRE) to encapsulate PPP frames. As with other tunneling protocols, each PPTP client has a “tunnel” interface on the VPN server that acts as the virtual adapter for that client.

When a user on the PPTP client dials into the PPTP server, GRE encrypts and encapsulates the PPP frames that are sent over the IP network. The frames are then decapsulated and passed to RAS at the VPN server. The RAS component on the server decrypts and authenticates the user before it passes the user’s request to NT Domain for authorization against Active Directory or other domain services. If authorized, RAS then passes the user’s request to ISA Server for routing across the Internet or other external network.

Layer 2 Tunneling Protocol (L2TP)

Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs). It uses a combination of the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Forwarding (L2F), and provides security features that are absent in PPTP. L2TP is supported by most VPN providers and is generally considered more secure than PPTP.

Internet Protocol Security (IPsec)

Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) traffic. It is
usually used in Virtual Private Networks (VPNs). IPsec includes protocols for ensuring the
confidentiality, integrity, and authenticity of data packets.

IPsec uses two types of cryptography: symmetric-key cryptography and public-key cryptography.
Symmetric-key cryptography is used to secure the data confidentiality, while public-key cryptography is used for data integrity and data authenticity.

IPsec employs two different modes of operation: transport mode and tunnel mode. Transport mode encrypts only the data payload of a packet. Tunnel mode, in contrast, encrypts both the header and the payload of a packet.

Secure Sockets Layer (SSL)

Secure Sockets Layer (SSL) is the most common type of tunneling used in a VPN. SSL is a protocol that uses a combination of public key and symmetric key encryption to secure communications between two computers. In order for an SSL tunnel to be established, both the server and the client must have SSL certificates installed.

Once the certificates are in place, the server and client can begin the SSL handshake process. This process starts with the client sending a message to the server that includes the client’s SSL certificate. The server then checks to see if the certificate is valid and, if so, sends back a message that includes the server’s SSL certificate.

Once both sides have exchanged certificates, they can begin encrypting and decrypting data using the public and symmetric keys. One advantage of SSL is that it can be used with a variety of port numbers, which makes it more difficult for firewall administrators to block traffic that is passing through an SSL tunnel.

Another advantage of SSL is that it offers a degree of authentication. Not only does each side have its own certificate, but each side also has a private key that only it knows. This means that each side can be reasonably sure that it is communicating with the intended partner and not with an imposter.


Tunneling is the process of encapsulating data within other data. In a VPN, tunneling is used to encrypt data before it is sent over a public network. This ensures that the data remains private and cannot be intercepted by anyone who does not have the proper encryption key. Tunneling also allows for the sending of data over a network that would otherwise not be able to support it, such as a home computer connected to the internet via a modem.

Leave a Comment