VPN from A to Z: How it Works and How to Choose the Right One

What is a VPN and What is it Good For

A virtual private network, or VPN for short, enables one to set up a secure private connection on an unsecured network environment such as the Internet. The word “private” indicates that the connection is not only protected from eavesdropping or manipulation but also hides data concerning the communicating parties, e.g. their IP addresses. No unauthorised person can discover the content of the communication, who is communicating, with whom, nor from where. In addition to protecting privacy, VPNs can also circumvent geographical restrictions.

Encryption: The Basis of Secure Communication

The operation of a regular computer network is not secured in any way. Anyone can read the data transmitted over the network or find out the data’s sender and recipient, similar to how anyone at a post office can read the text on a postcard sent from holiday. Although we can write this text in a secret font that only the recipient can understand, we cannot hide the location to which nor from which we are sending it. Similarly, we can encrypt the content of the data transmitted, such as over the Internet, but the IP addresses of the communicating parties will remain visible. At the same time, the IP address not only identifies the device in the network but also its geographical location. High-quality data encryption will protect the content communicated but will not ensure its privacy.

Tunnelling: How a VPN Transfers Data

To ensure the anonymity and integrity of an entire data transmission, technology known as tunnelling is used. This name comes from the connection through which data flows between communicating parties, which is closed on both ends and therefore resembles a tunnel. Once again, encryption is the key to tunnelling. Original data packets with already encrypted data are re-encrypted as a whole upon being sent. This hides all contents, including IP addresses and more, and inserts new so-called VPN packets. Although these are transmitted normally over the network, no one except the sender and recipient can decipher them and see their contents.

Of course, this tunnel through which the data packets can travel safely must first be created. Many of us who work from home at least occasionally know this procedure very well and know that before remote access from a computer, laptop, or mobile phone can be granted, we must first log in to the company network. What does this really mean? After entering your credentials, the VPN client on your computer connects to the remote VPN server and verifies your permission to use the VPN connection. Subsequently, the server and client set unique encryption parameters to ensure that only they, and no one else in the network, can decrypt the forwarded packets. This creates the VPN tunnel and readies it for data transfer.

Today, a number of so-called tunnelling protocols ensuring differing levels of security and compatibility between devices are used to create secure VPN tunnels. These include, for example, the extended, flexible, and secure OpenVPN protocol, the stable and fast IKE2/IPSec suitable for modern devices, and L2TP/IPSec, which provides a decent level of security and compatibility. In a Windows environment, the SSTP protocol, developed by Microsoft, is particularly widespread, as is the older PPTP tunnelling protocol. While this protocol provides a lower level of security, it is simplistic and highly compatible.

More Than Just Security

Using VPN services does not just provide privacy protection and secure business connectivity over public or untrusted networks, as connecting to internet banking via public Wi-Fi networks in hotels, cafes, shopping malls, or airports without a secure VPN, for example, can be considered quite a gamble.

On the Internet, VPNs also protect against surveillance and profiling, as advertising networks, state censorship, and even ISPs cannot see into a VPN tunnel.

When travelling to countries with limited access to internet services, a VPN will allow you to connect to popular—often banned—portals in that country. There are some countries that block even common information channels, meaning you may not be allowed to access certain major news networks without a VPN.

On the other hand, using a VPN to access the Internet in another country can help bypass what is known as geo-blocking, i.e. restricting access to services intended only for that country or region.

MPLS and VPLS: Mysterious Abbreviations and What They’re Hiding

VPN connections, especially from large providers, often feature all sorts of mysterious abbreviations such as MPLS and VPLS. Let’s take a moment to describe, at least briefly, what they mean and what is hidden behind them.

Multiprotocol Label Switching (MPLS) is a network packet transmission technology using so-called label switching. Several companies in the mid-1990s, including Cisco, IBM, Epsilon, and Toshiba, began developing the idea of MPLS at the same time. In 1996, Cisco introduced its own system called Tag Switching, which became the basis for a compromise between the multiple proprietary systems being developed and contributed to the standardisation of MPLS in 1997.

The idea of MPLS is very simple at its core. Packets transmitted by MPLS are connected to a label, which then determines their path through networks. Devices on the network forward packets based on connected labels instead of IP addresses. MPLS thus allows you to create a secure anonymous VPN tunnel and also shortens the packet transfer time by eliminating the relatively time-consuming process of analysing router IP addresses. This technology is protocol-independent, flexible, easily extensible, and supports quality of service (QoS) operations, as it easily prioritizes transmissions. However, one disadvantage is that the network must contain elements supporting MPLS, though this technology has become standard.

In contrast, Virtual Private LAN Service (VPLS) refers to the secure connection of local premises via ethernet technology. VPLS builds on MPLS with the goal of allowing companies to connect multiple branches so that they behave as a single large network, even across different physical locations. Put simply, VPLS is actually an ethernet network that uses MPLS to transfer data. Today, VPLS is starting to be replaced by more modern EVPN technology.

How to Choose a High-Quality, Secure, and Reliable VPN

Whether you are looking for a remote connection a company network, a secure connection between corporate branches, or a purely private means of increasing internet security, it is vital to always choose a trusted VPN provider complete with safety certifications, audited service, and agreed service parameters. The larger the VPN network a provider operates on its own private data networks, the safer and more reliable its VPN services are considered.

Important factors when selecting a VPN service include not only the reputation of the provider but also the strength of their encryption protocols, connection speed, the number of VPN servers available in different countries, and support for various operating systems (e.g. Windows, macOS, Linux) as well as for mobile devices. Other security features or protections that the provider offers are also worth considering.

Most free public VPNs are definitely not recommended, especially those from an unknown or hidden provider. It is not uncommon for these services to track and sell data to advertising agencies or other interested parties.

VPN from České Radiokomunikace

CRA’s VPN service guarantees security and quality while communicating and transferring data between branches, working from home, or from the field. Our proven technologies, encryption, and protection against cyberattacks make communication truly private and secure, without delays or failures. It includes:

• VPN able to be used throughout the Czech Republic
• Single-connection access to both the company VPN and Internet
• Quality of Service (QoS) support
• Nonstop helpdesk

We provide home office and field workers with a secure, encrypted connection over public Internet. Our service can be used independently of Internet providers, and transmission speed is only limited by that of the given Internet connection.

See for yourself