Since I’m going to talk more about VPNs in the upcoming weeks, I’m going to explain the different types of VPN here. No configuration guides, but an explanation so it’s clear what is what.
For those who aren’t sure what a VPN is: a Virtual Private Network is an encrypted connection between two or more devices over a public network. Some may argue that it doesn’t necessarily has to be encrypted, but when it’s not, that’s called a tunnel (for me at least). Here’s a list of the types:
Site-to-site VPN
Often abbreviated to S2SVPN. It’s a connection between two sites and encrypts all traffic between two (or multiple) subnets. There are two types of S2SVPN:
- Policy-based: interesting traffic triggers an ACL and is encrypted and sent to the remote VPN peer.
- Routed: traffic is routed into an encrypted tunnel to the remote VPN peer.
For a detailed explanation and configuration, Jeremy made some excellent posts about this on Packetlife: Part 1 for policy-based and Part 2 for routed.
DMVPN
A dynamic multipoint VPN is not a protocol but more a technique using different protocols. One or more central hub routers are required, but the remote (spoke) routers can have dynamic IPs and more can be added without having to modify the configuration on the hub router(s), or any other spoke routers. The routers use a next-hop resolution protocol, combined with a dynamic routing protocol to discover remote peers and subnets. The VPN itself is a mGRE tunnel (GRE with multiple endpoints) which is encrypted. This way, traffic between spoke routers does not have to go through the hub router but can be sent directly from spoke to spoke.
Client VPN
A client VPN is an encrypted connection from one device towards a VPN router. It makes that one remote device appear as a member of a local subnet behind the VPN router. Traffic is tunneled from the device (usually a computer or laptop of a teleworker) towards the VPN router so that user has access to resources inside the company. It requires client software that needs to be installed and configured.
SSLVPN
This type of VPN works like a client VPN. The difference is that the remote client does not need preconfigured software, but instead the browser acts as VPN software. The browser needs to support active content, which every modern browser supports, either directly or through a plug-in. Traffic is tunneled over SSL (or TLS) to the SSLVPN router. From a networking perspective, traffic is tunneled over layer 4 instead of layer 3. The benefit is that the remote user does not need to configure anything and can simply log in to a web page to start the tunnel. The drawback that you’ll likely need a dedicated device as SSLVPN endpoint because this is not a standard feature.
Reggle 
I think there are more types of VPN and also You didn’t mention, which VPN is more popular and mostly used. Anyway, Nice article. At least I get something about VPN.
Hi Rakib!
There probably are more types, but I dare to say they are going to be variants of the ones listed here. It’s hard to say which one is more used: they all serve a different purpose.
Ok, I got it. Thanks for fast reply. Did you modify the article? I think I saw 3 types early in the morning in this writing.
Strange, I didn’t make any changes to this article. Usually if I change anything, it’s the spelling errors.
Right Reggle perhaps you can explain to me the difference between VPN and P2P (TOR etc) or are they the same thing. Because as I understand it from my rudimentary knowledge although P2P is encrypted the end computer must decode and read the request before it can be forwarded and at this point information is vulnerable to detection. Furthermore I understand that very few computers are available at any one time for that decoding process because the P2P networks have so few actively participating members relatively, so this means that some type of traffic logging process can take place across such a small number of available decoding computers, 2000 or less at times depending on your platform. I have probably used the wrong terminology but I hope you can make sense of what I am getting at.
I’m not sure what you’re getting at. You’re using ‘P2P’ often in your questions. If you mean ‘point-to-point’: most VPN’s are point-to-point. If you mean ‘peer-to-peer’: peer-to-peer connections aren’t envrypted by default. TOR, which you mention, does do that.
TOR is in essence a VPN: your computer encrypts packets and sends them into the TOR ‘cloud’. Encryption layers are added and removed and at some point the last encryption layer is removed and the packet pops out of a random computer on the other side of the world. True: at that point it is vulnerable to detection. Although the TOR network makes it difficult to find out where the packet came from, it still can be checked what is the payload. Using your real name on such a network, for example, would render the encryption useless.
Encoding and decoding takes CPU, but not that much on a modern computer. Bandwidth is going to be the bottleneck.
I hope this explains some things. Greetings!
Thanks for the reply Reggle. Yes you understood what I was driving at, peer to peer was what I was referring to. I’m new to VPN and networks and know very little about them or programming. However I did read Jeremy’s articles and have gleaned from the articles that none of the variants of connecting make information invulnerable. All have their advantages and disadvantages and vulnerabilities. Would I be right in saying that? However I do believe from the reading I have done that creating your own VPN, rather than using one of the VPN provider sites listed on a search engine or using a program like TOR, would be preferable for a control freak like me that really only uses www, would that be right? Or are their considerations other than wanting to know all the details about whats happening to my information? Also if you believe that it is worthwhile pursuing self created VPN which of the above models would you recommend I should concentrate on for best internet security?. And given the knowledge I have should I pursue the line of fully understanding VPN or would connecting over the internet via a program like TOR be sufficient? Or perhaps you could recommend a specific course I could do to understand this. I know this is basic stuff but would appreciate your input. I wont bother you anymore I’ll do some more research and perhaps get back to you later.
Your question is one asked by many people. And unfortunately, there’s no foulproof way. If you value internet privacy above everything else, TOR really is your best choice.
Setting up a VPN yourself would require trust from another party to set up the VPN with.
You can use friends you know, which can be traced back to you.
You can use a free VPN service, which I would never trust because you don’t know what they’ll do and you can be sure they’ll want to make money somehow.
Or you use a paid VPN service (random example, http://torguard.net/), but that costs money, and on top of that I don’t know if these companies would treat information of you.
TOR is decentralized and not made with profit in mind. It is used however by many with malicious intend.