Helping people with computers... one answer at a time.

A VPN or Virtual Private Network is a way to security connect with machines elsewhere or to securely connect to the internet from an unsecure location.

What is a VPN? How can I establish a VPN network? How can I get connected to it?

VPN stands for Virtual Private Network.

A VPN is a network of computers connected to each other virtually - using another network, like the internet, to carry the data. A VPN is private because even though the data might be carried over a public network, only those machines which are allowed to connect to the VPN can see the other machines on the VPN.

That's already getting complicated. I'll try and diagram it out a little.

The Internet and Your Office or Home Network

A Basic Internet Networking Scenario

In most network setups for home and business, your computers are connected through a router to the internet. That router handles the sharing of that single internet connection among your computer, but it also protects your computers from being "seen" by other computers on the internet.

By that, I mean that, while your computers can connect to each other and can connect out to resources that might be out on the internet, computers that are on the internet cannot connect directly to your computers behind the router. That's why we typically refer to a router as a firewall, and a pretty good one at that.

Unfortunately, that can be a problem when you're traveling.

A Basic Networking Scenario, with a laptop on the road

In this case, your laptop may be able to access the internet just fine, but it can't access any of the computers or other resources back home or at the office - the router prevents it.

A VPN is a solution.

A Basic Connect-Home VPN

A Basic connect-back-to-home VPN

When a Virtual Private Network is created, it connects your remote laptop to your home network through the internet. The virtual network allows your remote computer to connect to any of the resources on your home network as if it were right there behind the router with them.

I'll say that again, because it's the key point of this type of VPN: when connected to this VPN, it's as if your remote laptop were behind the router with the rest of your computers at home or work.

Depending on the configuration of the VPN and your computer, you may be able to access only the resources on the virtual network, or both of those resources and the rest of the internet either directly as usual or by routing first through the VPN back home.

Another advantage of this VPN is that the information that travels on it is usually encrypted; that means that all of the information flowing between your computer and the machines back home or at the office can't be seen by computers that are not themselves part of the same VPN.

That encryption actually becomes the basis for a different kind of VPN, which I'll call the "coffee shop" VPN.

A VPN used in a Coffee Shop or Open WiFi Hotspot

VPN Service in use

In this case, the VPN is established not between your work or home and your laptop, but rather between your laptop and a VPN service. All of your internet traffic is then routed through this service.

Your data is sent from your computer to the service over the internet, but that leg of the journey is encrypted by the VPN that you have established with the service. Then, your data travels on from that service to its intended destination elsewhere on the internet. The return traffic takes the reverse path - first to the service, and then on to you though the encrypted VPN.

Why bother? Well, as I've written about before, open WiFi hotspots can be dangerous places; anyone with a laptop and the right kind of software can snoop in on any unencrypted traffic. A VPN encrypts all of the traffic between you and the service, making your connection impervious to snooping.

Setting Up A VPN

I will say this: setting up your own VPN - perhaps grabbing open source VPN software and having a go at it - is not for the faint of heart. I've considered it, and set it aside as too difficult to set up and too easy to get wrong.

So ... good luck with that.

Instead, focus on one of these alternatives instead.

  • Hamachi - LogMeIn Hamachi is a free-for-personal use VPN. You run the Hamachi client on any number of computers and those computer are then connected to each other via the Hamachi VPN. It's perhaps the easiest solution for folks who simply want to connect back to their home network. It's what I use when I'm traveling exactly for that purpose.

  • VPN Routers - This is on my list to investigate. Routers can now be purchased that include various forms of VPN technology built in. Rather than buying a software solution, such as Hamachi, using a VPN-supporting router should allow you to simply use the VPN client options already built in to Windows to connect.

  • VPN Services - There are a number of VPN services, both free and paid, that handle the coffee-shop scenario which I've described above. Most suffer from some amount of performance degradation as the data has to go through an additional server layer, and the free services may simply not have the resources to keep up. I have heard good things about WiTopia and HotSpotVPN, but I have not used either, or any of the free services that are out there.

Article C4793 - April 15, 2011 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

8 Comments
vincent
April 17, 2011 6:05 AM

Hey Leo,

What's the difference between Hamachi an a service like teamviewer then?

I'm not that familiar with team viewer, but it *looks* like you do all your work through teamviewer tools and interfaces. Hamachi just connects a network, and you use normal windows tools as you would as if the machine were in the next room on the same local LAN.
Leo
17-Apr-2011

Lester
April 19, 2011 9:09 AM

You can set up a VPN to your home or work computer in teamviewer, then connect through it. Team viewer does far more than that, but if you're using it already, then this is an obvious route. However, it's only free for personal use. It's an honor based system, but...

Steve
April 19, 2011 1:57 PM

Awesome text and diagrams! Jeez Leo you are so good at what you do!

Lynette:
April 19, 2011 4:49 PM

Brilliant explanation, I do use a VPN from home to work (not set up by me) and it is an excellent tool but it is great to have the time to read your text and, as the last guy said fabulous diagrams of how it all works. Thank you very much, really much appreciated.

Andy
April 20, 2011 4:12 AM

I've been using WiTopia for just over 2 years when the need arose to access web sites that were not accessible via my host country's ISPs (due to whatever ridiculous justifications laid by the powers that be). Nonetheless, this VPN works wonders. I use it a few times a week on average, and the best thing about it is that I could pick where I want my virtual IP address to show (meaning which country). It works out well for me when certain programs or content is restricted to particular geographies and regions not normally available to me. Most importantly, it allows me to surf the internet unabated by the despotic and probably prying eyes of those in power. There's more to VPN than meets the eye!

Eli Coten
May 24, 2011 2:18 PM

One thing you didn't mention is the fact that Windows XP (Pro) does have a basic VPN server built in. I assume some editions of the more recent versions of Windows also have some sort of VPN Client. It's relatively easy to configure and shows up in Network Connections as "Incoming Connections".

Morpheus Exegis
January 4, 2012 8:35 AM

I usually perfer to keep my sensitive information to myself. while Hamachi, teamviewer, logmein and others are a great choice for casual homeuser or students with little sensitive information, for professionals there are several self hosted solutions like OpenVPN, realVNC and others.

Morpheus Exegis
January 4, 2012 8:39 AM

Sorry, just a clarification before people hammer my comment. By professionals i meant small business owners. and not corporations who are better off with much better personalized solutions or medium businesses who are better off with logmein and other solutions mentioned here.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.