Summary
A VPN (Virtual Private Network) builds an encrypted tunnel between two endpoints over an untrusted network so that remote systems behave as if they were on the same private network.
What is a VPN?
A VPN encapsulates and encrypts network packets between two endpoints — typically a client and a gateway, or two gateways — and forwards them over the public internet. The endpoints terminate the tunnel and present the decrypted traffic on a virtual interface as if it had arrived directly from the other side.
Two big families dominate the market. Traditional concentrator VPNs (often SSL-based) route all traffic from every user through a central gateway that sits in front of internal services. Newer mesh VPNs build direct, encrypted peer-to-peer connections between every authorised client and only keep identity and policy on a central plane. WireGuard is the protocol that made the mesh model practical.
VPNs are used for remote workforce access, site-to-site connections between data centres or clouds, and increasingly as the transport layer for Zero Trust Network Access. Where classic VPNs treat the tunnel as a trust boundary, modern designs combine the encrypted overlay with per-request identity and policy checks.
Why is a VPN relevant?
- Confidentiality: Encrypts traffic against eavesdropping on untrusted networks
- Reach: Lets remote users and sites talk to private resources without exposing them publicly
- Compliance: Required by many regulations for any access to sensitive systems
- Foundation for Zero Trust: Modern VPNs combine encryption with identity-based access policies
Related Terms
- WireGuard: Modern VPN protocol behind most mesh implementations
- SSL VPN: Traditional concentrator VPN family
- Mesh VPN: Peer-to-peer VPN topology that replaces central concentrators
- Zero Trust: Security model that complements modern VPNs with identity checks
- Firewall: Often combined with VPN gateways at the network edge