I’ve heard the tunnel explanation before, but it’s just not doing it for me. What’s going on with the packet and the addressing itself? Traffic still has to go to my ISP before it can get anywhere else, so how is the VPN able to obfuscate my IP address and location?
In: 4
VPN server is just an encrypted relay service for network traffic.
You have software (eg. web browser) on your computer that wants to communicate (eg. send HTTP request) over internet to another machine (eg. a web server). The browser assembles the TCP/IP** packets and tells the operating system to send it out over the network to the web server.
VPN client software will establish an encrypted network connection with a VPN server, and tell the OS to send all internet traffic (or in the case of a split tunnel, *some* traffic) via that connection instead (the VPN tunnel). This traffic is encrypted in a way only the VPN provider can decrypt (not your ISP), and wrapped in another layer of TCP/IP* packets that tell your ISP to send the traffic to the VPN server.***
The VPN server receives your traffic, decrypts the outer packet to reveal the original TCP/IP** packets (the HTTP request), which are then forwarded it to the original destination (the web server). Since the web server physically receives the traffic from the VPN server, that’s the IP address it communicates with, it doesn’t know your IP at all.
Same process works in reverse for the HTTP response from web server back to VPN, via your ISP to your machine.
*You can swap this for UDP/IP which some VPNs use instead
**You can swap this for basically any network protocol that the VPN service may support, eg. FTP, SMB, SMTP, SSH
***The TCP/IP (or UDP/IP) headers are what specify the source and destination IP address and port number, this is all that’s needed to route traffic
Latest Answers