“Hey ISP, send this encrypted letter to VPN.” Your VPN then decrypts the letter, which contains the site address, and runs the send/receive request for you.
The part you might be confused about is how you and the VPN agree on a decryption key without the ISP figuring it out. The gist of it is:
1. Both you and the VPN randomly generate a private key, plug it into an algorithm to generate a corresponding public key, and share those public keys through the ISP.
2. This algorithm has a special property. When you combine your private key with your VPN’s public key (and vice versa: your VPN combines their private key with your public key), you’re both able to arrive at the same number. The ISP can’t get that number without knowing your private keys, making it a shared secret that you use as the decryption key.
Latest Answers