A VPN (Virtual Private Network) is defined as a virtual private network, meaning a network that allows you to enjoy the benefits of a private network while routing traffic through the Internet. In practical terms, this means that a client connected via VPN will have a private address belonging to the network it connects to, as if it were actually physically connected to that network, even if it is actually connected to the Internet.

Private Networks

An organization spread across a large geographical area that wants to communicate in complete security might consider using a private network, meaning a dedicated network where information is accessible only to those connected to that network. However, large-scale private networks are extremely expensive, as all the connections and equipment necessary for the network to function must be purchased, maintained, and installed. To use a private network without actually owning one, you can use VPNs, virtual private networks that provide the same benefits as a private network even if the network traffic travels over the Internet.

Security of Private Networks

For a VPN to guarantee the same security as a private network in all its aspects (primarily regarding privacy), traffic traveling over the Internet must be encrypted.

The most effective way to encrypt traffic is to implement encryption in the Network Layer of the ISO/OSI stack, using the IPSec protocol. With IPSec, the entire IP packet destined for the VPN is encrypted and encapsulated within the IP packet destined for the Internet. This way, an attacker has no way to obtain any information from the packet, other than the public sending and destination addresses. Spoofing or man-in-the-middle attacks would be ineffective against this type of protocol.

Of course, implementing IPSec requires a whole series of additional configurations on the network devices involved. In particular, it is essential that:
Routers are enabled for IPSec;