VPN Tunnel

Why Trust Techopedia

What Is a VPN Tunnel?

A VPN tunnel is a secure connection between your device, such as a computer or smartphone, and a VPN server. All data sent through the VPN provider connection is encrypted.

Tunneling enables you to send data to a VPN server over the public internet without exposing it to prying eyes. Your data is protected from malicious actors, government agencies, and your internet service provider. Even if someone penetrated your connection and stole your data, it would be encrypted and impossible to decipher.


Once the encrypted data reaches the VPN server, the data can be decrypted and sent on to a website or web service. Data sent back to your device, such as information from a website, is also encrypted when it travels through the VPN tunnel.

How Does VPN Tunneling Work?

VPN tunneling involves four key steps, outlined below.

  1. Activation

    To establish a VPN tunnel, turn on your VPN and choose a server to connect to.
  2. Connection

    Your VPN software will establish a secure connection to your chosen server via the VPN tunnel. All internet traffic to and from your device will now travel through this tunnel.
  3. Encryption

    All outgoing data is encrypted before it leaves your device and enters the VPN tunnel. This ensures the data traveling through the tunnel is unreadable without the VPN software’s encryption key.
  4. Decryption

    Once data reaches the VPN server, it’s decrypted using the encryption key for your VPN software. The data is then forwarded to the website you want to connect to.

This process is repeated in reverse when a website sends data to your device – encryption occurs on the VPN server, and your VPN software decrypts data on your device.

Types of VPN Tunnel Protocols

There are several different methods, known as protocols, that VPNs can use to establish a tunnel.

Different VPN tunnel protocols encrypt your data and keep your connection private in different ways, which can impact the security of your VPN.

Let’s look at six of the most common VPN tunnel protocols.


OpenVPN is the most widely used VPN tunneling protocol. It’s highly secure and offers fast connections.


  • You can use different types of data encryption – Most VPNs use 256-bit Secure Sockets Layer (SSL) encryption with the OpenVPN protocol, but some use even more secure encryption methods such as Blowfish or Advanced Encryption Standard (AES).
  • Generates a unique encryption key for every VPN session – Even if an attacker were to get the encryption key for your connection, you can re-secure your data by simply launching a new VPN session.


  • Not as fast as WireGuard – Until recently, OpenVPN was the fastest VPN tunneling protocol available. However, the new WireGuard protocol offers faster connections.

WireGuard is a relatively new VPN protocol and was developed in 2020. It’s considered to be faster and more secure than OpenVPN. It is likely to become the most widely used protocol as more VPN platforms add support for WireGuard tunneling.


  • Regularly generates new and unique encryption keys – Your connection’s security is regularly reset without requiring a new VPN session.
  • The protocol is written with only 4,000 lines of code – By comparison, OpenVPN uses 70,000 lines of code. The smaller codebase is much easier to audit, so it’s less likely that there are unknown vulnerabilities that could be taken advantage of.


  • Static IP address – WireGuard doesn’t automatically change your IP address with every new connection. This can make it easier for attackers to find your location even if they can’t access your data.

IKEv2/IPsec combines the Internet Key Exchange version 2 (IKEv2) protocol for managing encryption keys with the Internet Protocol Security (IPsec) tunneling protocol.


  • Developed for mobile devices – IKEv2/IPsec will automatically re-establish a tunnel if your connection is lost. This can be helpful if you’re on a mobile device that may frequently change networks.
  • Fast connection speeds – IKEv2/IPsec isn’t as fast as WireGuard, but it typically offers comparable connection speeds to those achieved with OpenVPN.


  • Limited compatibility – IKEv2/IPsec is natively supported on newer versions of Windows and macOS but may require configuration changes to work on other operating systems.

L2TP/IPsec combines the Layer 2 Tunneling Protocol (L2TP) with IPsec. It’s widely considered to be insecure, and many VPN providers no longer offer it.


  • Seamless compatibility – L2TP/IPsec works natively on most operating systems, making it easy to use across various devices.


  • Potentially less secure – There are reports that the National Security Agency has found a way to breach VPNs and that it has broken LT2P connections specifically, so your data may not be fully secure.
  • Slow – L2TP/IPsec connections are slower than those made with OpenVPN, WireGuard, or IKEv2/IPsec.

Secure Socket Tunneling Protocol (SSTP) is a secure, moderately fast VPN protocol developed by Microsoft.


  • Good at getting past firewalls – This makes SSTP the ideal protocol for unblocking websites that have geolocation limitations.


  • Only works on Windows and Linux – SSTP tunneling was designed specifically for Windows and generally won’t work on other operating systems.
  • Closed-source code – The code underlying this protocol isn’t open-source, so security analysts can’t look through it to find vulnerabilities.

Point-to-Point Tunneling Protocol (PPTP) is a VPN protocol that Microsoft developed in the 1990s. It’s rarely used today because it’s relatively insecure and can significantly slow down your connection.


  • Works on legacy devices – PPTP works on older Windows operating systems, such as Windows 95 and Windows 98.


  • Insecure – The encryption methods PPTP uses are weaker than most modern encryption techniques.
  • Slow – PPTP offers limited bandwidth and slow encryption/decryption compared to other tunneling protocols.

VPN Tunnel Extras – Split Tunneling and Kill Switches

VPN kill switch

Split tunneling and kill switches are additional VPN software features that help you manage your VPN tunnel.

Split tunneling

Split tunneling allows you to designate what internet traffic should go through your VPN tunnel and what traffic should go through public networks.

This can be helpful if, for example, you want to stream content only available in another country while also visiting the local version of a website. In this case, you could set up split tunneling so that traffic from your streaming app goes through your VPN tunnel while traffic from your browser doesn’t.

VPN kill switches

If your VPN connection is lost – which could happen due to a software crash or momentary loss of WiFi signal – your device will likely automatically revert to sending data over a public internet connection.

Even if you’re not actively sending or requesting data when this happens, remaining connected to a website while your VPN tunnel is down could expose your IP address.

A VPN kill switch prevents this by automatically shutting down your internet connection if your VPN tunnel is compromised. A VPN kill switch is essential if you want to keep your IP address hidden.

Which Tunneling Protocols Do Popular VPNs Offer?

All VPNs use tunneling to establish a secure, private connection between your device and the internet. That said, some VPNs offer different selections of tunneling protocols.

The table below shows the protocols you can use with several popular VPN tools.

NordVPN ExpressVPN PureVPN ProtonVPN
WireGuard NordLynx X
L2TP/IPsec X X X X

Closing Words on VPN Tunneling

A VPN tunnel is key for creating a secure connection between your device and a VPN server so encrypted data can be transmitted.

All VPN software secures your web traffic with a VPN tunnel, but some protocols are more secure and offer faster connections. To find the most secure VPN for your needs, check out our guide to the best VPN apps.

VPN Tunnel FAQs

Can a VPN tunnel still be hacked?

How can I test my VPN tunnel?


Related Questions

Related Terms

Michael Graw
Technology Expert
Michael Graw
Technology Expert

Michael Graw is an experienced writer in the business and B2B tech fields. His articles can be found on Business Insider, Entrepreneur, Tom’s Guide, and TechRadar, and cover everything from corporate finance to crypto and international tech regulation. A prolific copywriter and entrepreneur, Michael has worked with a wide range of SaaS and tech companies and has his finger firmly on the pulse of B2B tech and finance.