What is a VPN?

A VPN or Virtual Private Network creates a private network connection between devices through the internet. VPNs are used to safely and anonymously transmit data over public networks. They work by masking user IP addresses and encrypting data so it's unreadable by anyone not authorized to receive it.

Let’s answer some common VPN FAQs.

What is a VPN used for?

VPN services are mainly used to safely send data over the internet. The three main functions of VPNs are:

1. Privacy

Without a virtual private network, your personal data like passwords, credit card information, and browsing history can be recorded and sold by third parties. VPNs use encryption to keep this confidential information private, especially when connecting over public wi-fi networks. 

2. Anonymity

Your IP address contains information about your location and browsing activity. All websites on the Internet track this data using cookies and similar technology. They can identify you whenever you visit them. A VPN connection hides your IP address so that you remain anonymous on the Internet.

3. Security

A VPN service uses cryptography to protect your internet connection from unauthorized access. It can also act as a shut-down mechanism, terminating pre-selected programs in case of suspicious internet activity. This decreases the likelihood of data being compromised. These features allow companies to give remote access to authorized users over their business networks.

AWS re:Invent 2018: AWS VPN Solutions (NET304)
Learn more about VPN Cloud Services »

How does a VPN work?

A VPN connection redirects data packets from your machine to another remote server before sending them to third parties over the internet. Key principles behind VPN technology include:

Tunneling protocol

A virtual private network essentially creates a secure data tunnel between your local machine and another VPN server at a location that is thousands of miles away. When you go online, this VPN server becomes the source of all your data. Your Internet Service Provider (ISP) and other third parties can no longer see the contents of your internet traffic. 

Encryption

VPN protocols like IPSec scramble your data before sending them through the data tunnel. IPsec is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. The VPN service acts as a filter, making your data unreadable at one end and only decoding it at the other — this prevents personal data misuse, even if your network connection were to be compromised. Network traffic is no longer vulnerable to attack, and your internet connection is secure.

Why should you use a VPN?

For safe public internet access

Virtual private networks make on-the-go web activity safer for everyone. People today are used to reading news articles at the cafe, checking email at the supermarket, or logging into bank accounts on their mobile devices. This type of internet connection is vulnerable to hacking as the web activity is over public wi-fi. Using VPN services when connecting to unsecured public wi-fi hotspots keeps both your data and device safe.

For keeping your search history private

It is no secret that your internet service provider and web browser track your search history. They can and often do sell your browsing history for marketing purposes. For example, looking for articles on leaking water taps can result in targeted ads from local plumbers. Your VPN connection will protect you from data misuse.

For accessing streaming services globally

When you travel outside your home country, your paid streaming services may not be available due to contractual terms and regulations. Your VPN connection will allow you to change your IP address from your home country and allow access to your favorite shows from where you are.

For protecting your identity

By keeping you anonymous, VPN services protect you from digital surveillance. They prevent your comments and conversations on the Internet from being tracked and safeguard your right to freedom of speech, provided that you do not use your real identity on social media platforms.

How to set up a VPN?

There are two common ways to access VPN services for individuals:

1. Use a VPN provider

You can choose a VPN service that can be accessed either from your browser or by downloading an app or software to your device. These are subscription-based services that typically charge on a per device basis. Hence they can be quite expensive to set up. Also, each device needs to be configured individually.

2. Use a VPN router

This involves either purchasing a router with a VPN connection pre-installed or installing VPN software yourself on your home router. The advantage of this approach is that every device accessing the internet via this router gets protected automatically. 

How to choose the best VPN provider?

With so many options available, choosing the right VPN service can feel challenging. Use the checklist below to assess the different VPN providers and make the best choice for you:

1. Logging policies

The best VPN providers have minimal or no-logging policies to prevent data breaches from their end.

2. Updated software

The best VPN connections use the latest tunneling protocol. OpenVPN protocol provides more robust security than others. It is open-source software that is compatible with all major operating systems.

3. Bandwidth limit

All services have data usage limitations. You will need to choose a VPN provider that meets your data needs within budget.

4. VPN server locations

You have to ensure that your VPN provider has a server located in the country where you require private internet access.

How to choose between paid vs. free VPNs?

Free VPNs are useful if you are on a limited budget. However, it is important to note that the primary source of revenue for free VPN providers is advertising. You can expect targeted advertising or data logging and selling policies to be hidden in the terms and conditions.

Most free VPNs:  

  • Do not offer the most up-to-date VPN protocols  
  • Do not offer quality technical support   
  • Have low bandwidth and slower speed for free users      
  • Have a higher disconnection fee
  • Have limited geographical distribution of VPN servers

Why do businesses use VPNs?

VPNs are a cost-effective, high speed and secure way to connect remote users to the office network. Because VPN connections are generally made over the public internet, they can be less expensive and offer higher bandwidth when compared to dedicated WAN (wide-area network) links or long-distance, remote-dial links. VPN connections provide companies with high-bandwidth, private Internet access compared to expensive, dedicated LAN or WAN (wide-area network) links or long-distance, remote-dial links.

How do businesses use VPNs?

There are three main ways that businesses use a VPN:

1. Site to site VPN

A site-to-site VPN acts as an internal private network for companies with multiple geographically separated locations. It seamlessly and securely connects different intranets, allowing employees to share resources between different internal networks .AWS Site-to-Site VPN is a fully-managed VPN service that creates a secure connection between the office network and AWS resources using IP Security (IPSec) tunnels. For globally distributed applications, this option provides outstanding performance. It can be upgraded to intelligently route VPN traffic to the geographically closest AWS network endpoint. It also connects a company’s data centers and branch offices to cloud-based applications and services without exposing confidential data.

2. Client VPN or open VPN

In Client VPN, the network administrator is responsible for setting up and configuring the VPN service. The configuration file is then distributed to the clients, or end-users, who need access. The client can then establish a VPN connection from their local computer or mobile device to the company network. AWS Client VPN is a fully managed remote access VPN solution that employees can use to securely access resources within both AWS and on-premise business networks. Fully elastic, it automatically scales up or down based on demand. 

3. SSL VPNA

Secure Sockets Layer Virtual Private Network (SSL VPN) provides secure remote access via a web portal and an SSL-secured tunnel between a private device and the office network. For large size remote teams, it can become expensive to supply every member with a company device. In this case, SSL VPN becomes a cost-effective option. 

How to get an AWS VPN?

AWS VPN offers two valuable services: AWS Site-to-Site VPN and AWS client VPN. AWS Site-to-Site VPN enables you to securely connect your on-premises network or branch office site to your Amazon Virtual Private Cloud (Amazon VPC). AWS Client VPN allows you to securely connect users to AWS or on-premises networks. Learn more about connecting your office to AWS here.

To get started, simply sign up for a free AWS account and set up Client VPN or Site to Site VPN today.

Networking and content delivery blog posts

Read the blog posts that feature all AWS networking and content delivery services to learn more about key use cases, best practices, thought leadership, and how to take advantage of important features. See also the blog articles specific to AWS VPN.

Scale your remote access VPN on AWS

AWS gives you the ability to extend existing on-premises remote access VPN solutions to the cloud. This not only allows access to resources within AWS, but using hybrid connectivity, also to on-premises resources. VPN clients use AWS internet connectivity as an entry point, and the flexibility of Amazon EC2 to scale capacity behind remote access VPN. The benefit is the ability to elastically increase the number of concurrent VPN clients connecting to the network when required. In this post, we specifically focus on third-party VPN software running on top of Amazon EC2.

Read more here
Using AWS client VPN to scale your work from home capacity

Traditional on-premises VPN services are fixed in capacity and difficult to scale up, or down, in a rapid and on-demand fashion. Hardware constraints, licensing, and bandwidth can all be factors that prevent traditional client VPN services from scaling to meet the needs of a rapidly growing mobile workforce. Fortunately, the elasticity of cloud and pay-as-you-go pricing of AWS Client VPN can help. AWS Client VPN is a scalable and highly available OpenVPN based service that can be used to connect to both AWS and on-premises resources.

Read more here
Introducing AWS client VPN to securely access AWS and on-premises resources

Many organizations, both small and large, rely on some form of client virtual private network (VPN) connectivity to facilitate secure remote user access to resources hosted on internal networks. This has often meant relying on on-premises VPN hardware or provisioning client VPN infrastructure in EC2 instances. Managing these client-based VPN solutions presents scaling and operational challenges and is an ongoing burden. Many times, unforeseen events cause spikes in the bandwidth and connection requirements, causing reduced VPN availability.

Read more here

AWS VPN next steps

Standard Product Icons (Features) Squid Ink
Check out additional product-related resources
Learn more about VPN cloud services 
Sign up for a free account
Sign up for a free account

Instantly get access to the AWS free tier. 

Sign up 
Standard Product Icons (Start Building) Squid Ink
Start building in the console

Get started building with AWS VPN in the AWS management console.

Sign in