Many companies featured on Money advertise with us. Opinions are our own, but compensation and
in-depth research may determine where and how companies appear. Learn more about how we make money.

Published: Aug 07, 2023 13 min read
Man using a laptop at an airport
Getty Images

A VPN tunnel provides a protected connection between the VPN server and your device, helping you stay safe and anonymous on the internet. Using a virtual private network (VPN) is a great way to secure your data, maintain privacy and access geo-blocked online content. While you may already be familiar with the benefits of VPNs, you might still be unsure about how they work.

What are VPN tunnels?

VPN tunnels are secure pathways between your device or your private network and the internet. VPN tunnels keep your data safe through a two-step process of encrypting and hiding your data. The exact level of data security depends on the VPN tunnel protocol used.

How do VPN tunnels work?

When you use the internet, you constantly send and receive data to and from your device. Anyone can find this information on the internet if it’s unprotected. In the wrong hands, your data can be used to identify, trace or even hack you. A VPN tunnel keeps that data secure.

First, your device’s VPN software encrypts your data before sending it to a VPN server. The server decrypts your data and sends it to the internet as a query. When you receive a reply, the VPN server encrypts it again and securely sends it back to your device, decrypting the data to a form you understand.

Here’s how VPN tunnels work:

  • You send a request to the VPN server to establish a VPN tunnel through the VPN software on your device.
  • The server and your device identify each other and determine the best security measures.
  • Your device and the service create a VPN tunnel.
  • The two devices use the VPN tunnel to transport data from the web to the server to your device and vice versa.

Types of VPN tunnel protocols

There are several VPN tunnel protocols, but the four main ones are PPTP, L2TP/IPSec, SSTP and OpenVPN.

Point-to-Point Tunneling Protocol (PPTP)

PPTP is one of the oldest protocols and lacks proper encryption methods. It was created to tunnel dial-up connections, which are now considered obsolete. Because of its poor security features, PPTP has been replaced by newer, safer protocols. PPTP is best avoided due to its brittle security. However, this tunneling protocol is simple to set up and use and may be helpful when building an intranet.

Layer 2 Tunneling Protocol and Internet Protocol Security (L2TP/IPSec)

L2TP is a replacement for PPTP. It’s a safe and reliable VPN tunneling option, compatible with AES 256-bit, one of the most secure data encryption algorithms. L2TP is often paired with IPSec for an additional layer of security.

The biggest drawback to L2TP/IPSec is that it’s not as fast as modern tunneling protocols. It may have solved some of the shortcomings of PPTP, but it’s still weak — particularly when not used with a no-log VPN client. It’s also resource-intensive compared to modern tunneling protocols.

Security Socket Tunneling Protocol (SSTP)

SSTP stands out from other tunneling protocols because it uses a secure sockets layer (SSL) and AES-256 to encrypt and send data. SSL is one of the safest ways to send data between a browser and a website. While SSTP encrypts data reliably, Microsoft created it specifically for Windows devices, so it’s only suitable for Windows operating systems. Additionally, SSTP’s code is not openly available for auditing, so VPN providers often find it hard to create connections for it.

It’s also resource-intensive and requires excess bandwidth to perform at decent speeds.


OpenVPN is a tunneling protocol that creates secure point-to-point and site-to-site connections using some of the most secure encryption ciphers, such as Blowfish and AES. This makes OpenVPN the safest VPN tunnel currently on the market. It disguises VPN traffic as ordinary browsing, making OpenVPN hard to flag or block.

OpenVPN is open source, meaning VPN providers and other interested parties can easily audit it. As such, many VPN companies use it for VPN tunneling. The protocol supports multiple operating systems, including Windows, MacOS, iOS and Android. However, it’s fairly hard to set up manually and has a lower average speed.

Split-tunnel VPN vs. full-tunnel VPN

A split-tunnel VPN allows you to route some of your internet traffic through an encrypted VPN while letting the rest pass through without encryption.

It’s a great option to protect just a few apps or all but one. You can even use different IP addresses for different apps — your real IP address for unprotected apps and a masked IP address for protected apps.

Alternatively, a full-tunnel VPN encrypts all data traveling to and from your device. You can’t exclude apps from sending data directly without using a VPN tunnel. Full-tunnel VPNs are more common than their split-tunnel counterparts, making data protection easy by securing everything at once. The biggest advantage of a full-tunnel VPN is that you don’t have to fiddle with settings. On the other hand, it doesn’t let you protect some apps and leave others.

Benefits of using a VPN tunnel

There are many advantages to using a VPN tunnel:

Enhanced online privacy

A VPN tunnel hides your IP address from prying eyes. Rather than exposing your personal data, it uses the server’s data as yours, masking your identity. That prevents other internet users from identifying you, your location and your online activities.

Access to geo-restricted content

A VPN tunnel allows you to use an IP address generated by your VPN provider. Because many VPN companies let you select the country where you want your traffic to be routed, you can easily access content from that country, even if it’s geo-blocked. You can take advantage of lower prices that companies offer to certain nationalities by routing your web traffic through that country so that it appears like you’re a citizen.

Anonymity and IP masking

A VPN tunnel prevents third parties from identifying your IP address by displaying the IP address of your VPN server instead. This way, the VPN tunnel ensures you remain anonymous because no one can trace your online activity back to you.

Secure data transmission

Through data encryption and encapsulation, a VPN tunnel secures and hides your data from individuals, corporations and even the government. In other words, you can use the internet with little to no risk of your personal information falling into the wrong hands.

Protection for multiple devices

Most VPN clients support multiple device connections. This means you can create VPN tunnels for every device you have, securing each one. Remember that while some VPN providers allow unlimited device connections, others limit the number of devices you can connect to the VPN. So make sure your chosen provider allows connections for as many devices as you need.

Choosing the right VPN tunnel for your needs

There are many key factors to consider when choosing a VPN tunnel:

  • Data privacy: A good VPN tunnel doesn’t log user data. Some VPN companies sell collected data to third parties. Avoid these providers, as this collection defeats the whole point of having a VPN tunnel.
  • Data encryption: Choose a VPN tunnel provider with the most solid encryption algorithm for data safety. Today, 256-bit encryption is the industry standard, but some VPN providers use 128-bit.
  • Security features: A VPN’s security measures will determine whether it can meet your needs. Some important factors include a kill switch, malware protection, DNS leak protection, multi-hop, double VPN and threat protection.
  • Supported protocols: OpenVPN is currently the most secure and reliable protocol. However, there are other options, too, including IKEv2 and WireGuard. Some of the best VPN providers have multiple protocols you can switch between seamlessly.
  • Connection speed: Choose a VPN tunnel provider with a lot of bandwidth so your connection doesn’t suffer from latency. Some companies have unlimited bandwidth and are a good choice if your primary focus is connection speed.
  • Ease of use: A good VPN is easy to set up and use, like a pre-configured VPN.
  • Simultaneous connections: Ideally, you want a VPN that supports multiple devices simultaneously. This will allow you to create tunnels for every device you own.
  • Server coverage: Look for VPN providers with many servers. More servers mean less load on each server, enhancing connection speeds. Also, a VPN with servers in many countries can route your traffic through any country you wish.
  • Customer support: You want a reachable VPN company that can solve customer issues promptly. You can check online review websites to get an idea of the company’s quality of service.

How to set up a VPN tunnel

You may need a VPN if you intend to access a virtual server or create a private network that can also access the internet safely. A private VPN is ideal for certain situations, like establishing secure connections between a router and other devices in a home or organization.

Having a VPN on individual devices (like computers, smartphones and tablets) can enhance privacy and security. However, installing it on a router protects the entire network, including all devices connected to it. These include devices that don’t have VPN functionality.

Routers are different, meaning the exact steps vary slightly depending on the make and model of your router. Start by consulting its user manual to see if specific steps are provided for setting up a VPN. This guide uses a NETGEAR router, which should provide steps you can follow for most routers:

  • Open the router’s IP address in your browser. By default, most routers use But you can check your router’s address by typing “ipconfig” in the command prompt. Enter the router name and password when asked to sign in.
  • Find the VPN settings. With many routers, you can find VPN settings under advanced settings. Head to VPN service and enable it. The router will ask you to choose between Dynamic DNS (DDNS) and static IP address. With DDNS, your IP address changes whenever the router connects to your ISP. A static IP address will instead remain the same at all times. DDNS is a better choice because it automatically changes your router’s IP address, preventing lag and downtime.
  • If you choose DDNS, sign up for a DDNS account. NETGEAR offers free DDNS accounts. Once you have an account, go to the DDNS settings on your router and sign in with your credentials.
  • Go back to the VPN settings and download the necessary configuration files. The router will prompt you to install VPN clients on the devices you plan to use. There are packages for Mac, Windows, Linux and mobile operating systems.
  • Select a VPN protocol. By default, NETGEAR will lead you to OpenVPN. Install the OpenVPN client. Then, import your router’s VPN configuration files to it.
  • Rename the network connection. Next, rename your device’s (computer, phone or tablet) network connection to use the new VPN tunnel. In Windows, go to Settings > Network & Internet, then Change adapter settings.
  • Look for a connection that has OpenVPN Tap in it. Rename it to a name of your choice.
  • Connect to the VPN. In Windows, you can do this by double-clicking the VPN icon found in System Tray.

The computer is now connected to the router through a VPN tunnel. Repeat the last three steps to connect more devices. Note that the exact steps vary between devices for different operating systems.

Summary of Money’s what is a VPN tunnel

A VPN tunnel is a great way to encrypt and secure the data you send and receive. It can help you stay safe and anonymous on the internet. However, for the VPN tunnel to serve you best, make sure it uses the most secure protocol and encryption method while offering the features you need.

Get expert advice on personal finance matters. Chat now.