You can't surf the web without having a variety of VPN articles telling you that their VPN is the safest, fastest, or most secure. Before you purchase a VPN plan, or sign up for a free one, there are a few things you need to know.
A VPN is a system that creates a private network connection between two different network sites. VPN stands for Virtual Private Network. It is commonly used in businesses as well as in private homes.
What Is a VPN Exactly?
A VPN connection is a highly encrypted, temporary tunnel between two networking sites. It can be used to allow remote workers to connect to a corporate network, by home users to protect privacy, or by people who travel to remotely connect back home from the road.
VPNs are known to be very secure and reliable. They are so secure and reliable that the top industries in the world all rely on them for allowing employees to work from home and for site-to-site communications.
We use and recommend NordVPN because not only is it the fastest VPN, it includes a new feature called Meshnet that makes forwarding a port no longer necessary for most applications. With NordVPN Meshnet, you can connect to your devices from anywhere in the world, completely secure, over a highly encrypted VPN tunnel.
Every time you click on one of our affiliate links, such as NordVPN, we get a little kickback for introducing you to the service. Think of us as your VPN wingman.
The traffic that flows over a VPN is virtually undecipherable by all but the largest of government agencies.
How Does a VPN Work?
A VPN works in a client-server architecture. This means that it has to be supported at two locations to function, and both locations have to be very specifically configured to be able to talk to each other.
A VPN client connects to a VPN server and establishes a connection using a combination of passwords and security keys. Once that connection is established, all communications over the VPN are encrypted on the fly by the client and decrypted by the server, or vice-versa.
The data flowing over a VPN can flow over any network safely. It can be transmitted over a wired network, a wireless network, a cellular network, or any other network that you can think of. It does not matter how the data gets from client to server or server to client, the data is always encrypted and secure.
The difference between VPN-in vs. VPN-out
It is important to understand that there are two very different kinds of VPNs: VPN-in, and VPN-out.
- A VPN-in is used by businesses to allow employees to connect in to their network so that they can work from home or while on the road. It creates a network connection that makes the remote user appear to be on the work network.
- A VPN-out is used by individuals to protect their privacy, change regions, and forward ports.
Most people in the market for a VPN provider are looking for a VPN-out. That is, they want to connect to a VPN server somewhere, and use that server to transfer data over the internet.
If you purchase a VPN service from a provider such as NordVPN, then you are purchasing a VPN-out. This is what most people want.
VPN-in is mostly used by businesses to allow employee connectivity. VPN-in is not nearly as popular for home networks, but that does not mean that it is not used in homes. It is an excellent way to allow yourself whole network access while away from home or at work.
It is easiest to set up a VPN-in to your home network in your router if your router supports it. Once configured, a VPN-in allows total access to your home network while you are away.
VPN protocols: WireGuard vs OpenVPN
VPN connections require a protocol to know how to encrypt and decrypt your data. The traditional protocol is called OpenVPN. This is a bit confusing because there is also software called OpenVPN that acts as the client to connect to a VPN server. Most VPN providers support the OpenVPN protocol, and it is still a fine choice.
Recently, a new protocol called WireGuard has become very popular. WireGuard is much faster, possibly more secure, and easier to trust.
- WireGuard is faster because it uses a modern approach to encryption that is designed with speed in mind.
- WireGuard is possibly more secure because it is very specific in only allowing extremely secure encryption, whereas OpenVPN is flexible in which encryption protocol you can use.
- WireGuard is easier to trust than OpenVPN because it has a very small, open-source code-base that is being actively inspected by thousands of people who are looking for security flaws.
Now, none of this is to say that OpenVPN is bad. It's not. OpenVPN is incredibly secure, reliable, and trusted. If your VPN provider only allows OpenVPN as an option, then that shouldn't be a deal-breaker.
Moving forward expect more and more VPN providers to support WireGuard. Given the choice between both protocols, it seems best at this time to choose WireGuard.
How Does VPN Relate to Port Forwarding?
We help many people set up their port forwards every day. Most of the time we are able to get a port forward working through various combinations of routers, ISPs, and hardware devices.
For a variety of reasons, sometimes there's just no way to get a port forward to work on a given network. Examples include:
- In a dorm room, where the end-user does not have access to the router.
- In a shared apartment building, where the landlord provides internet access but does not share the password to the router.
- Users who connect to an ISP that uses some sort of NAT technology to create a subnet that does not allow incoming connections.
- At free WiFi hotspots, where you cannot log in to the router.
- Users who have forgotten or never knew their router password and are unable or unwilling to reset their router to factory defaults.
In each of the above cases, there is no way to create a port forward in your router. The best solution, in this case, is to use a VPN (out) that includes port forwarding (in), such as NordVPN.
For more information about this topic see our Alternatives to Port Forwarding
Once you have a VPN account and create a VPN connection, you can receive incoming connections through the VPN if the VPN provider supports port forwarding. This works in any of the above situations.
Which VPN Do We Recommend?
We use and recommend NordVPN because not only is it the fastest VPN, it includes a new feature called Meshnet that makes forwarding a port no longer necessary for most applications. With NordVPN Meshnet, you can connect to your devices from anywhere in the world, completely secure, over a highly encrypted VPN tunnel.
Every time you click on one of our affiliate links, such as NordVPN, we get a little kickback for introducing you to the service. Think of us as your VPN wingman.
Use a VPN for Security, Speed, and Privacy
There are many great examples of where a VPN can add to your network security, speed, and privacy. We'll cover just a few of them here as examples.
Use a VPN to protect your privacy
A VPN protects your privacy on the internet in a few ways.
The internet without a VPN
When you use the internet without a VPN, you are relying on the privacy and security built into the apps that you are using (web browser, email client, download client) and the privacy and security of your ISP. All of your data flows through your ISP, allowing a bad actor at your ISP the chance to inspect that packets as they flow through. This has both privacy concerns and legal repercussions.
The internet with a VPN
With a VPN, all of your data is encrypted locally on your computer as it is generated, and then sent through your ISP fully protected. There is no way for your ISP, or anyone else for that matter, to decrypt your traffic. Your privacy is protected by using a VPN to connect to the internet.
Use a VPN to change your region
Many video services and music services are locked to certain regions of the world. This is normally not a problem for most users. For some users who travel to different regions, this can be a huge limitation.
A VPN connection allows you to specify your server location, which fools online services into thinking that you are in a different region.
As an example, a U.S. customer traveling to Canada might need to set their VPN server to somewhere in the U.S. in order to watch a movie while they are traveling.
How to port forward through two routers with a VPN
It's never a good idea to have two routers on your network, but many people end up in that situation by accident. This usually happens by purchasing a second router to use as a wireless access point and plugging it into your existing router. This double router setup is very difficult to forward a port through.
With a VPN you connect out to the VPN server, which seamlessly travels through both routers. Then you set up a port forward at the VPN provider, which effectively tunnels back into your network through both routers as if they were not even there.
If at all possible, you should remove the second router from your network and use a proper access point. If this is not possible, then a VPN connection might be a good option.
What if your ISP has blocked incoming ports?
We see this mostly with cellular and satellite-based internet providers, and it is also very common in dorm rooms. They frequently put their customers on a subnet that does not allow incoming connections. No amount of changing settings in your router will allow an incoming connection in this situation.
This can be very tricky to track down because a lot of times the front-end customer support does not know what you are even asking about. Sometimes the only way to know for sure is through many failed attempts at receiving an incoming packet.
If no matter what you do, it is impossible to get data to flow in through your ISP, then it is possible that they have disabled incoming connections entirely.
This situation is a perfect candidate for VPN-based port forwarding. In fact, it's analogous to the above Port Forward Through Two Routers description, since the ISP subnet is similar to the subnet created by a router.
Use a VPN to get two external IP addresses
Another reason to use a VPN is that it effectively gives you an additional external IP address while the VPN is connected. This is useful when dealing with a service that limits connections or actions based on IP addresses.
One device can connect to the service directly, while the other device connects through a VPN.
The directly connected device will appear to the service at your real external IP address while the VPN connected device will appear to have the VPN external IP address.
Use a VPN to host game servers
Many people like to host game servers from their homes. When a player connects to your game server, they are aware of your real external IP address. This makes many people uncomfortable, considering how many sophisticated hackers there are out there.
An alternative to hosting a game server on your real IP address is to run the game server connection through a VPN. This way your players are not aware of your actual IP address since they connect to the VPN server's IP address.
In addition, you can change your VPN IP address by simply dropping the connection and bringing it back up again. This might be a way to deal with griefers and other obnoxious players on your game server.
A VPN makes torrent downloads faster and private
Torrents are a popular file-sharing protocol. They are commonly used for both legal and illegal activity. This makes them an easy target for copyright holders to target individuals who are downloading content without permission.
A VPN protects you from prying eyes while using torrent protocols by using a VPN server as an exit node, hiding your true external IP address.
This is an effective way to protect your anonymity while online. We do not condone illegal activity whether you are using a VPN or not.
Since many ISPs associate torrenting with illegal activity, it is common practice to throttle torrents at the ISP. A VPN can allow your torrents to run at full speed by tunneling the torrent traffic over the VPN connection and effectively hiding it from your ISP.
How To Set Up a VPN on Your Network
After you have purchased a VPN service, it's time to set it up. You must decide if you want to run the VPN service on just a single device, or on your entire network.
VPN for just a single device
For simple tasks such as surfing the web and downloading files, you may want to simply run the VPN provider's client software on your computer. The client software takes care of setting up the VPN with your password and protecting your data as you use the internet. You can bring the VPN up and down as you need it.
Most VPN client software takes over your entire network connection, encrypting all traffic that flows out of your computer, no matter which application you use.
Running client VPN software on your PC is the fastest VPN connection you can have.
Another use case is to connect to the VPN on just a single device on your network, such as a streaming stick. Many streaming devices have VPN applications built right into them. If you configure the VPN settings in the streaming device, then only that device uses the VPN, but it uses it for everything that it does.
VPN for your entire network
You might want to protect your entire home network with your VPN. This means that any device on your network uses your VPN connection, regardless of if it is wired or wireless.
In order to set this up, you need to log in to your router and look for the VPN section. This is a more advanced setting and may not be present in all routers. It is known to exist in pfSense, OpenWRT, DD-WRT, and other aftermarket firmware.
Not all routers support a VPN connection internally. It is difficult for low-end routers to encrypt a lot of data on the fly with their lower-powered CPUs.
Once you have set up your router's VPN section, your router makes the client connection to the VPN server and then encrypts all traffic over that connection.
Keep in mind that this is your slowest option in terms of performance since all of your home network traffic must flow over the VPN connection created by your router.