What is a VPN and Why Do You Need One?

Thumbnail image of Jason Bauer
Jason Bauer
June 02, 2022 (Last Updated: ) | Reading Time: 12 minutes

You can't surf the web without having a variety of VPN articles telling you that their VPN is the safest, fastest, or most secure. Before you purchase a VPN plan, or sign up for a free one, there are a few things you need to know.

A VPN is a system that creates a private network connection between two different network sites. VPN stands for Virtual Private Network. It is commonly used in businesses as well as in private homes.

What Is a VPN Exactly?

A VPN connection is a highly encrypted, temporary tunnel between two networking sites. It can be used to allow remote workers to connect to a corporate network, by home users to protect privacy, or by people who travel to remotely connect back home from the road.

VPNs are known to be very secure and reliable. They are so secure and reliable that the top industries in the world all rely on them for allowing employees to work from home and for site-to-site communications.

Private Internet Access - World's Most Trusted VPN
Private Internet Access - World's Most Trusted VPN

The traffic that flows over a VPN is virtually undecipherable by all but the largest of government agencies.

How Does a VPN Work?

A VPN works in a client-server architecture. This means that it has to be supported at two locations to function, and both locations have to be very specifically configured to be able to talk to each other.

A VPN client connects to a VPN server and establishes a connection using a combination of passwords and security keys. Once that connection is established, all communications over the VPN are encrypted on the fly by the client and decrypted by the server, or vice-versa.

The data flowing over a VPN can flow over any network safely. It can be transmitted over a wired network, a wireless network, a cellular network, or any other network that you can think of. It does not matter how the data gets from client to server or server to client, the data is always encrypted and secure.

The difference between VPN-in vs. VPN-out

It is important to understand that there are two very different kinds of VPNs: VPN-in, and VPN-out.

Most people in the market for a VPN provider are looking for a VPN-out. That is, they want to connect to a VPN server somewhere, and use that server to transfer data over the internet.

If you purchase a VPN service from a provider such as Private Internet Access, then you are purchasing a VPN-out. This is what most people want.

VPN-in is mostly used by businesses to allow employee connectivity. VPN-in is not nearly as popular for home networks, but that does not mean that it is not used in homes. It is an excellent way to allow yourself whole network access while away from home or at work.

It is easiest to set up a VPN-in to your home network in your router if your router supports it. Once configured, a VPN-in allows total access to your home network while you are away.

VPN protocols: WireGuard vs OpenVPN

VPN connections require a protocol to know how to encrypt and decrypt your data. The traditional protocol is called OpenVPN. This is a bit confusing because there is also software called OpenVPN that acts as the client to connect to a VPN server. Most VPN providers support the OpenVPN protocol, and it is still a fine choice.

Recently, a new protocol called WireGuard has become very popular. WireGuard is much faster, possibly more secure, and easier to trust.

Now, none of this is to say that OpenVPN is bad. It's not. OpenVPN is incredibly secure, reliable, and trusted. If your VPN provider only allows OpenVPN as an option, then that shouldn't be a deal-breaker.

Moving forward expect more and more VPN providers to support WireGuard. Given the choice between both protocols, it seems best at this time to choose WireGuard.

How Does VPN Relate to Port Forwarding?

We help many people set up their port forwards every day. Most of the time we are able to get a port forward working through various combinations of routers, ISPs, and hardware devices.

For a variety of reasons, sometimes there's just no way to get a port forward to work on a given network. Examples include:

In each of the above cases, there is no way to create a port forward in your router. The best solution, in this case, is to use a VPN (out) that includes port forwarding (in), such as Private Internet Access.

For more information about this topic see our Alternatives to Port Forwarding

Once you have a VPN account and create a VPN connection, you can receive incoming connections through the VPN if the VPN provider supports port forwarding. This works in any of the above situations.

Which VPN Do We Recommend?

We have partnered with Private Internet Access and highly recommend them. Year after year, they have proved that they value their customers' privacy. They offer incredibly fast speeds and a very good price point. Their Windows client supports WireGuard, they offer port forwarding, and with a single subscription you can connect up to 10 devices at the same time.

Private Internet Access - The Fastest VPN
Private Internet Access - The Fastest VPN

If you are in the market for a VPN provider we encourage you to check them out.

Use a VPN for Security, Speed, and Privacy

There are many great examples of where a VPN can add to your network security, speed, and privacy. We'll cover just a few of them here as examples.

Use a VPN to protect your privacy

A VPN protects your privacy on the internet in a few ways.

The internet without a VPN

When you use the internet without a VPN, you are relying on the privacy and security built into the apps that you are using (web browser, email client, download client) and the privacy and security of your ISP. All of your data flows through your ISP, allowing a bad actor at your ISP the chance to inspect that packets as they flow through. This has both privacy concerns and legal repercussions.

The internet with a VPN

With a VPN, all of your data is encrypted locally on your computer as it is generated, and then sent through your ISP fully protected. There is no way for your ISP, or anyone else for that matter, to decrypt your traffic. Your privacy is protected by using a VPN to connect to the internet.

Use a VPN to change your region

Many video services and music services are locked to certain regions of the world. This is normally not a problem for most users. For some users who travel to different regions, this can be a huge limitation.

A VPN connection allows you to specify your server location, which fools online services into thinking that you are in a different region.

As an example, a U.S. customer traveling to Canada might need to set their VPN server to somewhere in the U.S. in order to watch a movie while they are traveling.

How to port forward through two routers with a VPN

It's never a good idea to have two routers on your network, but many people end up in that situation by accident. This usually happens by purchasing a second router to use as a wireless access point and plugging it into your existing router. This double router setup is very difficult to forward a port through.

With a VPN you connect out to the VPN server, which seamlessly travels through both routers. Then you set up a port forward at the VPN provider, which effectively tunnels back into your network through both routers as if they were not even there.

If at all possible, you should remove the second router from your network and use a proper access point. If this is not possible, then a VPN connection might be a good option.

What if your ISP has blocked incoming ports?

We see this mostly with cellular and satellite-based internet providers, and it is also very common in dorm rooms. They frequently put their customers on a subnet that does not allow incoming connections. No amount of changing settings in your router will allow an incoming connection in this situation.

This can be very tricky to track down because a lot of times the front-end customer support does not know what you are even asking about. Sometimes the only way to know for sure is through many failed attempts at receiving an incoming packet.

If no matter what you do, it is impossible to get data to flow in through your ISP, then it is possible that they have disabled incoming connections entirely.

This situation is a perfect candidate for VPN-based port forwarding. In fact, it's analogous to the above Port Forward Through Two Routers description, since the ISP subnet is similar to the subnet created by a router.

Use a VPN to get two external IP addresses

Another reason to use a VPN is that it effectively gives you an additional external IP address while the VPN is connected. This is useful when dealing with a service that limits connections or actions based on IP addresses.

One device can connect to the service directly, while the other device connects through a VPN.

The directly connected device will appear to the service at your real external IP address while the VPN connected device will appear to have the VPN external IP address.

Use a VPN to host game servers

Many people like to host game servers from their homes. When a player connects to your game server, they are aware of your real external IP address. This makes many people uncomfortable, considering how many sophisticated hackers there are out there.

An alternative to hosting a game server on your real IP address is to run the game server connection through a VPN. This way your players are not aware of your actual IP address since they connect to the VPN server's IP address.

In addition, you can change your VPN IP address by simply dropping the connection and bringing it back up again. This might be a way to deal with griefers and other obnoxious players on your game server.

A VPN makes torrent downloads faster and private

Torrents are a popular file-sharing protocol. They are commonly used for both legal and illegal activity. This makes them an easy target for copyright holders to target individuals who are downloading content without permission.

A VPN protects you from prying eyes while using torrent protocols by using a VPN server as an exit node, hiding your true external IP address.

This is an effective way to protect your anonymity while online. We do not condone illegal activity whether you are using a VPN or not.

Since many ISPs associate torrenting with illegal activity, it is common practice to throttle torrents at the ISP. A VPN can allow your torrents to run at full speed by tunneling the torrent traffic over the VPN connection and effectively hiding it from your ISP.

How To Set Up a VPN on Your Network

After you have purchased a VPN service, it's time to set it up. You must decide if you want to run the VPN service on just a single device, or on your entire network.

VPN for just a single device

For simple tasks such as surfing the web and downloading files, you may want to simply run the VPN provider's client software on your computer. The client software takes care of setting up the VPN with your password and protecting your data as you use the internet. You can bring the VPN up and down as you need it.

Most VPN client software takes over your entire network connection, encrypting all traffic that flows out of your computer, no matter which application you use.

Running client VPN software on your PC is the fastest VPN connection you can have.

Another use case is to connect to the VPN on just a single device on your network, such as a streaming stick. Many streaming devices have VPN applications built right into them. If you configure the VPN settings in the streaming device, then only that device uses the VPN, but it uses it for everything that it does.

VPN for your entire network

You might want to protect your entire home network with your VPN. This means that any device on your network uses your VPN connection, regardless of if it is wired or wireless.

In order to set this up, you need to log in to your router and look for the VPN section. This is a more advanced setting and may not be present in all routers. It is known to exist in pfSense, OpenWRT, DD-WRT, and other aftermarket firmware.

Not all routers support a VPN connection internally. It is difficult for low-end routers to encrypt a lot of data on the fly with their lower-powered CPUs.

Once you have set up your router's VPN section, your router makes the client connection to the VPN server and then encrypts all traffic over that connection.

Keep in mind that this is your slowest option in terms of performance since all of your home network traffic must flow over the VPN connection created by your router.

Head over to Private Internet Access now to purchase a two-year VPN plan that includes port forwarding and WireGuard.

More From Portforward