Menu
homeAndroid

What does a VPN connection provide? VPN - what is it and why is it needed? Description of connection and setting up a free VPN server. Features of mobile technologies

In our vast country, they like to block everything. If previously blocking was limited only to websites, now it’s the turn of instant messengers. And while instant messengers are already being blocked, and VPNs are still being planned to be banned, I will tell you why these three letters are needed. In addition, you will learn how to set up a VPN on any device for free or for a fee. How to choose the right VPN and why you need to do it now.

What is a VPN?

Why do I need a VPN if I don’t go to prohibited resources?

For most of us, I have compiled a list of which prove that everyone needs a VPN:

  1. Access to resources blocked in the country;
  2. Security in public networks;
  3. Home network security;
  4. Secure connection with friends;
  5. Anonymity.

The most important points are the first and fifth. While people who are concerned about anonymity will understand perfectly well what and how. The rest of you will have to read articles like this one.

Blocking access to certain sites or applications on the Internet is not always a bad thing. Also, blocking does not always come from the state. Some services, like Spotify, simply do not work in Russia and themselves limit access for us. The Internet provider itself can block access to resources for its own reasons. And, of course, the state can block access to resources prohibited in the country.

I will not discuss here whether this is correct or not. And does such a blocking even make sense? It is important to understand that when one resource is blocked, access to several other absolutely legal sites may be accidentally restricted. Often such errors are not noticed by the average network visitor. But sometimes such large resources as Google fall under the distribution by mistake.

From here it is easy to conclude that you should always have a VPN at hand. At least until VPNs were banned too.

How to choose a VPN?

Choosing a VPN service is very difficult. An inexperienced user does not see the difference between hundreds various programs(and she is). Advanced users compare services based on parameters such as anonymity, access speed, log storage and much, much more. This table will help simplify the task a little:

The developers guarantee complete security and anonymity (with correct use). At the same time, the speed is not limited, but torrent lovers are not welcome here. Security is guaranteed by the fact that IVPN are members of the EFF (Electronic Frontier Foundation), and the company itself is registered in Gibraltar and is ready to leave at the slightest pressure. No information is stored on the servers personal information, which can give away users. Therefore, when requested from the state, they simply will have nothing to provide. There is also support for OpenVPN, which means VPN can be configured on any device.

But for such pleasure you will have to pay $8.33 per month, which is significantly more expensive than its competitors.

Among the advantages of the program:

  • reasonable prices for a license (5 devices);
  • Russian language;
  • cross-platform;
  • no restrictions on speed and traffic, even for torrents;
  • there is a free version.

IN free version You will find advertising and “wiretapping” of traffic to display this advertising. But most people don't care about it, deal with it. IN mobile version- this is a promotional video when the connection is turned on, and in the browser - banners from partners. Other than that, you can only connect to a server in the US.

The program can also turn on the VPN connection itself (when working with certain applications). This way, you can work through a VPN with a list of programs, while the rest will use a regular connection.

The paid version costs €6.99 per month or €139.99 per lifetime license. You can still buy a lifetime license for 10 devices for $69.99.

Somewhere between the two options above. Here in the free version you get several servers to choose from: Germany, Hong Kong, Romania and the USA. Freedom of choice is compensated by limitations on connection speed, but not traffic.

A paid subscription costs 2,100 rubles per year.

Cargo VPN

Speed ​​measurement when connecting via VPN

Many people do not want to install a VPN because they are afraid of losing connection speed. Yes, such a problem can exist. Speed ​​may be limited to free plans VPN services. But large VPN providers guarantee a connection without loss of speed, but in this case you will have to pay a subscription. On the other hand, I recommend buying a VPN subscription in any case. Because free services one way or another they are trying to “make money” from their users. In this case, the security of the connection, your personal data, or even the information on the device suffers.

When you connect to the right VPN service, you won't experience any noticeable slowdowns or increased data consumption.

Now what?

Mostly nothing. Install the client you need on all devices and enjoy life without restrictions, wiretapping and surveillance. Use any programs, go to any sites and be yourself!

The first thing that comes to mind when mentioning a VPN is the anonymity and security of the transmitted data. Is it really? Let's figure it out.

When you need to access corporate network, safe to transfer important information By open channels communications, hide your traffic from the watchful eye of the provider, hide your real location when carrying out any not entirely legal (or not at all legal) actions, they usually resort to using a VPN. But is it worth blindly relying on a VPN, putting the security of your data and own safety? Definitely no. Why? Let's figure it out.

WARNING

All information is provided for informational purposes only. Neither the editors nor the author are responsible for any possible harm caused by the materials of this article.

We need a VPN!

A virtual private network, or simply VPN, is a general name for technologies that allow one or more network connections(logical network) on top of another network, such as the Internet. Although communications can be realized through public networks with an unknown level of trust, the level of trust in the built logical network does not depend on the level of trust in core networks thanks to the use of cryptography tools (encryption, authentication, infrastructure public keys, means to protect against repetitions and changes in messages transmitted over a logical network). As you can see, in theory everything is rosy and cloudless, but in practice everything is somewhat different. In this article, we will look at two main points that you must take into account when using a VPN.

VPN traffic leak

The first problem with VPNs is traffic leakage. That is, the traffic that should be transmitted through the VPN connection in encrypted form enters the network in open form. This scenario is not the result of a bug in the VPN server or client. Everything is much more interesting here. The simplest option is a sudden disconnection of the VPN connection. You decided to scan a host or subnet using Nmap, launched the scanner, walked away from the monitor for a few minutes, and then the VPN connection suddenly dropped off. But the scanner continues to work. And the scanning comes from your address. This is such an unpleasant situation. But there are more interesting scenarios. For example, VPN traffic leakage is widespread in networks (on hosts) that support both versions of the IP protocol (so-called dual-stacked networks/hosts).

Root of Evil

The coexistence of two protocols - IPv4 and IPv6 - has many interesting and subtle aspects that can lead to unexpected consequences. Although IP 6 is not backward compatible with IP 4, the two versions are glued together by the Domain Name System (DNS). To make it clearer what we mean we're talking about, let's look at a simple example. For example, let's take a website (let's say www.example.com) that has both IPv4 and IPv6 support. Corresponding to it Domain name(www.example.com in our case) will contain both types of DNS records: A and AAAA. Each A record contains one IPv4 address, and each AAAA record contains one IPv6 address. Moreover, one domain name can have several records of both types. This way, when an application that supports both protocols wants to communicate with the site, it can request either available addresses. The preferred address family (IPv4 or IPv6) and the final address that will be used by the application (given that there are several for versions 4 and 6) will differ from one protocol implementation to another.

This coexistence of protocols means that when a client that supports both stacks wants to communicate with another system, the presence of A and AAAA records will influence which protocol will be used to communicate with that system.

VPN and dual protocol stack

Many VPN implementations do not support, or even worse, ignore IPv6 entirely. When a connection is established, the VPN software takes care of transporting IPv4 traffic - adding a default route for IPv4 packets, thereby ensuring that all IPv4 traffic is sent through the VPN connection (instead of it being sent in the clear through local router). However, if IPv6 is not supported (or completely ignored), every packet with a destination IPv6 address in its header will be sent in the clear through the local IPv6 router.

The main reason for the problem lies in the fact that although IPv4 and IPv6 are two different protocols that are incompatible with each other, they are closely used in the domain name system. Thus, for a system that supports both protocol stacks, it is impossible to secure a connection to another system without securing both protocols (IPv6 and IPv4).

Legitimate VPN traffic leak scenario

Consider a host that supports both protocol stacks, uses a VPN client (working only with IPv4 traffic) to connect to the VPN server, and is connected to a dual-stacked network. If an application on the host needs to communicate with a dual-stacked node, the client typically queries both A and AAAA DNS records. Since the host supports both protocols, and the remote node will have both types of DNS records (A and AAAA), one of the likely scenarios will be to use the IPv6 protocol for communication between them. And since the VPN client does not support the sixth version of the protocol, IPv6 traffic will not be sent through the VPN connection, but will be sent in clear text via local network.

This scenario puts valuable data being transmitted in clear text at risk when we think it is being transmitted securely over the VPN connection. In this particular case, VPN traffic leakage is a side effect of using non-IPv6 software on a network (and host) that supports both protocols.

Deliberately causing VPN traffic to leak

An attacker can deliberately force an IPv6 connection on a victim's computer by sending fake ICMPv6 Router Advertisement messages. Such packets can be sent using utilities such as rtadvd, SI6 Networks' IPv6 Toolkit or THC-IPv6. Once an IPv6 connection is established, “communication” with a system that supports both protocol stacks can result, as discussed above, in leaking VPN traffic.

And although this attack may be quite fruitful (due to the growing number of sites supporting IPv6), it will only leak traffic when the recipient supports both versions of the IP protocol. However, it is not difficult for an attacker to cause traffic leaks for any recipient (dual-stacked or not). By sending fake Router Advertisement messages containing the appropriate RDNSS option, an attacker can pretend to be a local recursive DNS server, then perform DNS spoofing to perform a man-in-the-middle attack and intercept the corresponding traffic. As in the previous case, tools like SI6-Toolkit and THC-IPv6 can easily pull off this trick.

It doesn’t matter at all if traffic that is not intended for prying eyes ends up in the open on the network. How to protect yourself in such situations? Here are some useful recipes:

  1. If the VPN client is configured to send all IPv4 traffic over the VPN connection, then:
  • if IPv6 is not supported by the VPN client, disable support for the sixth version of the IP protocol for all network interfaces. Thus, applications running on the computer will have no choice but to use IPv4;
  • if IPv6 is supported, ensure that all IPv6 traffic is also sent through the VPN.
  1. To avoid traffic leakage if the VPN connection suddenly drops and all packets are sent through the default gateway, you can:
  2. force all traffic to go through VPN route delete 0.0.0.0 192.168.1.1 // delete default gateway route add 83.170.76.128 mask 255.255.255.255 192.168.1.1 metric 1
  • use the VPNetMon utility, which monitors the state of the VPN connection and, as soon as it disappears, instantly terminates user-specified applications (for example, torrent clients, web browsers, scanners);
  • or the VPNCheck utility, which, depending on the user’s choice, can either completely disable network card, or simply terminate the specified applications.
  1. You can check whether your machine is vulnerable to DNS traffic leaks on the website, and then apply the tips on how to fix the leak described.

VPN traffic decryption

Even if you have configured everything correctly and your VPN traffic does not leak into the network in the clear, this is not yet a reason to relax. The point is that if someone intercepts encrypted data transmitted through a VPN connection, he will be able to decrypt it. Moreover, it does not affect this in any way whether your password is complex or simple. If you use a VPN connection based on the PPTP protocol, then you can say with 100% certainty that all intercepted encrypted traffic can be decrypted.

Achilles' heel

For VPN connections based on the PPTP (Point-to-Point Tunneling Protocol), user authentication is carried out using the MS-CHAPv2 protocol developed by by Microsoft. Despite the fact that MS-CHAPv2 is outdated and very often the subject of criticism, it continues to be actively used. To finally send it to the dustbin of history, the famous researcher Moxie Marlinspike took up the matter, who reported at the twentieth DEF CON conference that the goal had been achieved - the protocol had been hacked. It must be said that the security of this protocol has been puzzled before, but such a long use of MS-CHAPv2 may be due to the fact that many researchers focused only on its vulnerability to dictionary attacks. Limited research and a wide number of supported clients, built-in support by operating systems - all this ensured widespread adoption of the MS-CHAPv2 protocol. For us, the problem lies in the fact that MS-CHAPv2 is used in the PPTP protocol, which is used by many VPN services (for example, such large ones as the anonymous VPN service IPredator and The Pirate Bay’s VPN).

If we turn to history, then already in 1999, in his study of the PPTP protocol, Bruce Schneier indicated that “Microsoft improved PPTP by correcting major security flaws. However, the fundamental weakness of the authentication and encryption protocol is that it is only as secure as the password the user chooses.” For some reason, this made providers believe that there is nothing wrong with PPTP and if you require the user to invent complex passwords, then the transmitted data will be safe. The Riseup.net service was so inspired by this idea that it decided to independently generate 21-character passwords for users, without giving them the opportunity to set their own. But even such a tough measure does not prevent traffic from being decrypted. To understand why, let's take a closer look at the MS-CHAPv2 protocol and see how Moxie Marlinspike managed to crack it.

MS-CHAPv2 protocol

As already mentioned, MSCHAPv2 is used for user authentication. It happens in several stages:

  • the client sends an authentication request to the server, publicly passing its login;
  • the server returns a 16-byte random response to the client (Authenticator Challenge);
  • the client generates a 16-byte PAC (Peer Authenticator Challenge - peer authentication response);
  • the client combines the PAC, the server response and its user name into one line;
  • an 8-byte hash is taken from the received string using the SHA-1 algorithm and sent to the server;
  • the server retrieves the hash from its database of this client and deciphers his answer;
  • if the decryption result matches the original response, everything is OK, and vice versa;
  • subsequently, the server takes the client's PAC and, based on the hash, generates a 20-byte AR (Authenticator Response), passing it to the client;
  • the client performs the same operation and compares the received AR with the server response;
  • if everything matches, the client is authenticated by the server. The figure shows a visual diagram of the protocol's operation.

At first glance, the protocol seems overly complicated - a bunch of hashes, encryption, random challenges. It's actually not that complicated. If you look closely, you will notice that in the entire protocol only one thing remains unknown - the MD4 hash of the user’s password, on the basis of which three DES keys are built. The remaining parameters are either transmitted in clear text, or can be obtained from what is transmitted in clear text.


Since almost all the parameters are known, we can not consider them, but pay close attention to what is unknown and find out what it gives us.


So what we have: unknown password, unknown MD4 hash of this password, known plaintext and the famous ciphertext. With more detailed consideration You can see that the user’s password is not important to us, but its hash is important, since it is this hash that is checked on the server. Thus, for successful authentication on behalf of the user, as well as for decrypting his traffic, we only need to know the hash of his password.

Having intercepted traffic in hand, you can try to decrypt it. There are several tools (for example, asleap) that allow you to guess a user's password through a dictionary attack. The disadvantage of these tools is that they do not provide a 100% guarantee of results, and success directly depends on the chosen dictionary. Selecting a password using simple brute force is also not very effective - for example, in the case of PPTP VPN service riseup.net, which forces passwords to be 21 characters long, would have to try 96 character variations for each of the 21 characters. This results in 96^21 options, which is slightly more than 2^138. In other words, you need to select a 138-bit key. In a situation where the length of the password is unknown, it makes sense to select an MD4 hash of the password. Considering that its length is 128 bits, we get 2^128 options - per this moment it's simply impossible to calculate.

Divide and rule

The MD4 hash of the password is used as input for three DES operations. DES keys are 7 bytes long, so each DES operation uses a 7-byte portion of the MD4 hash. All this leaves room for the classic divide and conquer attack. Instead of completely bruising the MD4 hash (which, as you remember, is 2^128 options), we can select it in 7-byte parts. Since three DES operations are used and each DES operation is completely independent of the others, this gives overall difficulty selection equal to 2^56 + 2^56 + 2^56, or 2^57.59. This is already significantly better than 2^138 and 2^128, but still too much big number options. Although, as you may have noticed, an error crept into these calculations. The algorithm uses three DES keys, each 7 bytes in size, that is, 21 bytes in total. These keys are taken from the MD4 hash of the password, which is only 16 bytes long.


That is, 5 bytes are missing to build the third DES key. Microsoft solved this problem simply by stupidly filling the missing bytes with zeros and essentially reducing the effectiveness of the third key to two bytes.


Since the third key has an effective length of only two bytes, that is, 2^16 options, its selection takes a matter of seconds, proving the effectiveness of the divide and conquer attack. So, we can assume that the last two bytes of the hash are known, all that remains is to find the remaining 14. Also, dividing them into two parts of 7 bytes each, we have total number options for enumeration, equal to 2^56 + 2^56 = 2^57. Still too much, but much better. Note that the remaining DES operations encrypt the same text, only using different keys. The search algorithm can be written as follows:

But since the text is encrypted the same, it is more correct to do it like this:

That is, there are 2^56 variants of keys to search through. This means that the security of MS-CHAPv2 can be reduced to the strength of DES encryption alone.

Hacking DES

Now that the key guessing range is known, it's up to the player to successfully complete the attack. computing power. In 1998, the Electronic Frontier Foundation built a machine called Deep Crack, which cost $250,000 and could crack a DES key in an average of four and a half days. Currently, Pico Computing, which specializes in building FPGA hardware for cryptographic applications, has built an FPGA device (DES cracking box) that implements DES as a pipeline with one DES operation per clock cycle. With 40 cores at 450 MHz, it can enumerate 18 billion keys per second. With such a brute-force speed, the DES cracking box in the worst case will crack DES key in 23 hours, and on average in half a day. This miracle machine is available through the commercial web service loudcracker.com. So now you can hack any MS-CHAPv2 handshake in less than a day. And having a password hash in hand, you can authenticate on behalf of this user on a VPN service or simply decrypt his traffic.

To automate work with the service and process intercepted traffic, Moxie posted in open access chapcrack utility. She parses intercepted network traffic, looking for MS-CHAPv2 handshake. For each handshake it finds, it prints the username, the known plaintext, two known ciphertexts, and cracks the third DES key. In addition, it generates a token for CloudCracker, which encodes three parameters necessary for the service to crack the remaining keys.

CloudCracker & Chapcrack

In case you need to crack DES keys from intercepted user traffic, I will provide a short step-by-step instruction.

  1. Download the Passlib library, which implements more than 30 various algorithms hashing for Python language, unpack and install: python setup.py install
  2. Install python-m2crypto - an OpenSSL wrapper for Python: sudo apt-get install python-m2crypto
  3. Download the chapcrack utility itself, unpack and install: python setup.py install
  4. Chapcrack is installed, you can start parsing the intercepted traffic. The utility accepts a cap file as input, searches it for MS-CHAPv2 handshake, from which it extracts the information necessary for hacking.
  5. chapcrack parse -i tests/pptp
  6. From the data output by the chapcrack utility, copy the value of the CloudCracker Submission line and save it to a file (for example, output.txt) Go to cloudcracker.com, select “Start Cracking” in the panel File Type , equal to “MS-CHAPv2 (PPTP/WPA-E)”, select pre-prepared on previous step

file output.txt, click Next -> Next and indicate your e-mail, to which a message will be sent once the hacking is complete.

Unfortunately, CloudCracker is a paid service. Fortunately, you won't have to pay that much to hack the keys - only 20 bucks.

What to do? Although Microsoft writes on its website that it currently has no information about active attacks using chapcrack, as well as the consequences of such attacks for user systems , but this does not mean that everything is in order. Moxie recommends PPTP to all users and providers VPN solutions

start migration to another VPN protocol. And PPTP traffic is considered unencrypted. As you can see, there is another situation where VPN can seriously let us down.

Conclusion

It so happens that VPN is associated with anonymity and security. People resort to using a VPN when they want to hide their traffic from the watchful eyes of their provider, replace their real geographical location, and so on. In fact, it turns out that traffic can “leak” into the network in the clear, and if not in the clear, then the encrypted traffic can be decrypted quite quickly. All this once again reminds us that we cannot blindly rely on loud promises of complete security and anonymity. As they say, trust, but verify. So be on your guard and make sure your VPN connection is truly secure and anonymous.

Imagine a scene from an action-packed movie in which the villain escapes the crime scene along the highway in a sports car. He is being pursued by a police helicopter. The car enters a tunnel that has several exits. The helicopter pilot does not know which exit the car will appear from, and the villain escapes the chase.

You've probably heard about VPN more than once. Lifehacker also talks about this thing. Most often, a VPN is recommended because using the network you can access geo-blocked content and generally increase security when using the Internet. The truth is that accessing the Internet through a VPN can be no less dangerous than directly.

How does a VPN work?

Most likely, you have a Wi-Fi router at home. Devices connected to it can exchange data even without the Internet. It turns out that you have your own private network, but in order to connect to it, you need to be physically within reach of the router’s signal.

VPN (Virtual Private Network) is a virtual private network. It runs on top of the Internet, so you can connect to it from anywhere.

For example, the company you work for may use a virtual private network to remote employees. Using a VPN, they connect to work network. At the same time, their computers, smartphones or tablets are virtually transferred to the office and connected to the network from the inside. To log into a virtual private network, you need to know the VPN server address, login and password.

Using a VPN is quite simple. Usually a company installs a VPN server somewhere on local computer, server or data center, and connection to it occurs using a VPN client on the user device.

Nowadays, all current devices have built-in VPN clients. operating systems, including Android, iOS, Windows, macOS and Linux.

The VPN connection between the client and the server is usually encrypted.

So VPN is good?

Yes, if you are a business owner and want to secure corporate data and services. Letting employees into work environment only via VPN and accounts, you will always know who did and is doing what.

Moreover, the VPN owner can monitor and control all traffic that goes between the server and the user.

Do your employees spend a lot of time on VKontakte? You can block access to this service. Does Gennady Andreevich spend half his working day on sites with memes? All his activity is automatically recorded in logs and will become an ironclad argument for dismissal.

Why VPN then?

VPN allows you to bypass geographic and legal restrictions.

For example, you are in Russia and want. We regret to learn that this service is not available from the Russian Federation. You can use it only by accessing the Internet through a VPN server in the country in which Spotify operates.

In some countries, there is Internet censorship that restricts access to certain sites. You want to access some resource, but it is blocked in Russia. You can open the site only by accessing the Internet through a VPN server of a country in which it is not blocked, that is, from almost any country except the Russian Federation.

VPN is useful and required technology, which copes well with a certain range of tasks. But the security of personal data still depends on the integrity of the VPN service provider, your common sense, attentiveness and Internet literacy.

VPN is a feature available on iPhone, iPad and iPod touch, which allows you to change the device’s IP address when accessing the Internet. There are several ways to use it.

Why do you need a VPN?

Using a VPN means that when you access the Internet, all sites and other objects requesting your IP will receive something other than yours. individual number, which records from which location you are entering the network, and another, tied to another location or another country.

This function can be useful in cases where you need to access a site that is blocked in your country, or log into any resource blocked by the settings of the Wi-Fi network through which the connection is made. VPN provides anonymity, that is, no one will know that it was from your device that you entered a particular Internet resource.

That is, if you are, for example, in Russia, then with the help of a VPN you can set an IP for your connection, thanks to which it will be displayed everywhere that you are, for example, in Italy.

The use of VPN is officially prohibited in Russia.

How to use a VPN

On iPhone, iPad, and iPod touch, there are two ways to use VPN services: through the device's built-in settings or through a third-party application.

Using VPN through built-in settings

To use this method, you will have to find a site that provides VPN services in advance and create an account on it.

  1. Expand device settings. Open your Apple device settings
  2. Go to main settings. Opening Apple's main settings
  3. Select "Network". Go to the “Network” section
  4. Select the VPN sub-item. Select the VPN subsection in the “Network” tab
  5. Start creating a new configuration. Click on the “Add configuration” button
  6. Please indicate that you want to use the PPTP protocol. Fill out all the fields: “Server” - the site that you found in advance, “Description” - can be obtained on the site, “ Account" - your account name, RSA - leave factory value, “Password” - the code for the account, if there is one, “Encryption” - absent. After filling in all the cells, save the entered data. Filling empty configuration cells
  7. Make sure the settings you create are selected as default. Setting the default configuration
  8. Return to general settings and activate the use of VPN. If you want to interrupt the connection via VPN, then click on the slider again so that the function becomes inactive. Enable VPN in device settings

Video: setting up a VPN using the system

Using a VPN through a third-party app

There are many programs that provide a VPN connection. One of the best is Betternet, it can be installed for free from App Store. To connect and disconnect VPN you need to press just one button, and the time itself using a VPN not limited. That is, you don’t have to manually enter settings, create accounts or use any other additional services. Just install the application, go into it and press the Connect button to connect and Disconnect to disconnect.


Connecting or disconnecting from a VPN via Betternet

You can also choose which country the VPN will link you to.

Choosing a VPN server via Betternet

Video: Setting up a VPN with Betternet

What to do if the VPN icon disappears

If the device is connected to the network via VPN, an icon will indicate this in the top notification bar. The disappearance of this icon means that you are still connected to the Internet, but redirection via the VPN has ended. That is, the VPN connection is interrupted; it can be deactivated on its own due to an unstable Internet connection or problems with the server providing VPN services. In this case, you must manually reconnect to the VPN again using one of the the above methods. You may have to reboot the device first, and only then perform reconnection.

VPN icon in notification bar

What to do if VPN doesn't work

A VPN connection may not work for two reasons: an unstable Internet connection or a problem with the server that provides VPN services. First, check if your connection to mobile internet or Wi-Fi network. Secondly, check the correctness of the entered settings if you used the first method described above, or install any other application other than the one described above in the second method, if you used it.

The best way to get rid of the VPN connection problem is to choose a different service or application. The main thing is to choose a VPN that will work in your area.

A VPN allows you to use services that are blocked in your area. You can use it through the settings of your Apple device or a third-party application.

VPN (Virtual Private Network), or translated into Russian, a virtual private network, is a technology that allows you to connect computer devices into secure networks to provide their users with an encrypted channel and anonymous access to resources on the Internet.

In companies, VPN is used mainly to unite several branches located in different cities or even parts of the world into one local network. Employees of such companies, using a VPN, can use all the resources that are located in each branch as if they were their own local resources, located nearby. For example, print a document on a printer located in another branch in just one click.

For ordinary users Internet VPN useful when:

  • the site has been blocked by the provider, but you need to log in;
  • you often need to use online banking and payment systems and want to protect your data from possible theft;
  • the service only works for Europe, but you are in Russia and don’t mind listening to music on LastFm;
  • you want the sites you visit not to track your data;
  • There is no router, but it is possible to connect two computers to a local network to provide both with access to the Internet.

How VPN works

Virtual private networks work through a tunnel they establish between your computer and remote server. All data transmitted through this tunnel is encrypted.

It can be imagined as an ordinary tunnel, which is found on highways, only laid through the Internet between two points - a computer and a server. Through this tunnel, data, like cars, rushes between points at the highest possible speed. At the input (on the user’s computer), this data is encrypted and goes in this form to the recipient (to the server), at this point it is decrypted and interpreted: a file is downloaded, a request is sent to the site, etc. After which the received data is encrypted again server and are sent through the tunnel back to the user’s computer.

For anonymous access to sites and services, a network consisting of a computer (tablet, smartphone) and a server is sufficient.

In general, data exchange via VPN looks like this:

  1. A tunnel is created between the user’s computer and the server with installed software for VPN creation. For example OpenVPN.
  2. In these programs, a key (password) is generated on the server and computer to encrypt/decrypt data.
  3. A request is created on the computer and encrypted using the previously created key.
  4. Encrypted data is transmitted through the tunnel to the server.
  5. The data coming from the tunnel to the server is decrypted and the request is executed - sending a file, logging into the site, starting the service.
  6. The server prepares the response, encrypts it before sending it, and sends it back to the user.
  7. The user's computer receives the data and decrypts it with the key that was generated earlier.

Devices included in a virtual private network are not geographically tied and can be located at any distance from each other.

For the average user of virtual services private network it is enough to understand that accessing the Internet via a VPN is complete anonymity and unlimited access to any resources, including those that are blocked by your provider or are not available in your country.

Who needs a VPN and why?

Experts recommend using a VPN to transfer any data that should not end up in the hands of third parties - logins, passwords, private and work correspondence, work with Internet banking. This is especially true when using open points access -- WiFi at airports, cafes, parks, etc.

The technology will also be useful for those who want to freely access any sites and services, including those blocked by the provider or open only to a certain circle of people. For example, Last.fm is available for free only to residents of the USA, England and a number of others European countries. Use music service from Russia will allow connection via VPN.

Differences between VPN and TOR, proxy and anonymizers

VPN works globally on the computer and redirects everything through the tunnel. software installed on the computer. Any request - via chat, browser, client cloud storage(dropbox), etc., before reaching the recipient, it goes through a tunnel and is encrypted. Intermediate devices “mix their tracks” through the encryption of requests and decrypt it only before sending it to the final recipient. The final recipient of the request, for example, a website, records not user data - geographic location, etc., but VPN data server. That is, it is theoretically impossible to track which sites the user visited and what requests he transmitted over a secure connection.

To some extent, anonymizers, proxies and TOR can be considered analogues of VPNs, but they all lose in some way to virtual private networks.

What is the difference between a VPN and TOR?

Like VPN technology TOR involves encrypting requests and transmitting them from the user to the server and vice versa. Only TOR does not create permanent tunnels; the paths for receiving/transmitting data change with each access, which reduces the chances of intercepting data packets, but not in the best possible way affects the speed. TOR is a free technology and is supported by enthusiasts, so you can't expect stable operation. Simply put, you will be able to access a site blocked by your provider, but it will take several hours or even days for HD video to load from it.

What is the difference between a VPN and a proxy?

Proxy, similar to VPN, redirects the request to the site, passing it through intermediary servers. It’s not difficult to intercept such requests, because the exchange of information occurs without any encryption.

What is the difference between a VPN and an anonymizer?

Anonymizer is a stripped-down version of proxy, capable of working only within open tab browser. You can use it to access the page, but you won’t be able to use most of the features, and no encryption is provided.

In terms of speed, proxy will win among the methods of indirect data exchange, since it does not provide for encryption of the communication channel. In second place is VPN, which provides not only anonymity, but also protection. Third place goes to the anonymizer, limited to working in open window browser. TOR is suitable when you don’t have the time or ability to connect to a VPN, but you shouldn’t count on high-speed processing of large requests. This gradation is valid for the case when non-grid servers are used, located at the same distance from the one being tested.

How to connect to the Internet via VPN

In RuNet, VPN access services are offered by dozens of services. Well, there are probably hundreds all over the world. Basically all services are paid. The cost ranges from a few dollars to several tens of dollars per month. Specialists who have a good understanding of IT create a VPN server for themselves, using servers provided by various hosting providers for these purposes. The cost of such a server is usually about $5 per month.

Prefer paid or free solution depends on requirements and expectations. Both options will work - hide location, replace IP, encrypt data during transmission, etc. - but there are problems with speed and access to paid services happen much less often and are resolved much faster.

Tweet

Plus

Please enable JavaScript to view the