VPN tunnel: What is it and how does it work?

A woman researching VPN tunnels on her computer.

A VPN tunnel — short for virtual private network tunnel — can provide a way to cloak some of your online activities. Learn more.


A VPN tunnel is an encrypted link between your computer or mobile device and an outside network.

A VPN tunnel — short for virtual private network tunnel — can provide a way to cloak some of your online activity.

How? A VPN tunnel connects your smartphone, laptop, computer, or tablet to another network in which your IP address is hidden and all the data you generate while surfing the web is encrypted.

By connecting to websites through a VPN tunnel — and not directly — you can help keep businesses, government bodies, hackers, or other snoops from tracking your online activity or viewing your IP address — which, like your actual address, identifies your location — while you’re online.

A VPN tunnel is useful when you’re logging onto the internet using public Wi-Fi at hotels, coffee shop, or library.

How does VPN tunneling work?

To connect to the internet through a VPN tunnel, you'll first have to sign up with a virtual private network service, better known as a VPN. The VPN is the key to hiding your IP address and shielding your online activity from snoops.

Before visiting websites, you'll log into your VPN provider’s service. When you then start searching online, the websites you visit and your own internet service provider — ISP, for short — won't see your IP address. Instead, they'll see the IP address of your VPN provider, helping to protect your privacy.

In essence, when you click on links or download files from a site, no one will know it’s your activity. It’s as if your VPN provider has built a tunnel around your online activity, providing a barrier between it and everyone else.

Using a VPN alone may not be enough to protect your online privacy, though. That’s why VPN providers take one more step to encrypt the data you send and receive while you are online. When your data is encrypted, it is scrambled so snoops can’t intercept and decipher it.

When you enable this added layer of protection, hackers, businesses, governments, or others won't be able to track what sites you visit, files you download, videos you stream, or online games you play.

Hiding your IP address and encrypting the data you send and receive is a powerful combination to help keep your online browsing sessions private.

VPN tunnel protocols

Not all VPN tunnels are equally effective in protecting your online privacy. The strength of a tunnel depends on the type of tunneling protocol your VPN provider uses.

Some protocols are outdated and may not provide data encryption that is strong enough to deter online snoops so it’s a good idea for you to work with a VPN provider that relies on the strongest possible tunneling protocol.


Point to Point Tunneling Protocol — better known as PPTP — is one of the oldest versions still in use today. The strength of this protocol is its speed: It features extremely fast connection speeds.

This speed comes at a cost, though. PPTP is fast partly because its level of data encryption is weak by today's standards. This means it's easier for outsiders to crack the encryption provided by this protocol. If you want more protection, investigate a stronger form of protocol.


Layer 2 Tunneling Protocol, when used with Internet Protocol Security, is a step up from basic PPTP. That's because this level of tunneling protocol offers two stages of protection: Both the L2TP and IPSec portions of this protocol create their own encryption. This results in two layers of protection for your online data.

The downside? This type of tunneling protocol, because of the two layers of encryption, can result in slower online connection speeds. L2TP/IPSec sometimes gets blocked by firewalls, too. That's because this type of VPN tunneling uses fixed ports.


Secure Socket Tunneling Protocol is unusual because it is only available on Windows operating systems. This type of tunneling protocol is very secure, making it a safe choice. It also doesn't use fixed ports, so it's easier for SSTP to get through firewalls.

The problem, of course, is that this protocol isn't available for operating systems other than Windows. That shuts out many potential users.


If you're looking for the strongest protection while online, you should consider investing in a VPN service provider that relies on the OpenVPN protocol.

This protocol works with all the major operating systems, Linux, Window, and Mac, on the mobile operating systems of Android and iOS.

Maybe you prefer an independent operating system? OpenVPN might have you covered, because it works with such systems as FreeBSD, NetBSD, Solaris, and OpenBSD.

OpenVPN is currently considered the top form of VPN tunneling protocol. That's because its encryption is especially strong. It's also adept at getting past firewalls.

Protecting your privacy while online

The key to VPN tunneling is to actually use the service. A VPN can’t keep your identity private or encrypt the data you send and receive if you skip that extra step of connecting to your VPN provider first before you access the internet.

Remember, too, that to truly protect your online privacy, you’ll need to enable VPN protection on any device you use to reach the web from public locations. Specifically, implementing a VPN on your iPhone or Android increases comprehensive security across various networks. It doesn’t help to have your laptop protected by a VPN only to log onto the internet with your smartphone while you’re relaxing at the coffee shop.

The bottom line? VPN tunneling is a must for online privacy. Just make sure you use your VPN service once you sign up with it.

Related VPN Articles

Try Norton 360 FREE 7-Day Trial* - Includes Norton Secure VPN

7 days of FREE* comprehensive antivirus, device security and online privacy with Norton Secure VPN.

Join today. Cancel anytime.
*Terms Apply

Dan Rafter
  • Dan Rafter
  • Freelance writer
Dan Rafter is a freelance writer who covers tech, finance, and real estate. His work has appeared in the Washington Post, Chicago Tribune, and Fox Business.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.