Pricing Network
IP Address
Internet provider
Your Internet provider can track your Internet activity.
Help & SupportContact
IP Address
Internet provider
Your Internet provider can track your Internet activity.

How does a VPN tunnel work?

A VPN tunnel works by encapsulating data in an encrypted data packet. To understand encapsulation, let us attempt a simple analogy.

If you were a political refugee and your location was confidential for your safety but you needed to communicate with key people in your home country, how would you do it?

Well, one way would be write the message on a postcard with the address of the final recipient and then put the postcard into an envelope and post it to a trusted friend in your home country. When your friend receives it, he opens the envelope, puts a stamp on the postcard and posts it. Thefinal recipient of the postcard has no knowledge of where the postcard came from since the stamp is local.

The act of putting the postcard into the envelope with its own address is equivalent to encapsulation and when you do this with data on the Internet, you create a virtual private network tunnel, commonly called 'VPN tunneling'.

Although this is technically a VPN, it's not really private until you encrypt the contents of the envelope. Without encryption, we could still hide our identity but what if the final recipient was powerful enough and had friends in the post office? In this case the post office employee could see the stamp on the envelope before it reached your friend and leak your location.

To achieve a much higher level of security, you need to encrypt the contents of the postcard inside the envelope so that only yourself and your friend can decode it. Now if anyone intercepted and opened it they would have no idea who the postcard was addressed to nor would they understand the contents of the message.

When your friend receives the envelope he would open it and decrypt the message and forward it to its final recipient. In the context of a public VPN service, your friend would be the VPN service and the final recipient would be the website you are browsing.

It is worth noting at this point that the message sent from your friend to the final recipient cannot be encrypted since the final recipient does not have the decryption key. Equally, when using a VPN service, the data sent from the VPN service to the destination website cannot be encrypted; however your private IP address has been replaced with the address of the VPN service so your identity is still masked.

Whilst communicating with your friend, it's as if there is a secure tunnel between the two of you protecting the contents. This is why it is called a virtual tunnel or more commonly, a VPN tunnel.

The origin of your data are hidden so the websites and servers you visit can’t see where your activity originated. Rather, the activity appears to originate at the location of the VPN’s server.

The process of encapsulating the data hides its origin, but it isn’t automatically private or secure from hackers or government surveillance. To achieve a higher level of security, your data must also be encrypted so if your data is intercepted between your device and the VPN’s server, it can’t be read or understood.

You have a right to privacy—even when you’re online. And when you use a VPN tunnel to go online, you protect your online activity and private data from hackers, governments and corporations who want to watch what you do.

IVPN offers you better private Internet access


Your privacy is and will always be our first priority

IVPN never tracks personal information or logs your online activity as verified by a team of independent security auditors.


Your privacy can be easily compromised by leaks

IVPN software automatically blocks all known privacy leaks, even recently discovered IPv6, DNS and disconnection leaks. It even disables WebRTC.


Your privacy is ensured with high performance multihop servers

Multihop is hard to implement with high performance but we've done it and no competitor comes close. No tunnels within tunnels or other cheap hacks.


Your sanity requires a VPN that can keep up with your fibre connection

Our highly optimised load balanced servers are located near our customers to decrease latency and increase speed, you won't even realize you're connected.


Your privacy requires strong encryption designed by experts

Which is why IVPN uses AES-256 encryption with 4096-bit RSA keys. New encryption keys are generated every hour providing perfect forward secrecy.


Your privacy & security depend on more than connecting to a VPN

Which is why we compile high quality privacy and security guides for our customers to follow, for all levels of experience.

Protect yourself today and get peace of mind

Shut out hackers, identity thieves and the global government surveillance apparatus — every time you go online.