Pricing Network
IP Address
Internet provider
Your Internet provider can possibly track your Internet activity.
Help & SupportContact
IP Address
Internet provider
Your Internet provider can possibly track your Internet activity.

How does a VPN tunnel work?

A VPN tunnel works by encapsulating data in an encrypted data packet. To understand encapsulation, let us attempt a simple analogy.

If you were a political refugee and your location was confidential for your safety but you needed to communicate with key people in your home country, how would you do it?

Well, one way would be write the message on a postcard with the address of the final recipient and then put the postcard into an envelope and post it to a trusted friend in your home country. When your friend receives it, he opens the envelope, puts a stamp on the postcard and posts it. Thefinal recipient of the postcard has no knowledge of where the postcard came from since the stamp is local.

The act of putting the postcard into the envelope with its own address is equivalent to encapsulation and when you do this with data on the Internet, you create a virtual private network tunnel, commonly called 'VPN tunneling'.

Although this is technically a VPN, it's not really private until you encrypt the contents of the envelope. Without encryption, we could still hide our identity but what if the final recipient was powerful enough and had friends in the post office? In this case the post office employee could see the stamp on the envelope before it reached your friend and leak your location.

To achieve a much higher level of security, you need to encrypt the contents of the postcard inside the envelope so that only yourself and your friend can decode it. Now if anyone intercepted and opened it they would have no idea who the postcard was addressed to nor would they understand the contents of the message.

When your friend receives the envelope he would open it and decrypt the message and forward it to its final recipient. In the context of a public VPN service, your friend would be the VPN service and the final recipient would be the website you are browsing.

It is worth noting at this point that the message sent from your friend to the final recipient cannot be encrypted since the final recipient does not have the decryption key. Equally, when using a VPN service, the data sent from the VPN service to the destination website cannot be encrypted; however your private IP address has been replaced with the address of the VPN service so your identity is still masked.

Whilst communicating with your friend, it's as if there is a secure tunnel between the two of you protecting the contents. This is why it is called a virtual tunnel or more commonly, a VPN tunnel.

The origin of your data are hidden so the websites and servers you visit can’t see where your activity originated. Rather, the activity appears to originate at the location of the VPN’s server.

The process of encapsulating the data hides its origin, but it isn’t automatically private or secure from hackers or government surveillance. To achieve a higher level of security, your data must also be encrypted so if your data is intercepted between your device and the VPN’s server, it can’t be read or understood.

You have a right to privacy—even when you’re online. And when you use a VPN tunnel to go online, you protect your online activity and private data from hackers, governments and corporations who may want to watch what you do.

All the features you need in a VPN


Your privacy is always our first priority

IVPN never tracks personal information or logs your online activity. All IVPN apps are open-source and our service is independently audited to verify our claims.


Your privacy can be compromised by many different privacy leaks

All IVPN apps automatically blocks all known privacy leaks including IPv6, DNS, disconnection and WebRTC leaks.


Enhanced privacy with multihop

Multihop routes your connection through multiple servers in different jurisdictions. Should the exit VPN be compromised you’re still protected by the entry VPN server you’re connected to.


Your high-speed fiber connection needs a VPN that can keep up

Our highly optimised load balanced servers are located near our customers to decrease latency and increase speed, you won't even realize you're connected.


Your privacy requires strong encryption standards

Which is why IVPN uses OpenVPN with AES-256 encryption with 4096-bit RSA keys. New encryption keys are generated every hour providing perfect forward secrecy.


Your privacy & security depend on more than connecting to a VPN

Which is why we compile high quality privacy and security guides for our customers to follow, for all levels of experience.

Take a step towards your surveillance-free future

Start using IVPN for free and block ISP's from monitoring your Internet activity.