Introduction to VPNs

Lessons Discussion
10

Hello Grant

One of the things that can get confusing about VPNs is the terminology used. Services such as ExpressVPN call themselves VPNs services, and do indeed use VPN technology, but their primary purpose isn’t that for which VPNs have been originally created. This post describes this discrepancy in detail:

Now having said that, when you use a service such as ExpressVPN, what you are actually doing is something like this:

image
image776×518 49.6 KB

You are creating a secure VPN between your PC and the VPN service server. The server will then connect to Google using its own IP address. The result is that Google will only see the 123.45.67.89 IP address and not your actual address in all of your communication. Thus the primary (although not the only) purpose of such a VPN service is to hide your IP address.

Now this resembles a “client to site” VPN, but it isn’t really. The purpose of a client to site VPN is to provide access to internal corporate network services to a remote client. In other words, the client PC will gain a private internal IP address and will function as if it was physically connected to a switch on the premises of an enterprise network. This is not being achieved using the VPN service in the diagram above, since there is no “internal corporate network” here.

This is indeed a client to site VPN with the real meaning of the term. However, in such a setup, you can configure the client to connect to the Internet either through the VPN, or via its own Internet connection. Take a look at this diagram:

image
image1037×343 74.3 KB

In this case, the client is connecting via AnyConnect to the ASA, but you can configure his Internet access to be gained either through the corporate internet connection (green dotted line) or you can employ what is known as split tunnelling, where internet connectivity is achieved via the client’s own Internet connection (red dotted line). In your case, split tunnelling is activated, and this is why Internet services see your real IP address and not that of your corporate network.

You can find out more about split tunnelling here:

I hope this has been helpful!

Laz