Know Your Terms: VPN and VLAN
#1

So, I am getting pretty annoyed about how often these terms get confused (and I understand they are pretty confusing sometimes), but in order to have clear and understandable communication, it's better to use them properly and accordingly, so that's why I am writing this. I hope this post solves this confusion for you once and for all. I will also refrain from being overly technical, assuming only basic knowledge in the subject (client, server, packet as a unit of data etc.).

Let's start with the basics:

LAN
Local Area Network is any network that covers a small area, usually limited to a single household (cable or Wi-Fi – WLAN). Computers in a LAN can see each other, and can have direct communication with each other. Any communication with the outside world is usually done via a router which directs incoming and outgoing packets to their proper destinations.

WAN
Wide Area Network is a large-scale network, like the Internet. Packets travelling between different networks need to be routed through the WAN to find their destination. In essence, this is a network of networks (LANs).

Here comes the important part:

VPN
Virtual Private Network is basically "LAN over WAN". Its core characteristic is that computers can communicate with each other like if they were in one single network, but physically, they are in different LANs and the packets actually travel through the WAN. VPN does not automatically imply anonymity, privacy, or security; it only guarantees that the communication appears to be direct, like in a LAN.

Usually, asymmetric cryptography is used to protect the communication sent over a VPN, so it cannot be read by any devices along the way in the WAN.

VPNs are used primarily for companies (so employees can have quick and secure access to their servers), and in gaming. Hamachi, Tunngle, Evolve, and Game Ranger are prime examples of VPNs I have used for playing games with others (TeamViewer VPN as well).

Proxy
A proxy is a service whose prime use is to direct packets to their destination, but mask their origin. There are lots of types of proxies, ranging from web/HTTP proxies, general-purpose proxies (SOCKS) and others. Some use the web browser, others are more integrated into the system.

A proxy is used when you want the packets you send to a server appear to be coming from a different origin than yours, to circumvent access retrictions (to get around country laws or bans) or for anonymity. One good example of a popular proxy service is the decentralised Tor network which employs multiple spread proxies and encryption to prevent any attempts at tracing the source of communication.

VPN proxy
The source of the confusion I have mentioned is the term VPN proxy. It is possible to combine the two techniques described above to run a proxy service over a VPN, which now happens to be a popular way of using both its components. The proxy server and your computer establish a single network via a VPN, and the computer is configured to direct its communication to the proxy server.

Nevertheless, a VPN proxy is still a proxy. In order for your IP address to stay hidden, the target server must be misinformed by receiving packets from a different IP address, one owned by the proxy server. This means that the proxy server is a necessary part of this whole mechanism, and a simple VPN is not enough.

Calling "VPN proxy" a "VPN" is like calling "chainsaw" a "chain"; the fact that it uses a chain does not make it one. In this expression, "VPN" happens to be an adjective, while "proxy" is the noun and the more important component (despite being the second).

When you look for anonymity when accessing the Internet, you look for a proxy. You may look for a VPN one to use its advantages, but you still look for a proxy, not just a VPN.

VLAN
The incorrect usage of "VPN" has led to the rise of another improperly used term: Virtual LAN (frequently used to mean VPN). However, this term is used for a sub-network established in a LAN that on its own behaves like a single LAN. The communication goes via the real LAN, but the packets contain additional information that specifies which virtual network they are in.

You usually don't look for a VLAN, unless you are a network administrator or designer. The relation between a VLAN and a LAN is similar to the relation between a VPN and a WAN (when we do not treat the LAN as a single unit in a WAN).

Addendum
You might think that I have no rights to "prescribe" what the meaning of these terms should be, and only their usage is the important thing. However, the sole fact that these are terms implies that they must be well and unambiguously described, consistent and constant (in their context, networking in this case). The terms VPN, proxy, or VLAN were conceived with these meanings and definitions, and so that is what they mean, regardless of how one uses them.

It's also impractical to redefine their meanings, since that only leads to errors in communication and increases the confusion for those interested in these subjects. This comes from my own experience from having looked for these services or discussed these concepts.

So I hope this post has clarified these terms to you, and you will have their correct meaning in mind when using them, for the benefit of us all.
Reply
#2

Very useful knowledge.

Thank you IllidanS4, very cool.
Reply
#3

Good work, easy to understand and knowledgeable tutorial.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)