# Virtual Private Network (VPN) A Virtual Private Network (VPN) creates an encrypted tunnel between devices or networks over an untrusted network (typically the internet). It provides confidentiality (encryption), authentication (identity verification), and integrity (tamper detection) for traffic flowing through the tunnel. ## Types - **Remote access VPN**: Connects individual devices to a private network (e.g., employee laptop to corporate network) - **Site-to-site VPN**: Connects entire networks together (e.g., branch office to headquarters) - **Mesh VPN**: Every node connects directly to every other node, forming a peer-to-peer overlay network ## Protocols - [[WireGuard]] — Modern, minimal, fast. The current gold standard for new deployments - **OpenVPN** — Mature, widely supported, runs in userspace. More complex to configure - **IPsec/IKEv2** — Enterprise standard, built into most operating systems. Complex protocol suite - **SSL/TLS VPN** — Browser-based or clientless access, common in enterprise remote access ## Modern Overlay Networks Traditional VPNs route traffic through a central gateway, creating a bottleneck. Modern solutions build mesh overlay networks on top of [[WireGuard]], adding identity-based access control, automatic peer discovery, and NAT traversal: - [[Tailscale]] — Zero-trust mesh VPN with SSO integration, simplest setup - [[NetBird]] — Open-source alternative with strong ZTNA policies, fully self-hostable - [[ZeroTier]] — SDN-based approach with its own cryptographic identity system ## References - Wikipedia: https://en.wikipedia.org/wiki/Virtual_private_network ## Related - [[WireGuard]] - [[Tailscale]] - [[NetBird]] - [[ZeroTier]] - [[Zero Trust Security]]