A complete guide to VPN tunneling

A VPN, or Virtual Private Network, encrypts all of the data sent to and from your device and routes it through an intermediary server that stands between you and the internet. The encrypted connection between your device and the VPN server is often referred to as a “tunnel”. No third-parties, such as your ISP, government, or local IT administrator, can see the contents of your data or its destination while the VPN is active.

We’ll discuss how VPN tunneling works in this article, including encryption, protocols, and why tunneling is necessary for security and privacy.

What is VPN tunneling?

When you first connect to a VPN, your device and the VPN server perform a handshake and exchange encryption keys. This ensures that only the VPN server can decrypt data sent from your device and, conversely, only your device can decrypt data sent from the VPN server.

VPN Handshake

 

Once the connection is established, your device and the server can securely transmit data back and forth through the “tunnel”. Data is encrypted with the key before it ever leaves your device. When it reaches the VPN server, it is decrypted, then forwarded to the final destination—a website, app, streaming service, etc. How vpn works

Data coming from the internet goes through the same process in reverse: data is sent from the app or website to the VPN server. The VPN server encrypts the data and sends it to your device, where it’s decrypted with the key.

The “tunnel” analogy comes from the VPN’s encryption. Data can go back and forth between the tunnel, but there are only two endpoints—your device and the VPN server—where data is encrypted and decrypted.

What to look for when choosing a VPN

How you plan on using the VPN determines which tunneling features will best serve you. VPN tunneling can be used for a number of purposes:

  • Unblocking streaming sites from abroad: The VPN tunnel should have fast speed and a stable connection. No leaks that could give away your real IP address.
  • Accessing the web from China: The VPN tunnel needs to be both inconspicuous and secure. Obfuscation is often used to hide VPN tunnels going in and out of China to bypass the Great Firewall. This also applies in other countries where VPNs are blocked like the UAE and Iran.
  • Securing public wi-fi: The tunnel should be secure with no leaks. A kill switch can help keep this tunnel secure.
  • Torrenting: Security and speed are both paramount here. The VPN should have a kill switch, no leaks, and preferably split tunneling.
  • Private web browsing: Strong encryption in the VPN tunnel, combined with a no-logs policy and your browser’s incognito or private browsing mode, enables you to surf the web privately and anonymously.

Split tunneling

Split tunneling is a VPN feature that allows you to choose which data goes through the encrypted VPN tunnel and which uses a direct, unencrypted connection.

A few VPN apps offer split tunneling that allows you to choose which apps use the VPN and which do not. Although whitelisting which apps use the VPN is the most common type of split tunneling, it can also be done by device (at a router level), ports used, or type of traffic.

Split tunneling is useful in situations where only certain activities need to be protected by the VPN. While torrenting, for example, you can set your torrenting app to use the VPN while your web browser uses a normal internet connection.

See also: Best VPNs for split tunneling

What are VPN tunneling protocols

A VPN tunneling protocol sets the rules for how your device and the VPN server communicate. Not all protocols are equal, and they each have their advantages and disadvantages. You can often choose between protocols in your VPN app settings.

Here are some of the most common VPN tunneling protocols in use today:

  • OpenVPN: an open-source protocol that offers strong security and medium speed, and usually requires a third-party app to use. This is the most popular protocol among consumer VPN apps. Uses SSL encryption.
  • Wireguard: a newer open-source protocol with fast speeds and decent security, though users’ IP addresses are stored on the server by default. Uses ChaCha20 encryption and usually requires a third-party app. You can find out more in our Best VPNs with Wireguard article.
  • IKEv2: A medium-speed protocol that’s great at quickly reconnecting after losing signal, which makes it ideal for mobile users. Uses IPSec encryption. Support comes built into many newer devices.
  • L2TP: A medium-speed protocol that comes built into many popular operating systems like Windows, MacOS, iOS, and Android. Uses IPSec encryption.
  • SSTP: Similar to L2TP but exclusive to Microsoft systems, such as Windows
  • PPTP: A fast but insecure protocol that shouldn’t be used due to known security vulnerabilities.

Many VPN apps have multiple protocols available to choose from. Some even have their own proprietary protocols, often based on those above. NordVPN’s NordLynx, ExpressVPN’s Lightway, VyprVPN’s Chameleon, and Hotspot Shield’s Hydra Catapult are all examples of proprietary VPN protocols.

Best VPNs that use tunneling

Some VPNs have faster or more secure tunnels than others. Comparitech tests and reviews dozens of VPNs to find out which ones will best protect your data while delivering high speeds and access to region-locked content around the world.

Here are our top picks for VPNs with the most secure tunneling:

1. NordVPN

NordVPN Nov 2024

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux
  • Background FireTV

Website:  www.NordVPN.com

Money-back guarantee: 30 DAYS

NordVPN operates a huge network of servers around the world and is the fastest VPN we’ve tested. It works in China, unblocks Netflix and many other streaming services, and uses leak-proof encryption. You can connect up to six devices at once, with apps available for Windows, MacOS, iOS, and Android, Fire TV, and Linux. Live chat support is available 24/7 on the website.

Supported tunneling protocols include NordLynx (Wireguard), OpenVPN, and IKEv2. Split tunneling is not supported, but an app-specific kill switch will cut selected programs off from the internet if the VPN connection drops for any reason.

Pros:

  • Fastest VPN
  • No logs
  • Strong encryption
  • Unblocks lots of streaming sites
  • 24/7 live support

Cons:

  • iOS app might not work in China
  • Android app has no kill switch

Our score:

4.5 out of 5

BEST FOR TUNNELING:NordVPN is the fastest VPN around and boasts excellent security. Try it risk-free with a 30-day money-back guarantee.

Read our full NordVPN review.

NordVPN Coupon
74% off 2 year plans + 3 EXTRA months
Black Friday TagGet Deal >
Discount applied automatically

2. Surfshark

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

Website:  www.Surfshark.com

Money-back guarantee: 30 DAYS

Surfshark is a budget-friendly provider that doesn’t skimp on speed or privacy. It’s great for unblocking region-locked content like Netflix, Amazon Prime, BBC iPlayer, and Hulu. You can connect an unlimited number of devices at once, which makes this a great deal for a family or group of housemates.

Surfshark supports the following protocols: IKEv2, OpenVPN, Wireguard, and Shadowsocks.

Apps are available for Windows, MacOS, iOS, Fire TV, and Linux.

Pros:

  • Unlimited connections
  • Unblocks streaming sites well
  • No logs
  • Strong encryption

Cons:

  • Average speed
  • Smaller number of servers

BUDGET CHOICE:Surfshark is a great unblocker with unlimited connections on a single plan. Try it out with a 30-day money-back guarantee.

Read our full Surfshark review.

Surfshark Coupon
87% OFF + 4 months free
Black Friday TagGet Deal >
Discount applied automatically

3. ExpressVPN

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

Website:  www.ExpressVPN.com

Money-back guarantee: 30 DAYS

ExpressVPN is a premium service with rock-solid apps and fast performance. It’s great for unblocking region-locked streaming services like Netflix, BBC iPlayer, Hulu, and Prime Video. The apps for Windows, MacOS, iOS, Android, Fire TV, Linux, and certain wi-fi routers are all leak proof and use the strongest available encryption. When it comes to security, ExpressVPN is at the front of the pack.

Supported protocols include Lightway (ExpressVPN’s proprietary protocol), OpenVPN, L2TP, and IKEv2. Split tunneling allows you to choose which apps use the VPN and which use a direct, unencrypted connection.

ExpressVPN reliably bypasses China’s Great Firewall. You can connect up to five devices at a time. Live chat support is available 24/7.

Pros:

  • Extremely secure
  • Easy to use
  • Unblocks most streaming services
  • Huge server network

Cons:

  • On the pricier side
  • Average speed

Our score:

4 out of 5

SECURE TUNNEL:ExpressVPN is a privacy-first VPN It works with a wide range of devices and offers an all-around excellent service. Comes with a 30-day money-back guarantee.

Read our full ExpressVPN review.

ExpressVPN Coupon
SAVE: 82% + 6 months free on 2 year plans
Black Friday TagGet Deal >
Coupon applied automatically

4. CyberGhost

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

Website:  www.Cyberghost.com

Money-back guarantee: 45 DAYS

CyberGhost is an easy-to-use VPN that makes unblocking streaming services and securing your web browsing simple. Users can choose the streaming service they want to unblock right from the app instead of guessing at which server to use. CyberGhost uses strong encryption and keeps no logs of its users activity or other identifying information.

CyberGhost supports the Wireguard, OpenVPN, IKEv2, L2TP, and PPTP protocols. You can connect up to seven devices at once on Windows, MacOS, iOS, Android, Fire TV, and Linux.

Pros:

  • Easy to use
  • Good security
  • No logs
  • Unblocks tons of streaming services

Cons:

  • Doesn’t work reliably from China or UAE

Our score:

4.5 out of 5

EASY VPN TUNNEL:CyberGhost packs great security, speeds, and unblocking into user-friendly apps. It comes with a 45-day money-back guarantee.

Read our full CyberGhost review.

CyberGhost Coupon
SAVE 84% on the 2 year plan + 4 months free!
Black Friday TagGet Deal >
Discount applied automatically

5. IPVanish

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

Website:  www.IPVanish.com

Money-back guarantee: 30 DAYS

IPVanish has long been a favorite among torrenters and Kodi users. It unblocks Netflix and a few other streaming services, but it’s not a region-unblocking powerhouse like others on this list. Instead, IPVanish is all about security. You can even change your IP address at set intervals and enable obfuscation to avoid detection.

Like Surfshark, IPVanish lets you connect as many devices as you want on a single plan. Apps are available for Windows, MacOS, iOS, Android, and Fire TV.

IPVanish protocols consist of IKEv2, OpenVPN, L2TP, IPSec, and PPTP.

Pros:

  • Strong security
  • No logs
  • Good for torrenting

Cons:

  • Not the fastest
  • Can’t unblock as many streaming services

SECURE TUNNEl:IPVanish is a solid VPN if you want to maximize privacy and security on all the devices in your house. It’s backed by a 30-day money-back guarantee.

Read our full IPVanish review.

EXCLUSIVE IPVANISH DEAL
The cheapest MONTHLY Black Friday plan!
Black Friday TagGet Deal >
Lifetime Discount: Coupon applied automatically