Enterprise VPNs

The Top 10 Enterprise VPN Solutions

Discover the top ten best business VPNs. Explore features such as device compatibility, encryption, scalability, central management and activity management.

Last updated on Mar 14, 2024

Written by Caitlin Jones

Technical review by Laura Iannini

The Top 10 Enterprise VPN Solutions Include:

1. Twingate
2. GoodAccess
3. NordLayer
4. Cisco AnyConnect
5. Citrix Gateway (formerly NetScaler)
6. Fortinet FortiClient
7. Google Cloud VPN
8. Palo Alto Networks GlobalProtect
9. Perimeter 81
10. Zscaler Private Access

Virtual private networks, or VPNs, create a private network across a public internet connection. They give you anonymity and privacy by hiding your internet protocol (IP) address, which reduces your digital footprint, and by securing and encrypting your connections. Think of the VPN as a secret tunnel between your device and the internet; nobody can see what you’re doing inside the tunnel except you and the person on the other end that you’re sending data to—not even your internet service provider. This means that users can send and receive information as securely as if they were directly connected to a private network. But why does your business need an enterprise VPN, or a corporate VPN?

When your users surf the internet on an unsecured Wi-Fi network, anyone else using the same network can tap into what they’re doing and access their browsing habits and private information. Firstly, by encrypting your users’ connections, a corporate VPN secures their online activity against anyone trying to access it without permission. Secondly, a private connection improves security across private networks when users are connecting via a public or insecure Wi-Fi router. This is a particularly useful feature for organizations with employees working remotely, either from home or in a role that requires them to travel. Thirdly, an enterprise VPN allows admins to set up granular access controls that restrict users from accessing areas of the network that they don’t need to. Some VPNs do this through internal gated networks, and some deploy it at an application level. A powerful corporate VPN may also come with built-in firewalls to protect against viruses, hacks, and other threats.

Large enterprises require a high level of security, sometimes for thousands of users at once. It’s important that a corporate VPN is able to cater to this demand, as well as give the organization the tools it needs to be able to deploy and manage its VPN and integrate it with other security resources.

In this article, we’ll explore the top ten enterprise VPNs, which are designed specifically to protect corporate web connections. Each of these offers different features, including varied device compatibility, scalability, central management, and activity management. We’ll give you some background information on the provider and the key features of each solution, as well as the type of customer that they are most suitable for.

Twingate

Twingate is a cybersecurity company that provides secure, remote access to corporate resources for distributed workforces, without sacrificing productivity. Their cloud-based platform enables IT to establish a software-defined perimeter and centrally manage user access to company applications, regardless of whether they are on-prem or in the cloud, without changing the existing IT infrastructure.

With Twingate, users can connect to a corporate resource via its FQDN or IP address without any user interaction needed. Twingate supports split tunnelling and intelligent routing to reduce the burden on an organization’s network and eliminate backhauling, ensuring fast and reliable connections. The platform’s ViPR technology handles authorization and routing decisions automatically, reducing the strain on IT teams. From the central management console, admins can provision and deprovision users, gain app-level visibility into user access, and configure granular access policies. Resource-level access policy customization enables organizations to enforce the principles of least privilege and zero trust security by limiting network access for potential hackers, even if they manage to compromise a user’s connection. Finally, Twingate offers integrations with leading identity providers like Okta and OneLogin to support single sign-on (SSO) across all user accounts for added security and usability.

Deployed in the cloud, Twingate offers three packages: Starter for individuals and small teams of up to five users, Business for up to 150 users with email support and more granular access controls, and Enterprise for an unlimited number of users with network analytics features and priority support. Customers praise Twingate for its lightweight, intuitive interface and ease of deployment. We recommend Twingate as a user-friendly solution for SMBs and mid-sized enterprises looking to provision their remote users with fast, secure access to corporate resources with ease.

Discover Twingate Get Pricing

Get A Demo

GoodAccess

GoodAccess offers a cloud-based VPN solution designed for businesses. This service is a 100% Software-as-a-Service (SaaS) platform that provides remote access to resources, aiming to protect users, applications, and networks. GoodAccess allows businesses to quickly establish a VPN connection through a dedicated gateway that can be chosen from various global locations.

GoodAccess boasts features such as static IP whitelisting, secure web gateway to defend against online threats, split tunneling to control traffic routes, native mobile and desktop applications, and robust encryption protocols like IKEv2/IPSec and OpenVPN. Additional security measures include two-factor authentication for both the platform’s management interface and client applications. Furthermore, the GoodAccess control panel facilitates the integration of systems, applications, and devices into the network and offers a user-friendly interface with guidance for network and user management.

Key features include a dedicated VPN gateway with the option of selecting from multiple global locations, static IP for IP whitelisting to restrict access, a secure web gateway to shield users from threats, split tunneling capabilities, and native apps for various devices. Encryption is prioritized with IKEv2/IPSec and OpenVPN protocols, ensuring communication remains confidential. The VPN service is also equipped with two-factor authentication for enhanced security. The user-friendly control panel aids in network and user management, offering a clear view of traffic.

Discover GoodAccess Try For Free

Book A Demo

NordLayer

NordLayer is a cybersecurity solution for business from market-leading online privacy and security provider, Nord Security. Over 15 million users currently trust NordSecurity to keep their data safe on the internet. NordLayer, designed to provide access control in line with zero trust principles, helps businesses to secure remote access to their corporate network. As well as offering remote access security, NordLayer offers each of its customers the services of a dedicated account manager to help them get the most out of their solution.

NordLayer secures remote devices in just one click, securing all data traffic with AES 256-bit encryption as soon as the user clicks on a gateway. Users can also enable the auto-connect feature for a constant and immediate network connection. The app’s Kill Switch feature, when enabled, automatically cuts off all internet traffic from the device if the connection to the server breaks at all, ensuring that no bad actors can access user data. Admins can manage user accounts, permissions and gateways from a single centralized dashboard, with optional help from a designated account manager. Users connect to the VPN with their existing business credentials, but NordLayer also supports third-party multi-factor and biometric authentication with Azure AD, Google Workspace, Okta and OneLogin, as well as single sign-on to ensure maximum security without creating friction within the user’s login experience.

Additionally, NordLayer offers a device posture security feature, which observes every device linked to your network, granting administrators the capability to set policies and alerts and ensures non-compliant devices are barred from access. The platform also offers a cloud firewall which integrates stateful network traffic analysis, packet inspection, intrusion deterrence, and threat intelligence.

As well as their VPN security, NordLayer’s solution offers support via live chat and email, and the support team promise to respond to all enquiries within three hours. Because NordLayer is a cloud-based solution, it’s easily scalable and can provide protection within a few hours of purchase. The solution is available via four plans—Lite, Core, Premium and Custom—making it a strong solution for organizations of any size looking for user-friendly security and a quick set-up.

Discover NordLayer Sign Up

Request A Demo

Cisco AnyConnect

Cisco is a market leader in enabling and securing remote ways of working. Their products range from digital conferencing tools to internet access security, always ensuring that organizations’ communications are protected. AnyConnect is Cisco’s policy-driven VPN tool, designed to secure remote workers’ network access across wired, wireless and VPN connections. The solution provides secure access to the network from any device, at any time, from any location and offers complete visibility as to who is accessing an organization’s network through a single management agent.

AnyConnect uses the IKEv2 and SSL protocols to support a highly secure internet connection. All users are authenticated using multi-factor authentication (MFA) before connecting, to ensure only those with permission are granted access. The use of MFA means that hackers can’t tap into the connection, even if they know the user’s password. All data traffic is encrypted so that if the connection is intercepted, the data traffic will be unreadable. With AnyConnect Secure Mobility Client, organizations can also protect Android and iOS devices, which provides complete protection until the device is turned off. Admins are granted complete visibility across the extended enterprise, including mobile devices, as to who is accessing the network and from which device. If support is required, Cisco offers a 24/7 tech support for application managers.

AnyConnect delivers software updates automatically to make sure that users always receive the most efficient and effective protection possible. It integrates well with other Cisco solutions, so organizations can use it as a stand-alone product or as a part of a wider security stack. For this reason, we recommend Cisco AnyConnect as a strong, scalable VPN solution for all large enterprises, but particularly those with an interest in investing in other Cisco products.

Citrix Gateway (formerly NetScaler)

Citrix provides cybersecurity services focused around enabling remote employees to work as productively as were they in the office. Serving over 100m users across the globe, including 98% of the Fortune 500, their solutions include virtual desktops, endpoint management and behavior and performance analytics. Citrix Gateway, formerly NetScaler, is Citrix’s VPN service that secures web, cloud and mobile applications, across all devices.

Citrix Gateway provides organizations with a single access point through which they can access the internet, apps and other business resources, no matter where their users are located. All connections from remote devices are made through Citrix, which means that organizations don’t have to worry about what devices employees are using to gain access – Citrix only allows safe, authenticated devices to connect. Citrix Gateway provides two-factor authentication, where users are required to sign in using a password ad secure token, so that hackers can’t gain access to the network even if they crack a user’s password. This secure authentication process allows Gateway to provide consistent single sign-on access for all applications. As users are verified before they can connect to the gateway, they don’t need to re-enter credentials once connected to the VPN. The solution also offers role-based access, so that individuals can only access the network levels that they require to be able to do their work.

Citrix Gateway allows users to connect with their work desktops from anywhere, including on mobile devices. Customers have praised the solution for its fast connections, which make it suitable for organizations working with active client relationships. This also makes it a great solution for enterprises with employees around the world connecting across different time zones, when it might not be possible to get into the office.

Fortinet FortiClient

Fortinet is a market leader in securing remote enterprise networks. Their intelligent solutions provide security to more than 450,000 customers worldwide. Fortinet’s FortiClient is their integrated endpoint protection platform. It offers automated threat protection and vulnerability management, as well as complete visibility through a central management console.

FortiClient uses SSL and IPSec VPN to provide users with secure access to their organization’s network from any remote location. This lightweight solution is easy to integrate and deploy, and offers real-time central management through the Enterprise Management Server (EMS). This allows admins to configure VPN settings, monitor the attack surface, manage vulnerabilities, enforce compliance and track changes from one location. Admins can also use the platform to set up remote deployment for new starters.

Users connect to the VPN through a secure two-factor authentication process. Once verified, the client minimizes so as to cause as little disruption to the user as possible whilst still providing a secure connection. As well as the VPN security, FortiClient protects Microsoft Office applications and PDF readers against exploits. It also detects operating system and third-party application vulnerabilities in real time. Admins can configure and manage their vulnerability patches through the central management console.

FortiClient integrates seamlessly with Fortinet’s other security solutions, particularly FortiSandbox and FortiGuard, which both use behavior-based analysis and crowdsourced intelligence to detect and remediate known and unknown malware threats. Though it also works well as a stand-alone product, this makes FortiClient a particularly good solution for enterprises looking to invest in a VPN as part of a wider security stack.

Google Cloud VPN

Google produces a number of cloud security products under their Google Cloud brand to help keep organizations’ critical assets secure and their processes compliant. Their solutions are designed to cover all aspects of security, from the overall network architecture down to the granular protection of users and endpoints. Cloud VPN is Google’s VPN service, offering a fast, secure connection between remote users and their organization’s wider network.

Google offers two types of Cloud VPN: HA (high availability) VPN and Classic VPN. Both of these connect a user to their network through an IPsec connection. Google’s Cloud VPNs encrypt traffic at one end, then decrypt it when it reaches its destination. This means that all information sent is kept secure and private, so that not even the service provider can read the user’s data. The HA VPN offers a service-level agreement (SLA) of 99.99% service availability; the Classic VPN offers an SLA of 99.9%. Customers praise the Cloud VPNs user-friendly interface, though it’s important to note that the HA VPN runs across two separate interfaces. Both VPNs use external IP addresses to protect the user’s identity and location when browsing. The HA VPN chooses IP addresses from a pool, but an admin must create external IPs if running the Classic VPN.

Google regularly performs automatic maintenance on their Cloud VPN services, ensuring that users always receive the highest possible level of protection. Both solutions are easy to set up, and Google provides in-depth support so that even those with little technical expertise can configure networking policies with ease. This is a strong solution for organizations looking for a secure VPN that’s simple to configure and easy to manage post-deployment.

Palo Alto Networks GlobalProtect

Palo Alto Networks is a global leader in cybersecurity offerings at enterprise level. They specialize in their use of AI, analytics and automation and orchestration across their solutions. GlobalProtect is Palo Alto Networks’ VPN solution, which delivers the capabilities of their Security Operating Platform to remote workers and mobile devices. It provides excellent protection for network connections, as well as in-depth visibility into who is accessing an organization’s network.

GlobalProtect establishes a secure SSL or IPsec VPN connection between users and the network and the solution’s next-generation firewall. The connection itself supports heavy traffic by distributing requests across multiple network portals and gateways. It offers authoritative user and device identification and multi-factor authentication. GlobalProtect’s advanced firewall capabilities allow admins insight as to who is using the solution to connect to their network and applications, as well as what devices they’re gaining access on. They can also create security policies that restrict or allow access based on business need. These policies extend to all users, regardless of their location, in order to allow all users secure access and remove any remote access blindspots. GlobalProtect integrates seamlessly with Palo Alto’s Next-Generation Firewall, which means that it is also able to secure devices against a number of targeted cyberattacks, evasive application traffic and malicious websites.

Because GlobalProtect is available as an app, organizations can also use it to secure mobile devices such as Android and iOS systems. This makes it particularly useful for working across different timezones and organizations whose employees require flexible hours and regularly access the network out of hours, for example to maintain contact with clients and partners. Customers praise this solution for its ease of deployment and configuration, even amongst non-technical users. Palo Alto Networks’ GlobalProtect is a strong solution for organizations looking for extensive security across remote devices, and particularly mobile devices, that they can set up quickly.

Perimeter 81

Perimeter 81 is a leading network security vendor that specializes in scalable, cloud-based solutions for the modern hybrid workforce. The Perimeter 81 platform combines an award-winning Zero Trust Network Access (ZTNA) solution, a Secure Service Edge (SSE) platform, a Firewall as a Service (FWaaS), and a Secure Web Gateway (SWG), to enable organizations to protect their cloud environments, whether on-premises or remote.

Perimeter 81’s simplistic platform encrypts all traffic to protect sensitive corporate data from unauthorized access that can lead to a breach. It supports IPSec, OpenVPN and WireGuard protocols, to ensure that all cloud environments are protected effectively. The platform uses a Zero Trust approach to restrict network access, including access to web applications and cloud environments. Admins can configure access permissions based on role and device, so they have total visibility of who is accessing the network from a unified management portal. Admins can also access activity audits and reports to monitor login, gateway deployments, and app connections. Perimeter 81’s zero-trust solution also features two-factor authentication (2FA) for an added layer of protection against identity-based attacks, as well as DNS filtering capabilities, which allow admins to block users from accessing specific sites through a web browser.

Perimeter 81’s holistic and user-centric platform is cloud-based, which means that organizations can scale their entire infrastructure without the use of any external hardware. Perimeter 81 is fully compatible with Windows, Mac, iOS and Android, as well as Linux and Chromebook, to ensure that network access is always secure and simple, no matter which device is being used. We recommend Perimeter 81 as a strong, modern VPN alternative for organizations looking to secure remote access to their corporate network, without the hardware or complexity of deploying a traditional VPN.

Zscaler Private Access

ZScaler is a market-leading vendor in cloud-based web security that scales to grow with the client’s organization. ZScaler Private Access (ZPA) is their zero-trust cloud-based solution that provides a seamless, secure connection between remote devices and private applications running on the public cloud or within a data center. It ensures that applications are never exposed to the internet, so that they’re completely inaccessible to unauthorized users. ZPA supports both managed and unmanaged devices, and secures the connection to any private application, not just web apps.

ZScaler Private Access is built on a zero-trust network access (ZTNA) foundation, which means that apps are connected to outbound to authorized users, rather than the network being extended as with some traditional VPNs. This means that IP addresses are always hidden and DDoS is impossible. Once authorized, users can access specific private apps without having to access the overall network, which reduces the risk of the lateral spread of ransomware. From the ZPA management portal admins have granular control over creating and defining policy names, selecting the applications that each policy is associated with, and configuring permissions for users and user groups down to individual application and user level. Additionally, ZPA uses the same ZScaler Client Connector app as their internet access solution, ZIA, to ensure that browser access is available for web apps.

ZPA’s solution takes a user- and application-centric approach to access security. The segmented connections between applications and user devices makes this solution particularly good at reducing lateral movement. Because it’s cloud-based, ZPA is quick to deploy and extremely scalable, so organizations don’t have to worry about using external hardware to upgrade their protection as they grow. We recommend ZScaler Private Access as a strong secure access solution for enterprises looking for seamless remote access for their employees that scales easily and helps to reduce the threat of ransomware attacks.

Enterprise VPNs: Everything You Need To Know (FAQs)

What Is A VPN?

A VPN (Virtual Private Network) is a cybersecurity tool used to create a protected, secure network, within a public network. This is achieved through masking your IP address (the unique number that identifies the device that you are using). VPNs are of value to a business that needs to handle sensitive data and manage staff access from multiple locations.

Your devices are most vulnerable to attack when you log-in to an unsecured public Wi-Fi network. Hackers can position themselves between your device, and the ISP (Internet Service Provider), which allows them to see all the information you are requesting, and the sites you are visiting. Not only can hackers see what you are doing, they can plant malicious software onto your system to monitor your activity, and even steal data. This is known as a man-in-the-middle attack.

Although these threats are serious, they are relatively easy to combat. By using a VPN server, your data is sent through an encrypted tunnel, making it impossible for hackers, governments, or anyone else, to access that data. This means you can ensure all sensitive company information is kept private.

How Does A VPN Work?

A VPN is much like a tunnel that takes information to your device without being identified. This secure tunnel prevents external parties from reading what data is passing through the tunnel, meaning that your activity is kept private.

When you use a VPN, your ISP will be unable to identify who is accessing the data, as your IP address has been re-routed through multiple different VPN servers. This is significant because it means that the ISP (companies like AT&T and Comcast) is unable to view your activity. VPNs can mitigate the risk of man-in-the-middle attacks by preventing anyone accessing your data as it passes from the ISP to your device. Not only does this keep your data safe, but it also prevents hackers from disguising harmful software and planting malware onto your device.

As well as making it harder for your data to be identified, VPNs use high level encryption to ensure that even if the data is accessed, it will be unintelligible to anyone without the means to decrypt it. The highest standard of encryption currently used by providers is AES 256-bit encryption (Advanced Encryption Standard). This level of encryption is the gold standard as there are 2^256 possible combinations. Hackers would have to successfully work out a number 78 digits long, to hack into your server. It is simply not feasible for a computer to go through all these combinations as it would take billions of years to find the right sequence. On top of this, AES 256-bit encryption uses 14 rounds of encryption, making it the most secure type of AES encryption.

What Are The Benefits Of Using A VPN?

Allows you to access content without being identified. This is particularly useful for secure sectors, or journalists who may be at risk if their identity, or sources, were revealed.
Disguises your location. As VPNs mask where your real location is, you can gain access to content that is geographically restricted.
Prevents malicious actors from imbedding malware into your internet traffic – this is particularly useful if you need to log into public Wi-Fi networks

What Should You Be Aware Of When Using A VPN?

Your connection might be slightly slower than if you weren’t using a VPN
You should check that your VPN has a no-logs policy, otherwise it could catalogue your “anonymous” activities
Some countries have banned VPNs
Free VPNs can be insecure, or overwhelm you with adverts

Why Does Your Business Need A VPN?

Remote Working

VPNs allow users to access a secure server from a range of locations. In a business context, this is useful as it can facilitate home, hybrid, or multi-location working. Despite not being in the same physical location as their main server, users can connect to their accounts and access sensitive data, without opening any security vulnerabilities to the organization.

This allows employees to continue working whilst away from the head office, thereby increasing productivity and flexibility. It is still easy for admins to manage which users have access to the secure data, as users can access important data that is stored in the cloud, rather than needing to store it locally, via a VPN. This means that you can enforce login policies to ensure that compromised devices do not have access to sensitive data. Before a user can access company data, the device they are using will have to be authorized, or they will have to login to the network.

Data And Device Security

By creating an end-to-end encrypted tunnel between device and server, any content accessed through a VPN is private and virtually impossible to access by anyone without the correct decryption key. The highest level of encryption offered by enterprise VPNs is AES –256-bit (Advanced Encryption Standard). It would take a computer thousands of years to break this encryption as hackers would have to successfully work out a number 78 digits long to decrypt your information.

Not only does this secure tunnel protect your data from being accessed, but it also prevents a malicious actor hiding malware within your data and planting it on your devices. Users can be added or removed by admin accounts, thereby controlling who has access to your network, almost like controlling access to a physical building.

Admin can receive instant notifications regarding anomalies – if an account’s bandwidth consumption increases, it might suggest an account has been jeopardized. If a “bot” has been installed on a computer, its usage will outstrip a user’s expectations. Remediation action can be taken swiftly to ensure your accounts are safe.

Costs

Without a site-to-site VPN, organizations would have to create an expensive, physical network connection between their headquarters and other offices. Not only would there be an initial infrastructure cost, but an IT team would need to manage the hardware, troubleshoot, and continually upgrade the system to ensure that it is up to date and secure from cyberattacks.

By using a site-to-site VPN, some of these costs can be avoided. A site-to-site VPN will be managed by a provider, thereby reducing your workload, and keeping costs down through not requiring a dedicated IT team with VPN expertise.

If you use a remote access VPN, there will be the contract cost of using a client VPN and NAS, however the flexibility offered by a VPN will allow employees to work productively from other locations, thereby potentially cutting transport costs or office overheads.

The alternative would be to not use a VPN, thereby leaving your sensitive files unprotected while in transit. This could result in very serious penalties for your organization if sensitive data was lost, or your intellectual property undermined.

What Key Features Should You Look For In A VPN App?

1. Up-To-Date Mobile App

There are two parts to this: firstly, the VPN service needs to offer mobile support, not just client software for PCs, so that it can protect your entire device fleet. Secondly, it’s important that the provider keeps their app up-to-date with any operating system updates, so that you can be sure it’ll perform efficiently and effectively regardless of when you installed it.

If a VPN provider doesn’t openly advertise on their website how often they update their app, you can easily check on the app store when it was last updated.

2. Integrated Kill Switch

No cybersecurity solution is 100% secure, which is why we always recommend that you use implement multiple layers of protection across your systems. Even the best VPN apps are no exception to this – if a VPN service is overloaded, this can cause an IP leak, which causes the VPN connection to fail and exposes the user’s true IP address when they’re online.

A VPN kill switch cuts off a device’s network access if this happens, stopping the transfer of any unencrypted data and preventing the user’s IP address from being leaked.

3. Clear Data Logging Policy

Let’s get one thing straight: all VPNs log some user data in order to be able to limit the number of devices connecting to the server and provide customer support. So the important thing here is not whether the VPN provider is logging your data, but what data they’re logging. Usually, this just includes IP addresses and session times. However, some (usually free) VPN services also log the software the user uses, the websites they visit, and even the files they download.

When you’re trying to find the best VPN app for your business, make sure that you read their data logging policy to find out exactly what information it’ll store, and to ensure that they’re being transparent about it—you don’t really want to invest in a solution that’s knowingly trying to deceive you.

4. Multiple Server Locations

When a VPN connects a user’s device to the VPN server, the user’s device adopts the IP address of that web server, which can make it seem as though the user is in a different geographic location to where they actually are. It’s important that your VPN app has servers in all of the locations where your organization stores data that employees need to access, and where your employees will be accessing data from. This will help to keep the connection at an efficient speed. On top of that, the more servers the VPN service has, the less likely they are to become overloaded and slow down the connection.

5. Support For Multiple Protocols

A VPN protocol is a set of rules that establish the connection between the VPN client (the software installed on the user’s device) and the VPN server. There are a lot of different VPN protocols out there, but the most common among them are OpenVPN, PPTP, IPSec, SSTP, SSL and SSH. Each of these has its own pros and cons, usually in terms of their level of security and the speed with which they can connect a user to the internet.

Most VPN apps give you a selection of protocols to choose from, and it’s important that you find the one that best meets your organization’s needs. OpenVPN, for example, runs on open source software and is one of the most secure protocols currently in use; since it isn’t owned by any one company, programming experts all around the world can freely test, improve and verify it.

6. Centralized Management

When it comes to rolling out a VPN app across your organization, it’s really important that the solution you choose features a centralized management console from which you can manage user accounts and control access permissions. The best VPN apps even include role-based access or “gateway” management, which means that users can only access the parts of the network that they need to be able to do their job.

From the console, IT admins should be able to set up and remove accounts, as well as see which devices employees are using to access the VPN.

Finally, some VPN apps include IP whitelisting capabilities, which allow admins to whitelist their organization’s IP addresses exclusively to make sure that only users with verified IPs can access corporate resources. This means that the organization has more granular control over who can access the network, and from which devices.

What Are The Two Types Of VPN?

There are two main types of VPN setup: remote access VPNs, and site-to-site VPNs.

Remote Access VPN

A remote access VPN enables a user to connect to a private network remotely. This is achieved by creating an encrypted connection directly between the user’s device and the data center they’re accessing. Remote access VPNs don’t create a permanent connection—the connection is only active when the user establishes it via a VPN client installed on their device. This means the user can access all the resources on that network whenever they need to, without having to travel to the network location to connect to it.

Because of this, remote access VPNs are popular amongst home users, but also businesses that want to enable remote or hybrid employees to connect to the corporate network securely, from anywhere. They can also be used to bypass geographical restrictions on internet access, making them useful for employees that are travelling and need to be able to access sites that might be restricted in their destination country.

However, remote access VPNs can cause users to experience high levels of latency in their connection, particularly when their company is storing data in Software-as-a-Service (SaaS) or cloud applications. Data in these apps is usually stored off-site, which means that the connection must be routed from the user’s device to the central VPN hub, then to the data center, and back. So, a remote access VPN is best used for accessing data that is stored on company premises.

Site-To-Site / Router-To-Router VPN

A site-to-site VPN, also known as a router-to-router VPN, creates a connection between two physical sites. The connection is established between routers; one router acts as the VPN client, and the other acts as the VPN server. When the connection between the two routers is authenticated, a permanent, secure VPN tunnel is established, creating one unified network between the separate locations.

Site-to-site VPNs are commonly used among large enterprises to connect the networks of two or more separate office locations. If a business is connecting several of its own offices via a site-to-site VPN, they use an intranet-based VPN. If a business is using a site-to-site VPN to connect to the office of another business—such as one of their suppliers—they use an extranet-based VPN.

A site-to-site VPN is an excellent way of creating a single intranet across multiple sites so that all company devices can connect to the same network as though they were there locally. This enables users across multiple offices to access shared resources. However, this type of VPN can’t be used to enable users to connect to the corporate network from home, as admins cannot inherently trust the security of their users’ home networks.

The Most Common VPN Protocols

Once you’ve decided what type of VPN setup you need—remote access or site-to-site—you need to choose what tunnelling protocol your VPN should use.

A VPN protocol determines how data travels through an established connection. Different protocols offer different features designed to meet specific use cases: some prioritize speed; others, security. Some VPN services offer a single protocol, while others offer organizations the option to choose which protocol they would like to use, based on their business needs. It’s also possible to use two protocols at once; one to transfer data, and one to secure it.

When choosing a protocol (or protocols), you need to consider how much traffic you’re expecting to route through the VPN, what data you want to make available via the VPN, and to which users. You also need to think about your risk profile, i.e., how likely it is that an unauthorized party will try to access your company’s data, and how important it is that the VPN secure your users’ connections via encryption and other methods. Having this information to hand will make it much easier to choose the right protocol for your business.

– Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec) is a VPN protocol used to secure data across an internet protocol (IP) network. To do this, IPSec enforces session authentication and data encryption. The protocol runs in two modes: transport mode and tunnelling mode. The transport mode encrypts the data message itself, then the tunnelling mode encrypts the whole data packet.

IPSec is a popular choice for site-to-site VPN setups, and can be used in conjunction with other VPN protocols for enhanced security.

– Layer2 Tunnelling Protocol (L2TP)

Layer 2 Tunnelling Protocol (L2TP) is an VPN protocol that creates a secure tunnel between two connection points. L2TP offers high speed connections, but doesn’t offer any encryption out-of-the-box, so it’s often used alongside other protocols, such as IPSec, to establish a more secure connection.

Like IPSec, L2TP is a popular for site-to-site setups and, once combined with another protocol for security, it offers a fast, highly secure connection.

– Point-To-Point Tunnelling Protocol (PPTP)

Point-to-point tunnelling protocol (PPTP) is a VPN protocol that creates a tunnel with a PPTP cipher, encrypting data that travels within that tunnel.

PPTP is one of the oldest VPN protocols, and one of the most widely used. It was developed by Microsoft in the 90s and integrated into Windows 95 and was designed specifically for creating and securing dial-up connections. It has since expanded to be compatible with MacOS and Linux devices. However, since PPTP’s creation, technology has become more advanced—with the right computer, it wouldn’t take long to crack a PPTP cipher using brute force. This makes PPTP one of the least secure VPN protocols.

However, what it lacks in security, PPTP makes up for in speed, making it popular amongst users that need quick access without strong encryption.

– TLS And SSL

Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are the same standard that encrypt HTTPS web pages—secure sites that have “https” at the start of the URL. They create a VPN connection where the web browser acts as the client, and user access is restricted to certain applications—rather than a whole network. Because most web browsers come with TLS and SSL integrated already, establishing TLS of SSL connections requires very little action from the end user, and doesn’t require any additional software to be installed.

TLS and SSL are often used within remote access VPN setups.

– OpenVPN

OpenVPN is an open-source VPN protocol based on TLS and SSL, but with added encryption layers for heightened security. It comes in two versions: User Datagram Protocol (UDP), which carries out fewer data checks, so is faster; and Transmission Control Protocol (TCP), which carries out more checks to protect the integrity of the data being sent, so is slower.

Because it’s an open-source technology, developers can access the underlying code of the OpenVPN protocol. This means it’s regularly checked for vulnerabilities. On top of that, OpenVPN uses AES 256-bit encryption—one of the most secure encryption methods—with 2048-bit RSA authentication and a 160-bit SHA-1 hash algorithm. This makes it one of the most secure VPN protocols, though these high levels of security can sometimes cause latency in the connection.

OpenVPN is highly secure and generally quite efficient, making it a popular type of VPN protocol for both remote access and site-to-site setups.

– Secure Shell (SSH)

Secure Shell (SSH) is a VPN protocol that creates an encrypted tunnel through which data can be transferred from a local port onto a remote server. Because the data itself isn’t encrypted, SSH isn’t the most secure VPN protocol, but it does offer very fast connections.

SSH is most often used within remote access setups, enabling users to access their workplace desktops via mobile devices off-site.

– Internet Key Exchange v2 (IKEv2)

Developed by Microsoft and Cisco, Internet Key Exchange version 2 (IKEv2) is a VPN protocol that sets up a security association (SA) to negotiate the exchange of security keys used by the VPN client and server. Once it authenticates the SA, IKEv2 establishes a private tunnel for data transfer.

IKEv2 is one of the quickest VPN protocols and is particularly strong at re-establishing a connection after a temporary outage, and switching connections across different network types (e.g., from cellular to Wi-Fi). However, like L2TP, it doesn’t offer out-of-the-box encryption, so is often used in conjunction with IPSec for added security.

Because of its support for mobile connections and a wide range of operating systems—including Windows, MacOS, Linux, Android, iOS, and routers—IKEv2 is commonly used within remote access VPN setups.

Caitlin Jones

Deputy Head Of Content

Caitlin Jones is Deputy Head of Content at Expert Insights. Caitlin is an experienced writer and journalist, with years of experience producing award-winning technical training materials and journalistic content. Caitlin holds a First Class BA in English Literature and German, and provides our content team with strategic editorial guidance as well as carrying out detailed research to create articles that are accurate, engaging and relevant. Caitlin co-hosts the Expert Insights Podcast, where she interviews world-leading B2B tech experts.

Laura Iannini

Information Security Engineer

Laura Iannini is an Information Security Engineer. She holds a Bachelor’s degree in Cybersecurity from the University of West Florida. Laura has experience with a variety of cybersecurity platforms and leads technical reviews of leading solutions. She conducts thorough product tests to ensure that Expert Insights’ reviews are definitive and insightful.