In short, the VPN can be summarized by four things:

1. It's a server-client technology.
2. It's using tunneling.
3. The user on the client side usually needs user name and password.
4. VPN encrypts all data.

A VPN is a private network that uses a public network (Internet) to connect remote sites or users together. The VPN uses tunnel connections routed through the Internet from the business's private network to the remote site or employee. To actually create the VPN tunnel, the local machine needs to be running a VPN client. By using a VPN, businesses ensure security - anyone intercepting the encrypted data can't read it.

When we connect to a VPN, we launch a VPN client on our computer (or click a link on a special website), log in with our credentials, and our computer exchanges trusted keys with a remote server. Once both computers have verified each other's identity, all of our internet communication is encrypted and secured from eavesdropping.

The most important thing we need to know about a VPN: It secures our computer's internet connection to guarantee that all of the data we're sending and receiving is encrypted and safe from prying eyes. - from Why You Need A VPN (And How To Choose One)

Pictures from Cisco

The following article is from wiki.

The following steps illustrate the principles of a VPN client-server interaction in simple terms.

Assume a remote host with public IP address 1.2.3.4 wishes to connect to a server found inside a company network. The server has internal address 192.168.1.10 and is not reachable publicly. Before the client can reach this server, it needs to go through a VPN server / firewall device that has public IP address 5.6.7.8 and an internal address of 192.168.1.1. All data between the client and the server will need to be kept confidential, hence a secure VPN is used.

In the picture, the ip addresses have been added by me for better illustration of the wiki's description on the original picture from How VPN Works - Microsoft.

1. The VPN client connects to a VPN server via an external network interface.
2. The VPN server assigns an IP address to the VPN client from the VPN server's subnet. The client gets internal IP address 192.168.1.50, for example, and creates a virtual network interface through which it will send encrypted packets to the other tunnel endpoint (the device at the other end of the tunnel).(This interface also gets the address 192.168.1.50.)
3. When the VPN client wishes to communicate with the company server, it prepares a packet addressed to 192.168.1.10, encrypts it and encapsulates it in an outer VPN packet, say an IPSec packet. This packet is then sent to the VPN server at IP address 5.6.7.8 over the public Internet. The inner packet is encrypted so that even if someone intercepts the packet over the Internet, they cannot get any information from it. They can see that the remote host is communicating with a server/firewall, but none of the contents of the communication. The inner encrypted packet has source address 192.168.1.50 and destination address 192.168.1.10. The outer packet has source address 1.2.3.4 and destination address 5.6.7.8.
4. When the packet reaches the VPN server from the Internet, the VPN server decapsulates the inner packet, decrypts it, finds the destination address to be 192.168.1.10, and forwards it to the intended server at 192.168.1.10.
5. After some time, the VPN server receives a reply packet from 192.168.1.10, intended for 192.168.1.50. The VPN server consults its routing table, and sees this packet is intended for a remote host that must go through VPN.
6. The VPN server encrypts this reply packet, encapsulates it in a VPN packet and sends it out over the Internet. The inner encrypted packet has source address 192.168.1.10 and destination address 192.168.1.50. The outer VPN packet has source address 5.6.7.8 and destination address 1.2.3.4.
7. The remote host receives the packet. The VPN client decapsulates the inner packet, decrypts it, and passes it to the appropriate software at upper layers.

Overall, it is as if the remote computer and company server are on the same 192.168.1.0/24 network.




VPNs: What They Do, How They Work, and Why You're Dumb for Not Using One - Gizmodo, Mar 26, 2013.

For as ubiquitous as connectivity has become and how reliant we've grown on it, the Internet is still a digital jungle where hackers easily steal sensitive information from the ill-equipped and where the iron-fisted tactics of totalitarian regimes bent on controlling what their subjects can access are common. So instead of mucking around in public networks, just avoid them. Use a VPN instead.

Between Wi-Fi spoofing, Honeypot attacks, and Firesheep, public networks really are cesspools. But if you're working remotely and need to access sensitive data on your company's private servers, doing so from an unsecured public network like a coffee shop Wi-Fi hotspot could put that data, your company's business, and your job at stake.

VPNs, or Virtual Private Networks, allow users to securely access a private network and share data remotely through public networks. Much like a firewall protects your data on your computer, VPNs protect it online. And while a VPN is technically a WAN (Wide Area Network), the front end retains the same functionality, security, and appearance as it would on the private network.......

As a simple example, I'll show how to setup OpenVPN client on Windows.

1. Go to the VPN server: type in the url of the machine:
   
   
   
   


2. Click the link. Once MS Installer downloaded, open it to run. Then, follow the directions to install OpenVPN:
   
   
   
   
3. Then, go to the System Tray on Task Bar, locate the OpenVPN icon:
   
   
   
   
4. Click it and select "Connect..."
5. You have username and password, type them.