VPN

Virtual Private Network

"A technology that connects distant networks as if they were on the same network"

Concept

VPN Tunnel (Internet): "Virtual LAN cable"
- Although it actually uses the public internet, it is encrypted so it cannot be seen from outside,
  and it operates like a logically separated private network.
"Relay"

Tunneling
Transmitting the original packet "inside another packet".

Original Packet
- Src: VPN IP
  - Virtual IP assignment for the VPN network
  - ⚠️ First check the routing table to assign the Src IP according to the sending interface.
- Dst: Target server
Transmitted to the virtual interface (WireGuard virtual interface) according to routing rules.
Encrypt the entire packet.
Add a new IP header
- Src: Home public IP
- Dst: VPN server public IP
  - The VPN module (WireGuard kernel module) knows this (reads from the configuration file).
UDP transmission
- Connection guaranteed because the original packet is TCP.
Transmitted to the physical interface (eth0) according to routing rules.
The VPN server decrypts the packet and extracts the original packet.
TCP transmission to the destination
- If the destination is an internal network registered in the VPN network: Transmit the original packet as is.
- If the destination is external: Change only the Src to the VPN server's public IP (NAT processing) and transmit.

Private IP Ranges

10/8

172.16/12: 172.16.0.0 ~ 172.31.255.255

192.168/16

VPN Protocol