VPN - Working Principal

 

A Virtual Private Network (VPN) connection from a laptop to a company’s VPN server involves several steps. Here’s a detailed explanation:

1. VPN Setup: The first step is to set up the VPN client on the laptop. This involves installing the VPN software provided by the company and configuring it with the necessary details such as the VPN server address, VPN type (e.g., PPTP, L2TP, OpenVPN), and authentication details. The exact setup process can vary depending on the specific VPN client used.
2. VPN Login: Once the VPN client is set up, the user can initiate a VPN connection. This typically involves opening the VPN client, selecting the appropriate VPN profile (if multiple profiles are configured), and entering their login credentials. These credentials are usually a username and password, but they could also include additional factors of authentication, such as a digital certificate or a one-time password (OTP).
3. VPN Connection: After the user has logged in, the VPN client establishes a secure connection to the company’s VPN server. This process involves several steps:
• Tunnel Creation: The VPN client and server negotiate a secure tunnel for the VPN connection. This involves agreeing on the encryption protocols and keys to be used for the connection.
• Authentication: The VPN client authenticates the VPN server, and vice versa, to ensure that both parties are who they claim to be. This is typically done using digital certificates.
• IP Address Assignment: Once the tunnel is established and both parties are authenticated, the VPN server assigns an IP address to the VPN client. This IP address is used for all communication within the VPN tunnel.
• Encryption and Decryption: All data sent over the VPN connection is encrypted by the VPN client before being sent through the tunnel. When the data reaches the VPN server, it is decrypted before being sent on to its final destination.
4. Data Transfer: With the VPN connection established, the user can now send and receive data over the internet as if they were directly connected to the company’s private network. All data sent over the VPN connection is encrypted, ensuring that it remains private and secure.

When an employee of a company uses a VPN to access an Azure Virtual Machine (VM), the traffic generally follows this path:

• The traffic originates from the employee’s laptop and is encrypted by the VPN client installed on the laptop.
• This encrypted traffic is then sent over the internet to the company’s VPN server.
• The VPN server decrypts the traffic and sends it to the Azure VM over the VPN connection between the company and the Azure region.

In terms of IP visibility, the Azure VM will see the IP address of the company’s VPN server, not the employee’s original IP address. This is because the VPN server acts as a gateway between the employee’s laptop and the Azure VM.

It’s important to note that this is a general explanation and the exact details can vary depending on the specific VPN technology and configuration used by your company. For instance, some VPN configurations might involve Network Address Translation (NAT), which could affect the visible IP address. Always refer to your specific VPN and network setup for accurate information.