VPN Glossary

Your Cheat Sheet For All Terms Regarding VPNs

In the digital age, protecting our online privacy and security has become more important than ever before. As a result, VPNs (Virtual Private Networks) have skyrocketed in popularity. However, with the plethora of terms and concepts surrounding VPNs, it can be overwhelming to navigate and understand the ins and outs of this technology. But fear not, for this comprehensive glossary is here to break down the most essential terms and concepts for you, giving you a deeper understanding of how VPNs work and how they can benefit you.

VPN (Virtual Private Network)

A VPN is a technology that allows users to connect to a private network over the internet securely and privately.
Think of it as an invisible tunnel that connects your device to the private network, allowing you to access resources and data as if you were physically on-site.


Encryption is the process of converting plaintext into coded text, also known as "ciphertext."
This makes sure that the data sent over a VPN is safe and that only people with the decryption key can read it.
Consider your data locked in a safe that only the right key can open; encryption is similar, but in the digital world.


Tunnelling is the process of encapsulating one protocol within another, allowing data to be transmitted securely over a public network. This is like wrapping a present in several layers of wrapping paper, with each layer protecting the present inside. VPNs use tunnelling to transmit data securely over the internet.


A protocol is a set of rules and standards that govern the communication between devices on a network. Protocols like Point-to-Point Tunnelling Protocol (PPTP), Layer 2 Tunnelling Protocol (L2TP), and OpenVPN are often used for VPNs. These protocols are like different languages, and each one has its own set of rules, but all of them allow communication between devices.

Remote Access VPN

A remote access VPN allows users to connect to a private network from a remote location, allowing them to access network resources as if they were on-site. This is like having a key to a friend's house: even though you are miles away, you can access the house and use the resources inside.

Site-to-Site VPN

A site-to-site VPN links two or more private networks together so they can talk to each other safely over the internet.
This is like connecting multiple houses with a secret underground tunnel so the residents can visit each other's houses securely.

Kill Switch

A kill switch is a security feature that disconnects a device from the internet if the VPN connection drops. This keeps the device from sending unencrypted data by accident. A kill connection, or tunnelling, is a feature that allows users to choose which traffic is routed through the VPN and which is routed directly over the internet. is like a guard that monitors your connection, and if the connection is lost, the guard will close the door to your house, preventing any unwanted visitors from entering.

Split Tunneling

Split Tunneling is a feature that allows users to selectively choose which traffic is sent through the VPN and which is sent directly over the internet. This is like having a switch that controls which door in your house is open and which is closed, allowing you to choose which resources and data you want to access.


Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) are the two versions of the Internet Protocol (IP) used to identify devices on a network. IPv4 is the older version, while IPv6 is the newer version that allows for more IP addresses. Think of them like different versions of an address book: IPv4 is the older one with less space, while IPv6 is the newer one with more space to store more addresses.

DNS Leak

A DNS leak occurs when a device uses its default DNS server instead of the VPN's server, potentially leaking the user's DNS queries and location to the internet. This is like giving away your location to a stranger; a DNS leak can reveal your location and your online activities to anyone who is monitoring the internet.


A "handshake" is the process of establishing a secure connection between two devices using a VPN. It is like a secret handshake between friends; it proves that both devices are who they say they are and can communicate securely.


Authentication is the process of verifying the identity of a user or device before allowing access to a network. It is like showing a passport or ID card to a security guard to prove that you are who you say you are.


A certificate is a digital document that verifies the identity of a device or user. It has information about the device or user, like their name and public key. Think of it as a digital ID card that is used to prove the authenticity of the device or user.

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI) is a system that is used to manage and distribute digital certificates. It is like a department that issues ID cards to the employees of a company, the PKI issues digital certificates to devices and users.


Cybersecurity is the practice of protecting computers, servers, mobile devices, electronic systems, networks, and data from digital attacks, theft, and damage. It's like building a fortress around your house to protect yourself and your belongings from thieves and intruders.


A threat is a potential vulnerability or attack that could cause harm to a system or network. It's like a thief trying to break into your house, he's a threat to your security.


A weakness in a system or network that a threat could take advantage of. It's like an open window in your house; it's a weakness that a thief could exploit to enter your house.


Risk is the likelihood and potential impact of a threat exploiting a vulnerability. It's like the probability of a thief breaking into your house through an open window and the potential damage he could cause.


Malware is any software that is designed to harm a computer system or network. It's like a virus that can infect your computer and cause damage or steal your personal information.


Phishing is the act of pretending to be a trustworthy source to trick people into giving away personal information. It's like a thief pretending to be a delivery man to gain access to your house.

Denial of Service (DoS)

A Denial of Service (DoS) attack is an attempt to stop people from using a computer or network. It's like cutting the electricity and phone lines to a house, making it impossible for the residents to communicate or use the resources inside.

Distributed Denial of Service (DDoS)

A distributed denial of service (DDoS) attack is a type of DoS attack that uses multiple devices to flood a computer or network with traffic. It's like a group of thieves attacking a house from different directions at the same time, making it impossible for the residents to defend themselves.


A firewall is a security system that controls who can get on a network by watching incoming and outgoing network traffic and blocking it if it looks suspicious. It is like a gatekeeper that controls who can enter and leave a network; the firewall controls the traffic that enters and leaves the network.

Virtual Private LAN Service (VPLS)

A Virtual Private LAN Service (VPLS) is a type of VPN that connects multiple LANs over a public network. It is like connecting different rooms in a house with secret tunnels; VPLS connects different LANs over the internet.

Network Address Translation (NAT)

Network Address Translation (NAT) is a technique used to map one IP address to another. It is like having a fake ID card; NAT allows a device to use a different IP address than the one it was assigned.

Multi-Protocol Label Switching (MPLS)

Multi-Protocol Label Switching (MPLS) is a technique used to speed up the flow of data through a network. It is like putting labels on the packages that need to be delivered; MPLS labels the data packets with their destination address, allowing the network to quickly route them to the correct destination.

Two Factor Authentication (2FA)

Two Factor Authentication (2FA) is a security method that requires two forms of identification before allowing access to a system or network. It's like a security guard who checks your ID and fingerprints before allowing you to enter a building; 2FA requires two forms of identification to make sure that you are who you say you are.


Tor is free and open-source software that allows users to browse the internet anonymously. It's like wearing a disguise when you go out; Tor hides your identity when you are online.


A proxy is a server that sits between a device and the internet. It's like a middleman that routes your internet traffic through another server; a proxy can hide your IP address and location.


Logs are records of activity on a computer or network. It's like a diary that records everything that happens on your computer or network. Logs can be used to track and troubleshoot issues.

IP address

An IP address is a unique number label that is given to every device connected to a computer network that uses the Internet Protocol to communicate. Like a house address, an IP address is the unique address that identifies a device on a network. It's similar to how a web store requires your postal address in order to send you items.


HTTPS (Hypertext Transfer Protocol Secure) is a secure version of HTTP, the protocol used to transfer data on the internet. HTTPS encrypts the data that is sent between a website and a user's browser. This is like how a secure envelope protects the contents of a letter.


Cookies are small text files that are stored on a user's device by a website. They are used to remember information about the user, such as login credentials or preferences. It's like a small notebook where a website stores information about you, so when you visit the website again, it can remember your preferences.


The dark web is a part of the internet that search engines don't crawl and that you can only get to with special software like Tor. Like a secret underground city that can only be accessed through secret tunnels, the dark web is a part of the internet that is hidden from the public.

End-to-end Encryption

End-to-end Encryption is a way to make sure that only the sender and the person to whom the message is meant can read it. It's like a secret code that only you and the person you are sending the message to can read, end-to-end encryption ensures that only the intended recipient can read the data.

Internet Key Exchange (IKE)

Internet Key Exchange (IKE) is a protocol that is used to connect two devices in a safe way. It is like a secret code that two friends use to communicate securely. IKE establishes a secure connection between two devices.

Virtual Extensible LAN (VXLAN)

A Virtual Extensible LAN (VXLAN) is a technology that lets you create multiple virtual LANs over a single physical network. It is like creating multiple rooms in a house, with each room representing a different virtual world. VXLAN allows the creation of multiple virtual LANs over a single network.