VPNs

VPNs (Virtual Private Networks) create encrypted tunnels over public networks, enabling secure remote access and site-to-site connectivity.

Use Cases

Remote access - Securely connect to office/home network
Site-to-site - Connect multiple office locations
Privacy - Mask traffic from ISPs
Bypass geo-restrictions - Access region-locked content
Secure public WiFi - Encrypt traffic on untrusted networks

VPN Protocols Comparison

Protocol	Security	Speed	Ease of Setup	Best For
WireGuard	Excellent	Excellent	Easy	Modern deployments
OpenVPN	Excellent	Good	Moderate	Compatibility, enterprise
IPsec/IKEv2	Excellent	Good	Complex	Mobile, site-to-site
L2TP/IPsec	Good	Moderate	Moderate	Legacy compatibility
PPTP	Poor	Good	Easy	Avoid (broken crypto)

WireGuard

Modern, fast, and simple VPN protocol. Recommended for most use cases.

Why WireGuard?

~4,000 lines of code (vs ~100,000 for OpenVPN)
Built into Linux kernel (5.6+)
Faster connection establishment
Better performance (uses modern cryptography)
Simpler configuration

OpenVPN

Mature, widely supported, highly configurable.

Key Differences from WireGuard

Aspect	OpenVPN	WireGuard
Config complexity	High	Low
Certificate management	Required	Keys only
Dynamic IPs	Easier	Requires extra config
Protocol	TCP or UDP	UDP only
Firewall traversal	Better (TCP 443)	UDP only

IPsec / IKEv2

Strong security, native support in most operating systems.

Split Tunnelling

Route only specific traffic through VPN, not all traffic.

Self-Hosted VPN Solutions

Solution	Notes
PiVPN	Easy WireGuard/OpenVPN installer for Raspberry Pi
Algo VPN	Ansible scripts for IKEv2 VPN on cloud
Tailscale	WireGuard-based mesh VPN, zero config
Headscale	Self-hosted Tailscale control server
Netbird	WireGuard-based, self-hostable

Security Considerations

Key rotation - Periodically regenerate keys
Kill switch - Block traffic if VPN drops
DNS leaks - Ensure DNS queries go through VPN
IPv6 leaks - Disable IPv6 or route through VPN
Logging policy - For privacy, use providers with no-logs policy

References