Short definition
A VPN creates an encrypted tunnel between a device and a private network, allowing secure access to internal resources over a public connection.
Extended definition
A VPN extends a private network across an untrusted medium, typically the public internet, so that connected devices behave as if they are physically on the same local network. In infrastructure contexts, a VPN is the mechanism that allows engineers to reach internal servers, databases, and services from anywhere in the world without exposing those resources publicly. Business VPN solutions like NordLayer go further, providing team-level access control, device posture checks, and centralised management of who can reach which network segments.
Deep technical explanation
Tunneling protocols: Modern VPNs use WireGuard or OpenVPN as their underlying protocol. WireGuard is significantly faster and simpler, with a smaller attack surface. NordLayer uses WireGuard as its core tunneling protocol.
Split tunneling: Most business VPNs support split tunneling, routing only traffic destined for internal resources through the VPN, while public internet traffic goes directly. This reduces latency for general browsing while keeping internal access secure.
Network segmentation: Business VPNs allow organisations to define which users or groups can access which network segments. A developer might access staging but not production. An intern might access internal documentation but not infrastructure.
VPN vs bastion: These are complementary, not competing. A VPN gives you network-level access to a private subnet. A bastion gives you a controlled SSH entry point within that subnet. In a mature infrastructure setup, you need the VPN to reach the bastion, and the bastion to reach internal servers.
Zero trust vs VPN: Zero trust architectures challenge the assumption that anything inside the VPN perimeter is trustworthy. Rather than granting broad network access, zero trust verifies every request individually, regardless of network location. Many organisations run both a VPN for network access and zero-trust policies layered on top.
Practical examples
- An engineer in Frankfurt connects to NordLayer to reach servers hosted in a private AWS VPC in Singapore
- A fleet management tool runs on a VPS that stays permanently connected to the company VPN, allowing it to reach all internal servers
- A remote team member’s device is denied VPN access because it fails a posture check (outdated OS, no disk encryption)
Why it matters
A VPN is the first line of defence for any infrastructure that should not be publicly reachable. Without it, internal servers either need public IPs or complex per-service firewall rules. With it, the entire private network is accessible only to authenticated, authorised devices.