When you think of a VPN, you likely have the idea of a connection from a VPN client on your computer or phone to a remote VPN server. This type of VPN is called a “Remote Access VPN”. The Remote Access VPN is originally intended to allow a single device to gain secure remote access to a network. They are also popularly used to gain remote access to the Internet as a privacy and security measure.
There is another type of VPN though, called a “Site-to-Site VPN”. A Site-to-Site VPN uses the same technology, but instead of connecting a single end-user device to a remote network, it connects two or more networks together.
Typically, if a company has two or more offices in different buildings, cities, or countries, the computer networks for each office will be completely separate. A Site-to-Site VPN can be used to create a secure connection between these separate office networks. This allows them to be treated as if they were directly connected to each other and simplifies the sharing of resources.
A Site-to-Site VPN will be configured on the routers of the networks being connected. The routers then handle everything, from the encryption and decryption of data to transparently routing data across the VPN. As with any router connection, rules can be implemented to restrict what type of traffic can go across the VPN connection.
Site-to-Site VPNs have many advantages for businesses. Obviously, as discussed, they can provide a link between multiple sites allowing secure and simple communications. They also eliminate the need for end-user computers to configure and enable VPN clients individually, as the whole process is managed centrally. Furthermore, as data is only encrypted between the separate networks, network administrators can still reliably monitor and filter network traffic on their networks.
Site-to-Site VPNs don’t offer as much to the average home user, but there are still use cases for them. One of the downsides of Remote Access VPNs is that they require a software client or built-in support on the device to work. This makes it impossible to connect some devices, such as TV’s, that just don’t support VPNs. Site-to-Site VPNs, however, can provide VPN protection for your entire home network if configured on your router, including for TVs and other such devices that don’t support VPNs directly. Not all home routers include support for configuring a Site-to-Site VPN, although third party firmware is broadly available.
To sum it all up…
A Site-to-Site VPN is used to connect two networks together, providing VPN protection to all devices communicating over the link. They’re primarily used by businesses to connect office networks together, in a manner that is transparent to the end-user. Site-to-Site VPNs eliminate the need for end-users to use VPN clients, thus reducing configuration complexity and allowing devices that don’t support VPN clients to benefit.