VPN (Virtual Private Network)
An encrypted tunnel that securely connects two endpoints over a public network (the Internet)—protects remote employees, connects company locations, and hides network traffic from third parties.
A VPN (Virtual Private Network) is a cryptographically secured communication channel over an insecure network—typically the public internet. For employees working from home, in the field, or while traveling, a VPN is the foundation for secure access to the corporate network.
Types of VPNs and Use Cases
Remote Access VPN: Individual users connect securely to the corporate network from outside. Typical clients: Cisco AnyConnect, GlobalProtect (Palo Alto), FortiClient, OpenVPN client.
Use case: Remote workers accessing internal resources (ERP, file servers, intranets).
Site-to-Site VPN: Permanently connects two corporate networks via the Internet—transparent to users. A branch office communicates with headquarters as if they were on the same LAN.
SSL VPN / TLS VPN: Browser-based access via HTTPS—no client required. Often used for partners or devices that do not need full access. Lower overhead than IPsec, but limited scope.
WireGuard: Modern VPN protocol (2018) with a very small codebase (~4,000 lines). Faster than OpenVPN and IPsec, cryptographically modern (ChaCha20, Curve25519, BLAKE2s). Increasingly used for remote access VPNs (e.g., Mullvad, Tailscale).
VPN Protocols Compared
| Protocol | Layer | Security | Performance | Prevalence |
|---|---|---|---|---|
| IPsec/IKEv2 | Layer 3 | High (BSI-recommended) | High | Enterprise standard |
| OpenVPN | Layer 3/4 | High | Medium | Widely used |
| WireGuard | Layer 3 | Very high | Very high | Increasingly |
| SSTP | Layer 2 | Medium | Medium | Windows |
| L2TP/IPsec | Layer 2 | Medium | Medium | Obsolete |
| PPTP | Layer 2 | Insecure | High | Obsolete (do not use!) |
Security Risks with VPNs
Unpatched VPN Appliances: VPN gateways are one of the most common entry points for attackers. Known critical vulnerabilities 2020–2024:
- Fortinet FortiOS (CVE-2023-27997, CVSS 9.8): Pre-Auth RCE
- Cisco IOS XE (CVE-2023-20198, CVSS 10.0): Active Exploitation
- Pulse Secure / Ivanti (CVE-2024-21887, CVSS 9.1)
- Citrix Bleed (CVE-2023-4966): Session token theft
These vulnerabilities have been actively exploited by state-sponsored actors (APT groups) and ransomware gangs to gain initial access.
BSI Recommendation: VPN appliances must be patched as a priority—within 24 hours for critical vulnerabilities.
Lack of MFA: VPN access using only a username and password is insufficient. Compromised credentials (via phishing or credential stuffing) are then sufficient to gain network access. MFA is mandatory—preferably certificate-based or FIDO2.
Split-tunneling risks: Split-tunneling means: Only corporate traffic runs through the VPN; private traffic (Netflix, YouTube) goes directly to the internet. Advantage: less load on the VPN. Risk: Employee devices are directly exposed to the internet and can serve as a bridge into the corporate network.
Recommendation: Full-tunnel VPN for all corporate devices. Split tunneling only with consistent endpoint protection.
Weak PSKs (Pre-Shared Keys): Easily guessable PSKs can be cracked via offline brute force if IKE handshakes have been intercepted. Certificate-based authentication is better.
VPN vs. Zero Trust Network Access (ZTNA)
A traditional VPN grants access to the entire subnet—or at least to a large network segment—after authentication. This is the trust issue with VPNs: Once inside, many resources are accessible.
ZTNA (Zero Trust Network Access) is the more modern model:
- Access only to specific applications, not to the entire network
- Every access request is verified (user + device + context)
- No "lateral movement" after compromise
- Device health check before access
Solutions: Cloudflare Access, Zscaler Private Access, Microsoft Entra Private Access.
Recommendation: VPN remains useful for site-to-site connections. For remote access scenarios, ZTNA is preferable in new architectures.
Configuration Recommendations (BSI TR-02102-3)
Mandatory IKEv2 Parameters:
| Parameter | Value |
|---|---|
| Encryption | AES-256-GCM |
| Integrity | SHA-384 |
| DH Group | DH-20 (P-384) or better |
| Authentication | Certificates (RSA-3072+ or ECDSA-256) |
| PFS | Always enable |
Prohibited configurations: IKEv1 Aggressive Mode, PSK in large deployments, 3DES/DES (weak encryption), MD5/SHA-1 (weak hashes), DH group < 14 (1024-bit).
