Point-to-site VPN: What is it, and how does it work?

What is a point-to-site (P2S) VPN?

A point-to-site (P2S) VPN is a technology that creates a secure, encrypted link between a single device and an organization’s network. Standard VPNs connect entire networks, but P2S VPNs prioritize single-device connections, making them a top choice for remote workers or those needing to access company resources from their devices. Point-to-site VPNs offer a targeted solution for employees to securely connect from anywhere in the world while maintaining network safety or the security of an organization’s assets. 

How does a point-to-site VPN work?

A P2S VPN creates a secure tunnel between an individual client device (like a laptop) and an organization’s virtual network. The process typically involves the following steps:

1. 1.VPN setup. An IT team configures a VPN gateway within your organization’s virtual network to approve incoming connection requests. 
2. 2.Client configuration. The client device is configured with the required VPN software and authentication credentials. 
3. 3.Connection initiation. The person trying to access an organization's network starts the connection from their device to the VPN gateway. 
4. 4.Authentication. The user types their credentials, which may include a certificate or username and password, which is verified by the gateway. 
5. 5.Tunnel establishment. After authentication is verified, the P2S VPN creates an encrypted tunnel between the device and the network. 
6. 6.Network access. The user can access the organization's assets and resources as if they were directly connected to their servers or devices.  

What protocols does a point-to-site VPN use? 

Point-to-site VPNs usually use one of three protocols, which include SSTP, OpenVPN, and IKEv2. However, the specific protocols available may vary by provider because some may offer different or additional options.

Secure Socket Tunneling Protocol (SSTP) 

SSTP uses the TLS (Transport Layer Security) VPN protocol to establish a secure, encrypted connection between a client and a server. It is natively supported on Windows devices, making it easy to set up in those environments. While SSTP can also be used on Linux and macOS through third-party tools, the configuration process is more complex and less commonly implemented on those platforms.

OpenVPN 

OpenVPN uses SSL/TLS for encryption, but it's not strictly an SSL/TLS-based protocol like SSTP. This protocol can pass through firewalls because it uses TLS, which typically runs over TCP port 443. Most firewalls allow outbound traffic on this port, making it easier for the VPN connection to get through. OpenVPN is compatible and able to connect to Android and iOS (version 11.0 and above), Linux, Windows, and Mac devices (macOS versions 10.13 and above). 

IKEv2 VPN 

IKEv2 VPN uses a standards-based protocol used within IPsec VPNs. IKEv2 VPN is compatible with Mac devices (macOS versions 10.11 and above). 

Benefits of point-to-site VPN 

Those accessing networks off-site receive many benefits from point-to-site VPN solutions. These may include but are not limited to: 

• Secure remote access. If an organization has employees or people who need to log in remotely, a P2S VPN allows for safe access to company resources. This type of VPN works well for those using a single computer to access specific internal infrastructure. 
• Easy setup. Organizations with fewer employees benefit from point-to-site VPNs because they are easier and faster to set up than site-to-site VPNs. Logging in to the P2S VPN should be very straightforward because the user should be authenticated through the login process. The user will only need their login credentials, such as a Microsoft ID and password, when using Azure. 
• Cloud compatibility. Point-to-site VPNs offer cloud compatibility and work with Microsoft Azure and Amazon Web Services. 
• No hardware requirement. When accessing a P2S VPN, users don’t require hardware to “log in” to the network virtually. Instead, they can connect virtually while still maintaining privacy and security. 
• Flexibility. P2S VPNs provide flexible security solutions that people can use to access cloud-based services or on-premises data centers, which can vary depending on the setup/configuration. 

Considerations before adopting a point-to-site VPN

While point-to-site VPNs may offer privacy and security solutions for many organizations, other solutions may offer better results in some scenarios.

• Better for small teams. Due to their restrictions, P2S VPNs aren’t a good solution for businesses with larger teams or more than a few employees. For businesses that require access for more than a few individuals, site-to-site VPN solutions are a better option. 
• Experienced IT support. You’ll need an experienced person or staff member who can configure the P2S VPN set. Those logging in to the VPN will need to configure the P2S gateway for certificate authentication, and higher-level certificate authentications will need to be in place. 
• Scalability limitations. Organizations that intend to grow may struggle to manage individual P2S connections. Before selecting a P2S VPN, consider long-term projections for your organization.