What is a site-to-site VPN? How it works

What is a site-to-site VPN?

A site-to-site virtual private network (VPN) is a way to connect local area networks (LANs) in multiple locations across the public internet. It allows employees in different sites to securely share resources and information. This technology is often used by businesses or government agencies with multiple offices.

Site-to-site VPNs are essentially systems for creating secure wide area networks, or WANs. A WAN is any network of connected LANs, and most site-to-site VPNs are classed as WANs. Unlike other types of WAN, however, a site-to-site VPN connects multiple LANs with a secure VPN tunnel.

How does a site-to-site VPN work?

A site-to-site VPN works by connecting two or more LANs in multiple locations (two offices in two different cities, for example).

Imagine an office in City A, in which multiple employees are using a variety of devices: laptops, tablets, printers, and servers. The company has another office in City B, on the other side of the country, and wants devices in both sites to be able to communicate securely. They decide to set up a site-to-site VPN. What happens next?

The company sets up a VPN connection between gateways in both offices. In practical terms, these gateways will be internet routers set up to encrypt the data that passes through them. The gateway in the City A office is programmed to send data to the gateway in the City B office, and vice versa. When information is received at one of the gateways, it is decrypted and sent on to its intended recipient somewhere on the LAN.

Here is how this process looks in practice. An employee (let’s call them Joe) in the City A office wants to access information stored on a database in the City B office. Joe connects to the VPN gateway in City A and sends a request to the City B database. That request is encrypted as it travels between the offices before being decrypted and directed on to the City B database. The database sends the requested information back through the City B gateway. It travels via the encrypted tunnel to the City A gateway, where it is unencrypted and passed to Joe’s device.

Site-to-site VPN vs. remote access VPN

A site-to-site VPN is different from a remote access virtual private network. A remote access VPN is the most common type of consumer virtual private network, the kind you might use on your phone or laptop for personal day-to-day privacy.

Remote access VPNs use a client/server model. The client is an application installed on your device that routes your internet activity through a server and encrypts your data as it travels between client and server. This is an effective way to protect your privacy online, shield the IP addresses of your devices, and limit the threat of man-in-the-middle attacks.

Site-to-site VPNs don’t use a client/server model. The tunnel of encryption runs between the gateways at each site, so a user doesn’t need to have a client on their device as long as they send and receive information through their VPN gateway.

Remote access VPNs can be used for businesses and larger organizations as well, of course. Employees might use a client on their device to access a specific company server, for example, where files and other network resources are housed. Many enterprises use both remote access VPNs and site-to-site VPNs.

Benefits of site-to-site VPN

Site-to-site VPNs offer a range of benefits for organizations of all sizes.

• Enhanced data security. The primary benefit of a site-to-site VPN is data security. As information travels between the gateways, it is encrypted (that’s the encrypted VPN tunnel we referred to earlier). That means that if data is intercepted by bad actors while in transit between sites, it will be visible to them only as indecipherable code.
• Streamlined resource sharing. While this is a benefit of most WANs, it’s worth mentioning here. A site-to-site VPN allows employees in locations around the world to communicate, share resources, and safely access sensitive data. It’s a great way to maintain synergy across a dispersed workforce, provided everyone in that workforce has access to the sites where the gateways are set up.
• Easy onboarding. One benefit of this system is that it doesn’t rely on a client/server model. Instead of requiring all users on a corporate network to install specific client software on their devices, they can just connect to the VPN gateway and start benefiting from the aforementioned data security. Using a non-client model also helps in the rare cases where particular operating systems and devices aren’t compatible with VPN software.

Limitations of site-to-site VPNs

Site-to-site VPNs have some limitations that might make them unsuitable for some businesses.

• Unsuited to remote working. Since 2020, remote working has become much more normalized. As a result, many employees work from home or from coworking spaces, where they don’t have access to a designated VPN gateway. The same goes for any organization that relies on freelancers, who are rarely able to physically access the sites that the VPN connects.
• Limited security and privacy. No matter how secure your VPN protocols are, a site-to-site VPN only protects data as it travels between gateways. The LANs on either side of those gateways aren’t necessarily safe from cybercriminals and snoopers, so once information is decrypted and sent to a specific device on a site, it could be exposed. This is an area where client/server VPNs have an edge since data traveling to and from individual client-installed devices is usually encrypted.
• Decentralized deployment and management. While many companies are adopting VPN solutions to enhance security, most prefer systems that can be deployed and managed from a central control point. Centralized management improves technical troubleshooting and security. Site-to-site VPNs are set up and maintained by different teams in different sites, making centralized management harder.

Is a VPN right for your business?

A VPN can enhance the online privacy and data security of most businesses. NordLayer, one of the most effective B2B VPN solutions available, offers a variety of options to businesses of all sizes. If you choose the Nordlayer site-to-site VPN service, you can benefit from dedicated gateways for all of your LANs.

Even if you already have a networking solution — MPLS, for example — NordLayer can play a key role in your overall cybersecurity strategy. NordLayer also offers a client/server model, allowing organizations to securely share data and resources with workers both in and out of the office.

PRO TIP: If you’re looking for a flexible security solution, try using a business-focused VPN, like NordLayer. These services can provide you with site-to-site systems, dedicated IPs, and secure client/server models for employees.

FAQ

Is a site-to-site VPN private?

A site-to-site VPN keeps data private as it moves through the VPN tunnel. However, once that data moves beyond a gateway to the LAN on the other side, it is no longer protected by the site-to-site VPN.

What are the types of site-to-site VPN?

There are two main types of site-to-site VPN:

1) Intranet site-to-site VPN. An intranet site-to-site VPN links multiple sites through encrypted gateways. This is the model we discussed above, where a corporate network can be expanded to include multiple LANs.

2) Extranet site-to-site VPN. An extranet site-to-site VPN links sites with a VPN connection but limits what each site can access. For example, if a company wanted to form a site-to-site VPN network with another organization to share resources for one specific project, they could use an extranet system. This would make only certain files and resources freely available to the other site.

What is the difference between a VPN and site-to-site VPN?

VPN is a catch-all term for many different systems, including both site-to-site VPNs (used primarily as a corporate network solution) and remote access VPNs (often the choice of individual consumers).

What effect does a VPN have on internet speed?

Does a VPN slow down your internet? Yes, but a good VPN should reduce your speed by so little that it’s mostly imperceptible. With premium VPNs, the VPN passthrough is rapid enough that your internet experience won’t change for the worse.