70+ VPN terms explained simply. No jargon, just clear definitions for beginners and experts alike.
A
AES-256Advanced Encryption Standard with 256-bit keys — the gold standard for encryption. Used by governments, banks, and militaries worldwide. Currently unbreakable with existing technology.
Always-on VPNAn Android feature that keeps your VPN connected at all times. If the VPN disconnects, it automatically reconnects to prevent IP leaks.
AuthenticationThe process of verifying your identity when connecting to a VPN server — using certificates, pre-shared keys, or username/password.
B
BandwidthThe amount of data that can be transferred over a connection. Free VPNs often limit bandwidth; premium VPNs offer unlimited bandwidth.
Bypass censorshipUsing a VPN to access websites and content blocked by governments, ISPs, or network administrators in restrictive countries.
C
ChaCha20A modern stream cipher used by WireGuard for encryption. Provides strong security with excellent performance on mobile devices.
CiphertextEncrypted, unreadable data. When your internet traffic is encrypted, it becomes ciphertext that only the VPN server can decrypt.
Connect on DemandAn iOS feature that automatically reconnects your VPN if it drops. The closest iOS gets to a kill switch.
D
DNS LeakWhen DNS queries bypass the VPN tunnel and go to your ISP's DNS servers, exposing your browsing activity. Good VPNs have DNS leak protection.
Double VPNMulti-hop VPN that routes traffic through two VPN servers instead of one, adding an extra layer of encryption. Also known as multi-hop or cascading VPN.
DDoS ProtectionA VPN hides your real IP address, preventing attackers from launching Distributed Denial of Service attacks against your home network.
E
EncapsulationThe process of wrapping encrypted data inside another packet addressed to the VPN server. This creates the VPN "tunnel."
EncryptionThe process of scrambling data into unreadable code. VPNs use encryption to protect your internet traffic from hackers, ISPs, and government surveillance.
ExpressVPNA premium VPN service known for blazing fast speeds, ease of use, strong security, and a verified no-logs policy (audited by PwC).
F
Five EyesAn intelligence alliance between the US, UK, Canada, Australia, and New Zealand. VPNs based in these countries may be subject to government surveillance demands.
Full tunnelWhen all your device's internet traffic is routed through the VPN. Provides maximum security but may be slower than split tunneling.
G
Geo-blockingThe practice of restricting access to content based on geographic location. VPNs help bypass geo-blocking by making you appear in another country.
H
HandshakeThe initial process where your device and the VPN server agree on encryption keys and establish a secure connection.
I
IKEv2/IPsecA VPN protocol that's excellent for mobile devices. Handles network switching well (Wi-Fi to cellular) and is built into iOS and macOS.
IP AddressInternet Protocol address — a unique identifier for your device on the internet. A VPN hides your real IP and replaces it with the VPN server's IP.
IP LeakWhen your real IP address is exposed even though your VPN says it's connected. Can happen through DNS leaks, WebRTC leaks, or VPN connection drops.
ISPInternet Service Provider — the company that provides your internet connection (Comcast, Verizon, AT&T). ISPs can see your browsing without a VPN.
K
Kill SwitchA security feature that automatically blocks your internet access if the VPN connection drops, preventing your real IP from being exposed.
Key ExchangeThe secure process where your device and the VPN server agree on encryption keys without exposing them to eavesdroppers (using algorithms like Diffie-Hellman).
L
L2TP/IPsecOlder VPN protocol that provides decent security but is slower than modern protocols. Still used for legacy device compatibility.
LatencyThe time delay between sending and receiving data. VPNs can increase latency due to encryption and routing through remote servers.
LightwayExpressVPN's proprietary VPN protocol. Open-source, fast, and secure. Designed to be lightweight and bypass restrictive networks.
M
Man-in-the-Middle AttackA cyberattack where a hacker intercepts communication between your device and a website. A VPN prevents MITM attacks on public Wi-Fi.
Multi-hopAnother term for Double VPN — routing traffic through multiple VPN servers for extra privacy.
MullvadA privacy-focused VPN service known for accepting cash payments, no email requirements, and a proven no-logs policy.
N
No-Logs PolicyA promise that the VPN provider does not record your browsing activity, IP addresses, or connection timestamps. The best VPNs have this independently audited.
NordLynxNordVPN's implementation of the WireGuard protocol. Provides fast speeds with strong security and privacy enhancements.
NordVPNA leading premium VPN service offering strong security, verified no-logs policy (audited by Deloitte), and advanced features like Double VPN.
NATNetwork Address Translation — allows multiple devices on a local network to share a single public IP address.
O
Obfuscated ServersServers that disguise VPN traffic as regular HTTPS traffic, helping bypass VPN blocks in restrictive countries like China and Iran.
Onion Over VPNA feature that routes traffic through a VPN server first, then through the Tor network, combining VPN privacy with Tor anonymity.
OpenVPNAn open-source VPN protocol that provides strong security and wide compatibility. The industry standard for VPNs.
P
Perfect Forward SecrecyAn encryption feature ensuring that even if your encryption key is compromised, past sessions remain secure and cannot be decrypted.
PPTPPoint-to-Point Tunneling Protocol — an outdated VPN protocol developed in 1995. Has broken security and should never be used.
ProtonVPNA privacy-focused VPN from the makers of ProtonMail. Offers a trustworthy free tier with unlimited data and a verified no-logs policy.
P2PPeer-to-Peer file sharing (torrenting). A VPN hides your IP address from others in the swarm, protecting your privacy.
R
RAM-Only ServersVPN servers that run entirely on RAM (no hard drives). Every reboot wipes all data, ensuring no logs can be stored.
S
Secure CoreProtonVPN's multi-hop feature that routes traffic through privacy-friendly countries (Switzerland, Iceland, Sweden) before exiting to the internet.
Split TunnelingA feature that lets you choose which apps use the VPN and which use your regular internet connection. Useful for banking apps while streaming foreign content.
Stealth ModeA feature that disguises VPN traffic as regular HTTPS traffic to bypass deep packet inspection and VPN blocks.
SurfsharkA budget-friendly VPN offering unlimited simultaneous device connections, strong security, and a verified no-logs policy (audited by Deloitte).
T
Threat ProtectionNordVPN's built-in ad blocker, malware protection, and tracker blocker that works even when the VPN is off.
TorThe Onion Router — a network that provides anonymous communication by routing traffic through multiple volunteer nodes.
TunnelingThe process of encapsulating encrypted data inside packets that travel through a secure "tunnel" to the VPN server.
U
UDP vs TCPTransport protocols. UDP is faster (good for streaming), TCP is more reliable on restrictive networks (use OpenVPN TCP on port 443).
V
VPNVirtual Private Network — a service that encrypts your internet connection, hides your IP address, and protects your online privacy.
VPN ConcentratorSpecialized hardware that handles hundreds of simultaneous VPN connections, typically used by enterprises.
VPN PassthroughA router feature that allows older VPN protocols (PPTP, L2TP) to work through NAT. Not needed for modern VPNs like WireGuard.
W
WebRTC LeakA browser vulnerability that can expose your real IP address even when using a VPN. Can be prevented with browser extensions or disabling WebRTC.
WireGuardA modern, fast, and secure VPN protocol. Uses state-of-the-art cryptography (ChaCha20, Poly1305) and has a lean codebase (~4,000 lines).
Z
Zero-Logs PolicyA strict no-logs policy verified by independent third-party audits. The gold standard for VPN privacy.
ZTNAZero Trust Network Access — a security framework used by enterprise VPN alternatives like Zscaler, replacing traditional VPNs for corporate access.