Simplistic explanation of how AirVPN connectivity works

[Airfreak71 0]

Hi guys,

I need to explain to a friend (potential AirVPN subscriber) how VPN tunneling works in AirVPN and am having a hard time doing it, given that she's non-technical and can't understand the wikipedia references. Please let me know if I'm on the right track:

After installing your AirVPN client on your Windows system, OpenVPN is also installed. Think of the AirVPN client as a kind of user-friendly gui helper tool that configures your underlying OpenVPN software foundation.

You'll be prompted to do two things when you launch the AirVPN client gui that enables it to create your connection to the AirVPN VPN servers:

a) select one of the 6 choices of port/protocol for the connection:

443/udp, 443/tcp, 80/udp, 80/tcp, 53/udp or 53/tcp

select which country VPN server you want to connect to

Once you've established a connection, a VPN tunnel is created between your home PC and the AirVPN server. You're granted an AirVPN IP (10.x.x.x) and an external Internet-facing IP (ex. 69.x.x.x). Understand that your VPN tunnel connection is running on the port/protocol combo you chose above (ex. 443/udp). Even so, you can now venture out into the internet using whatever apps and ports you want, all while being identified by IP 69.x.x.x .

The big confusion for her was understanding that although the VPN tunnel runs within port 443/udp, this did NOT restrict her to only port 443/udp! She could not understand why she would still be "protected" on the outside Internet using programs and services like FTP, BitTorrent , SSH or Netflix.

Did I word all this right, or is my ignorance also showing here?

Thanks!

[Staff 9761]

The big confusion for her was understanding that although the VPN tunnel runs within port 443/udp, this did NOT restrict her to only port 443/udp! She could not understand why she would still be "protected" on the outside Internet using programs and services like FTP, BitTorrent , SSH or Netflix.

Did I word all this right, or is my ignorance also showing here?

Thanks!

Hello!

The explanation is basically correct if you can't dig into technical details.

About her confusion, you should make clear that the OpenVPN connection ports have absolutely nothing to do with ports inside the virtual private network. Let her consider them as belonging to two completely different sets of ports in different networks.

Going just slightly into more technicalities, OpenVPN encrypts and encapsulates all the traffic (so you can have all combinations such as UDP over TCP, TCP over UDP, UDP over UDP, TCP over TCP...). The real incoming/outgoing packet headers and payloads are still/already encrypted when they pass through her physical network interface.

Her ISP will see only traffic to/from one IP and one port (again, a port which has nothing to do with the ports inside the virtual network), because the real underlying outgoing packet headers and payloads are encrypted by her client and decrypted by our servers, while incoming packets headers and payloads are encrypted by our servers and decrypted by her OpenVPN client AFTER they have passed through her computer physical interface. NAT is performed transparently by OpenVPN server and client through the tun adapter (a network interface used by OpenVPN). This gives the huge advantage to allow to use any higher-layer protocol over OpenVPN without having to configure programs.

Kind regards