Learn VPN and tunneling vocabulary: IPSec, OpenVPN, WireGuard, split tunneling, site-to-site vs. client VPN, and zero-trust network access (ZTNA).
0 / 5 completed
1 / 5
Split tunneling in a VPN configuration means:
Split tunneling allows internet-bound traffic (e.g., Netflix) to bypass the VPN while corporate traffic (e.g., internal apps) is tunnelled. This reduces VPN server load but means untunnelled traffic is not protected by corporate security controls.
2 / 5
IPSec operates in two modes: Transport and Tunnel. What is the key difference?
In Tunnel mode, a new IP header is prepended — the original source/destination addresses are hidden inside the encrypted payload. This is used for site-to-site VPNs. Transport mode preserves the original IP header and is used for host-to-host encryption (e.g., between two servers).
3 / 5
WireGuard differentiates itself from OpenVPN primarily by:
WireGuard's minimal codebase lives in the Linux kernel (and is ported to other OSes), making it faster and easier to audit for security vulnerabilities. It uses modern cryptography (Noise protocol, Curve25519, ChaCha20-Poly1305) and has no cipher negotiation — reducing attack surface.
4 / 5
Zero Trust Network Access (ZTNA) differs from traditional VPN in that:
Traditional VPN gives network-level access — once connected, a user can reach many resources. ZTNA applies 'never trust, always verify': each application access is individually authorised based on user identity, device posture, and context, implementing least-privilege access.
5 / 5
A site-to-site VPN differs from a remote-access (client) VPN in that:
Site-to-site VPNs act like a permanent leased line between two networks — users on either side communicate transparently without running a VPN client. Remote-access VPNs require each end-user device to authenticate and establish its own tunnel session.