Skip to main content
Lantern Home

 

Splunk Lantern

Network VPN data

  1. Last updated
  2. Save as PDF

 

Network VPN (virtual private network) data refers to all information that is processed, encrypted, encapsulated, and transmitted through a secure tunnel established by VPN software between a user's device (client) and a VPN server. This data encompasses both the actual content being sent and received, as well as the metadata associated with the secure connection itself. The primary purpose of managing this data via software is to ensure privacy, security, and often, the ability to bypass geographical restrictions or access private networks remotely.

VPN data is handled by two main components:

  • VPN client software: This software, installed on a user's device (for example, computer, smartphone, router), initiates and maintains the VPN connection. It's responsible for capturing the user's internet traffic, encrypting it, encapsulating it within the VPN protocol's framework, and sending it through the secure tunnel to the VPN server. It also decrypts and decapsulates incoming data from the VPN server.
  • VPN server software/gateway: This software runs on a remote server and acts as the exit point for the VPN tunnel. It receives the encrypted and encapsulated data from the client, decrypts and decapsulates it, and then forwards the original data to its intended destination on the internet. Conversely, it receives responses from the internet, encrypts and encapsulates them, and sends them back to the client. The server also handles authentication, access control, and routing.

Key characteristics of network VPN data include:

  • Encryption: All data flowing through the VPN tunnel is encrypted, rendering it unreadable to unauthorized third parties, including Internet Service Providers (ISPs) or malicious actors.
  • Encapsulation: The original data packets are wrapped inside new packets, often with a new header, to facilitate their secure transmission through the tunnel.
  • IP masking: The user's real IP address is hidden, and the traffic appears to originate from the VPN server's IP address.

Examples of network VPN data include:

  • Encrypted user traffic (payload data): This is the core data that the user intends to transmit or receive securely. It includes:
  • VPN connection metadata and control data: This data is generated and managed by the VPN software to establish, maintain, and monitor the secure tunnel. It includes:
    • User's true IP address
    • Assigned VPN IP address
    • Connection timestamps
    • VPN server information
    • Data volume
    • Authentication credentials
    • Connection status and error messages
    • VPN protocol information
    • Routing table entries
    • DNS queries

Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: