Virtual private networks have long acted as reliable tools for hiding browsing histories, but besides obscuring identities, they also frequently serve an exact opposite purpose – user authentication. Site-to-site VPNs are a textbook example of such highly specialized communication techniques devised to connect multiple remote clients with fixed whereabouts.
An S2S VPN does so by leveraging a variety of local area networks and more robust intranets, as well as publicly available meshworks.
Therefore, it’s essentially a method for remotely accessing a private network (AKA – an intranet) to some degree. Sitting at the core of this concept is a technology that’s pretty much the exact opposite of an intranet – a publicly available network, i.e. an internet.
That mediator between a remote client and a private network is often the Internet, Mr. World Wide Web himself. Add the Internet Security Protocol to the mix to encrypt your traffic, and you have everything you need to establish a site-to-site (sometimes referred as a router-to-router) VPN connection.
So, what is a site-to-site VPN? To answer that question a bit more succinctly, it is a comprehensive name for a field of networking solutions designed to allow numerous physically separate clients to access one another’s data from their respective locations, so long as the sites in question are immobile.
That’s the 30-second gist of it, but let’s dig a little deeper…
Two sites, two types
Site-to-site VPNs fall into two major categories, as they can either be intranet- or extranet-based. In case of the latter, you’re essentially dealing with two or more separate local networks that can’t be merged or even directly linked due to various reasons like ownership divergence and security practices, all of which are besides the point, anyway.
Extranet-based S2S VPNs don’t necessarily involve simple LANs connected via a third network, either. Those two systems can also be full-fledged intranets, i.e. private webs compatible with all modern internet protocols.
With that said, administrators most commonly resort to this type of router-to-router VPNs when they need to connect traditional LANs belonging to different organizations. If, say, some bank grants limited access to certain financial records to an independent auditing body. Doing so allows the required level of resource sharing without connecting an external network to one’s intranet, which is a poor security practice, to say the least.
For simpler scenarios requiring a link between local area networks belonging to the same owner, an intranet-based R2R VPN is all you need. This kind of setup unifies the resources of multiple remote clients into a standard wide area network and is commonly seen firms with
Sounds like remoting? Not remotely
As a side note, don’t mistake site-to-site VPNs with remote-access VPNs; those are exclusively meant to connect distant users to their parent intranet and are the kind of thing you’d set up if, for example, you wanted to work from home.
Throughout the years, site-to-site VPNs developed into a natural networking solution for many organizations operating across multiple locations, especially those with close external partners. The need for them was — and essentially still is — proportional to the demand for intranet networking in general, but benefits of private enterprise webworks over their public alternatives are a topic for another day.
“What is a site-to-site VPN?” was written by Dominik Bosnjak, a long-time VPN-user-turned-advocate who spends more time scrutinizing VPN Providers on a daily basis than he’d like to admit. When he isn’t writing VPN Guides and covering general Tech News, he’s probably spending time with his dog, video games, or both. Fun fact: the Shih Tzu in question is the only remaining creature in Dominik’s life who hasn’t told him they’re sick of him talking about Best VPN practices and government-sponsored erosion of digital privacy which made using the Internet less convenient over the years. He occasionally dabbles in video editing, Wall Street memes, and demonstrating a remarkable lack of guitar-playing ability.
If you want more tidbit-sized rants about any of those things, you can find him on Twitter @dddominikk.