R3pl4c3r's Blog
0%

Explanation of Proxy and VPN

Posted on Edited on In Valine:

Introduction

Many people confuse proxy and Virtual Private Network (VPN). This article explains the technical principles and application scenarios of proxy and VPN.

What is a proxy server?

“In computer networking, a proxy server is a server application or appliance that acts as an intermediary for requests from clients seeking resources from servers that provide those resources. A proxy server thus functions on behalf of the client when requesting service, potentially masking the true origin of the request to the resource server.

“Instead of connecting directly to a server that can fulfil a requested resource, such as a file or web page, the client directs the request to the proxy server, which evaluates the request and performs the required network transactions. This serves as a method to simplify or control the complexity of the request, or provide additional benefits such as load balancing, privacy, or security. Proxies were devised to add structure and encapsulation to distributed systems.” (Wikipedia)

If using appropriate protocol and encryption method, the proxy server can also be used for anti-censorship.

How does a proxy server work?

“When you send a web request, your request goes to the proxy server first. The proxy server then makes your web request on your behalf, collects the response from the web server, and forwards you the web page data so you can see the page in your browser.” (varonis)

When the proxy server forwards your web requests, it can make changes to the data you send and still get you the information that you expect to see. A proxy server can change your IP address, so the web server doesn’t know exactly where you are in the world. It can encrypt your data, so your data is unreadable in transit. And lastly, a proxy server can block access to certain web pages, based on domain or IP address. The most common protocols on local computers are HTTP(S) and SOCKS proxies.

What is a VPN?

A Virtual Private Network (VPN) client on your computer establishes a secure tunnel with the VPN server, replacing your local ISP routing. VPN connections encrypt and secure all of your network traffic, not just the HTTP or SOCKS calls from your browser like a proxy server.

How does a VPN work?

A VPN client will send all of your traffic to the VPN server through the VPN tunnel. Then the client will get an IP address from the server, as if the client is under the same Local Area Network (LAN) as the VPN server.

Therefore, people can easily access resources on the remote LAN by using a VPN such as SoftEther, Cisco AnyConnect and OpenVPN.

What is the difference?

  1. Proxy client is served externally through the port. You can control which traffic goes to the proxy server by controlling the traffic going to proxy client’s port. However, VPN client will send all your traffic to the remote server and virtually group the network.
  2. When using a proxy client, you can decide whether to encrypt your traffic depending on the network condition and the proxy protocol, but if using a VPN client, all of the traffic will be encrypted by using their encryption method.
  3. With the advancement of technology, proxy protocols can have a relatively high performance and a secure enough traffic. Nevertheless, VPN protocols seem to have a relatively bad performance.
  4. Proxy protocols can be designed to have few characteristics that differ from normal traffic, which can be used for anti-censorship, but a VPN protocol have distinct characteristics that can be easily identified and blocked by the censor.

What are application scenarios?

  1. If you want to break out of the regional restrictions of some Internet media such as Netflix, then both proxy and VPN can be used, provided that Netflix has not banned your IP address.
  2. If you want to have a diverse internet experience, such as using an anonymous network when accessing certain social media, but want to use your real network when visiting normal websites, then you need to use a proxy server and client and take advantage of some modern diversion tools based on rule such as Clash, Xray-core and V2Ray-core.
  3. If you want to access your LAN of your home and need a secure way to access it, then you need you use a VPN server and client. Or you want to access your company or school network, you definitely need to use a VPN client.
  4. If you want to use for anti-censorship, NaïveProxy (which is able to use Chrome’s TLS fingerprint and has the least characteristics that differ from normal traffic among the following protocols), Vmess protocol with TLS encryption, Vmess protocol with WebSocket with TLS encryption (traffic heads to proxy server can be distributed by a CDN like Cloudflare, which can hide the real proxy server IP address), Vless protocol with XTLS encryption (which has the best performance) and Trojan protocol are all ideal choices. (Vmess protocol and Vless protocol are provided by Xray-core and V2Ray-core. All the protocols must run over the TLS encryption to ensure the effect of anti-censorship. Vless protocol can be encrypted by XTLS (Performance-oriented modified version of TLS encryption) and then have a better performance, but XTLS encryption is only available in Xray-core.)

References:

  1. ‘Proxy server’, Wikipedia. https://en.wikipedia.org/wiki/Proxy_server
  2. ‘What is a Proxy Server’, varonis. https://www.varonis.com/blog/what-is-a-proxy-server/
  3. ‘What’s The Difference Between a Proxy and a VPN?’, varonis. https://www.varonis.com/blog/proxy-vs-vpn/