Tunneling, which is most commonly known as port forwarding, is the process of transmitting data that is intended for private use only. Typically, this involves confidential information in a corporate network through a public network in such a way that the nodes that are routing in the public network become unaware that the process of transmission is part of the private network.[1] Simply put, tunneling is a communication protocol that allows the movement of data from one network to another network. It involves specific steps that allow private network communications to be sent across a public network, this process is called encapsulation. In this encapsulation process, data packets appear as though they are of a public nature to a public network when actually they are considered as private data packets. This allows them to pass through unnoticed.[2]


In the process of tunneling, data will be broken down into smaller pieces, which are known as packets, that will move along the "tunnel" to be transported to their end destination. As these packets move through the tunnel, they are encrypted and encapsulated. The private network data and the information protocol that will go with it are also encapsulated in public network transmission units for sending. In the receiving end, the process of decapsulation and decryption will take place. Furthermore, the tunnel is considered as the logical path or connection that will encapsulate the packets that travel through the transit internetwork. This tunneling protocol will encrypt the original frame so that the content will not be interpreted outside of its route. In order for the process to really work, the data will be sent once the tunnel is already in place and the clients or the server will use the same tunnel to send and receive the data across the internetwork. Transferring of data will depend upon the tunneling protocols that are being used for the transfer.

Tunnel Layers

VPN tunnels can be created at the following layers of the open system interconnection or OSI reference model:

The VPN protocols that operate this layer are the point to point tunneling protocol and layer 2 tunneling protocol.

Network Layer – layer 3

IPSec can operate as a VPN protocol at the network layer of the OSI reference model.[3]


Tunneling Protocols

Below are the various protocols that allow tunneling to take place:

Point to Point Tunneling Protocol (PPTP)

This keeps the data secure even if it is being communicated over public networks. The authorized users can access a private network which is called a virtual private network or VPN that is provided by an internet service provider or ISP. This is a private network in the virtual sense because it is created in an environment that is tunneled. This protocol allows the corporations to extend their own corporate network through a private channel over the public internet.

Layer 2 Tunneling Protocol (L2TP)

This protocol involves a combination of using PPTP and layer 2 forwarding. This is used in order to support the virtual private networks (VPN) as a part of the delivery of services by Internet service protocols or ISPs. It does not provide any encryption and confidentiality just by itself. But, it relies on an encryption protocol that it passes within the tunnel in order to provide privacy. It uses packet-switched network connections that will allow for the endpoints to be located on different machines. With this, it simply means that the connection can terminate at a local circuit concentrator and eliminates possible long-distance charges, among the other benefits. Hence, from another point of view, there is really no difference in terms of the operation.[4]

Thus, tunneling is really useful and helpful in a corporate setting and also it gives features of security such as the options of encryption.[2:1] In a nutshell, tunnels are considered as a mechanism that is used to send unsupported protocols across different and diverse networks. The tunneled data, VPN or other, will add to the size of the packet that will result in less data being sent per packet. This tunneling data over the SSH is normally a per-application VPN, but the latest version of the open SSH will implement a full-blown hassle-free VPN.


The following are the two types of tunneling:

Voluntary Tunneling

In this type of tunneling, the client will start the process of initiating a connection with the VPN server. There is a requirement in order for the process to work and this requirement is an existing connection between the server and the client. This is the connection that the VPN client will use in order to create a tunneled connection with the VPN server. For voluntary tunneling, the user’s computer will be considered as an endpoint of the tunnel and will act as the tunnel client. The client here or the user will issue a request of configurations and will create a voluntary tunnel. They will require a dial-up or a local area network (LAN) connection. In this type of tunneling, it requires that the client’s computer should have the appropriate software and that protocols be preinstalled in order to make the connection possible.

Compulsory Tunneling

In this type of tunneling, a connection will be created between the two VPN servers and two VPN access devices or VPN routers. With this, a remote access server will set up and will configure VPN by the use of a device which is called the dial-up access server. This will act as a tunnel client. With a compulsory tunnel, the user’s computer is not considered as a tunnel endpoint.

  1. https://searchnetworking.techtarget.com/definition/tunneling-or-port-forwarding ↩︎

  2. https://www.techopedia.com/definition/5402/tunneling ↩︎ ↩︎

  3. http://www.tech-faq.com/tunneling.html ↩︎

  4. https://searchnetworking.techtarget.com/definition/Layer-Two-Tunneling-Protocol-L2TP ↩︎