Breaking down IP addresses is essential for understanding how the Internet works, especially since IP addresses are the ones affected by VPN. With the aid of a reliable virtual private network tool, it’s possible to hide your online identity, protect your privacy, reach resources on a remote internal network, unlock website content that’s not normally available to your country, get better deals when shopping online, and so on. All of this is done by making the Internet think you have a different IP address.
Feel free to check out our article about the pros and cons of using VPN if you want to find out more. As for this article, we’re taking a closer look at IP addresses, explaining how they work, how they are created and assigned, how many types of IP addresses are there, and why all of this is important to know. Take our word for it: you don’t have to be a computer specialist to understand some basic principles about IP addresses. We’ll leave the more technical stuff for another time.
What’s an IP address?
An IP address is represented by a set of seemingly random numbers that’s assigned to any device connected to the Internet through the Internet Protocol (IP). Its goal is to help identify your host or network adapter across the web, along with your network address, acting like your name and home address on the digital platform. Once your IP address is detected by the network, it’s time for the IP to transfer data packets using the IP addresses from the packet headers to figure out where data is being sent from (source) and where it is going (destination).
Many people think that “IP address” and “network address” are the same thing, but this is false. An IP address is assigned to a host, such as a computer, printer, server or other device on a TCP/IP network. The network address, on the other hand, can include multiple IP addresses in the same network. For instance, if 220.127.116.11 is an IP address, then 18.104.22.168 is a network address that contains IP addresses ranging from 22.214.171.124 to 126.96.36.199. Note that the fixed part of the network address is 5.1.123.x while the rest is defined by the subnet, ranging from 0 to 255 (more on this later).
How IP addresses are assigned: the short version
Companies, organizations and casual users don’t actually have a direct connection to the Internet when accessing the world wide web. Instead, they employ the services of an Internet Service Provider (ISP), a special organization whose sole purpose is to provide services for joining the Internet. If you’re connected to the web from home, then you’re either using the services of your own ISP or borrowing the wireless network of a neighbor. If you’re using the Internet at work, then your company is providing you Internet access through its network administrator who, in turn, employs the services of an ISP.
Firstly, ISPs assign a network address to the company or organization requesting its services, effectively turning it into a network. Secondly, the company/organization may choose to either provide web access to its network or create subnetworks with Internet access. Subnetworking is typically the preferred option because it comes with richer administration possibilities (separate rules for separate subnetworks).
Before employing the services of the ISP, though, the company/organization must have a plan ready to estimate the size of the network. This is because the resulting IP addresses will depend on the selected network class. For example, class C are tiny networks that can have a maximum number of 254 devices connected to the Internet (network IP addresses range from 192.0.0.0 to 188.8.131.52). On the other side of the spectrum are class A networks, where a minimum of 65,535 and a maximum of 16,777,214 devices can have an Internet connection (network IP addresses range from 184.108.40.206 to 220.127.116.11).
A simplified version of data transfers over the web
Routers receive data from the Internet and must relay it to the device it was intended for (host). However, routers don’t know where the host is exactly, only that it’s the member of a known network. By reading information from its routing table (table with data about the nearby network’s topology), the router sends the packet of information to the host’s network, completing its job. Next, the network’s identifies the host’s subnetwork and does the same thing. These steps are taken until the nearest subnetwork of the host is reached. In the last phase, the subnetwork sends the data packet to the host since it knows its identification details. It’s a complex but intuitive operation that takes place in milliseconds.
As for the technical details behind this operation, let’s say that we have a class C network with the 18.104.22.168 network address, and the IP address of the destination host is 22.214.171.124. Thanks to the routing table, the system identifies “126.96.36.199” as the network, sending the data packet to the 188.8.131.52 network address. The network’s router then forwards the packet to 0.0.0.6, which represents the host address (where “.6” is the host identifier). More information is required to complete the task, though, since TCP/IP requires the subnet mask to tell if the destination host is either on the local subnet or a network in a remote location.
Two main IP address versions: IPv4 and IPv6
You may have heard of different IP address types like IPv4 and IPv6, so you might be wondering how many versions are there. Because the IP address was first introduced as a concept in 1977, the first four versions (IPv0, IPv1, IPv2, IPv3) were just experimental. The first modern version that still dominates the Internet is IPv4, published in RFC 791. Its IPv4 is IPv6, described in RFC 2460.
Although IPv4 was released back in 1983 to be integrated with what eventually became the Internet, this protocol version is still being widely used at the present to provide digital routes across the world. It’s a connectionless protocol that sends and receives information in packet switching networks by addressing and routing the units of data one at a time, using details extracted from each unit. This is preferred to transferring data streams in the same order through fixed channels that were already laid out, which is the principle of the connection-oriented communication protocol.
IPv4 focuses on speed and low resources usage thanks to no onset preparations, attempting to deliver data as quickly as possible from one network node to another. However, this also means that it makes no guarantees that all packets of data will reach their destination – duplicate copies of the same data packet may arrive at the destination, too. This is called the best-effort delivery model, which is also utilized by the UDP protocol to rapidly transfer data over the Internet, risking data loss in the process. For more information, feel free to check out our article about UDP and other VPN protocols.
IPv4 address representation
32-bit addresses are used by IPv4, which means that no more than 4,294,967,296 (232) addresses can exist on the Internet that use IPv4. Further, almost 18 million IPv4 addresses are put aside for private networks, together with approximately 270 million for multicast addresses. For example, the 127.0.0.0/8 address block has exactly 16,777,216 addresses ranging from 127.0.0.0 to 127.255.255.255 reserved for loopback addresses to the local host.
Meanwhile, the 10.0.0.0/8 address block has the same number of reserved IP addresses, starting from 10.0.0.0 and ending with 10.255.255.255, which can be used to carry out local communications inside a private network. Two branch offices that are far away from each other and cannot establish a direct connection through the public Internet may use a VPN service or an IP tunnel to create a shortcut. Besides the convenient bridge between the two, the main advantage is that packets encapsulated in the protocol’s layer can be encrypted when transferring them across the public network, in order to ensure data security, integrity and privacy.
Any numerical sequence made of exactly 32-bit addresses can become an IPv4 address. Nevertheless, they are typically expressed using dot-decimal notation, where the sequence of the IP address is split into four octets, and each octet consists of decimal numbers divided by periods. An example for a dot-decimal IPv4 address is 255.0.0.0. However, it’s also possible to express the IPv4 address in other ways. For the 255.0.0.0 dot-decimal notation, you might encounter its hexadecimal (0xFF000000), octal (0377.0000.0000.0000 – 0037700000000) or binary counterpart (11111111.00000000.00000000.00000000). Nevertheless, these versions are now deprecated, so you may spot them in older documentation.
IPv4 packet structure
Each network packet is made out of two sections: header and data. When it comes to IPv4, the header contains 14 fields, where only 13 are mandatory. The 14th field is reserved for options. The most important byte is bundled with the fields (Big Endian). Only the most important bits are taken into account for the IP diagram and discussion (MSB 0 bit numbering), where the most significant bit is numbered as 0. Because of this, the four most important bits of the first byte include the version field.
In addition to the version, the datagram of the IPv4 header includes the Internet Header Length (IHL), Differentiated Services Code Point (DSCP), Explicit Congestion Notification (ECN) and total length. They are followed by fields for identification, flags, fragment offset, Time To Live (TTL), protocol, header checksum, source address, destination address, and options. Options are not used often because some of them might be blocked by routers, like Loose Source and Record Route as well as Strict Source and Record Route (both are used for address translation).
The data section of the IPv4 header is not included in the checksum, so the actual message that’s being sent across the network can be interpreted from the value of the protocol data field. Typical protocols used for this are Internet Control Message Protocol (ICMP), Internet Group Management Protocol (IGMP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), IPv6 encapsulation (ENCAP), Open Shortest Path First (OSPF) and Stream Control Transmission Protocol (SCTP).
When IPv4 addresses were rolled out before the 1980s, the Internet Engineering Task Force (IETF) couldn’t imagine how fast the address space would be exhausted because it was impossible to predict the continuously growing demand of Internet users. This was doubled by the success of mobile devices and the fact that they always had an active Internet connection, even when not in use.
Quick solutions were found and implemented for network addressing issues, such as classful networks, Classless Inter-Domain Routing (CIDR) methods and Network Address Translation (NAT). But a long-term solution was found by creating IPv6 addresses in the 1990s, which ultimately became an Internet Standard in 2007 (published in RFC 8200).
The successor of IPv4 increases the address space to 128 bits, permitting 2128, or approximately 3.4 × 1038 addresses. Just as IPv4, not all addresses of IPv6 can be used by the public since some of them are reserved for special purposes. Unfortunately, the two protocols aren’t interoperable, so it’s not easy to make an upgrade from IPv4 to IPv6, but some transition rules have emerged to guide users in this direction.
Compared to IPv4 that only uses numbers in its representation, IPv6 uses letters, too, resulting in an alphanumerical string with eight groups of four hexadecimal digits. Each of the eight groups represents 16 bits (or two octets), and the groups are often divided by colons. Examples include 2002:0000:ab00:1234:0000:2552:7887:1313 and 21da:d2:0:2f4e:2aa:ff:fg28:1c7a.
Both uppercase and lettercase are supported but it’s recommended to use only small letters for the sake of simplification. Consecutive colons (“::”) and leading zeros from each field of 16 bits are ignored, so 2003:1fg5::0005 becomes 2003:1fg5:5. Errors don’t occur if an improper representation is used. Instead, the network uses the nearest supported format (if available).
IPv6 address block
The address block used by IPv6 is a group of IPv6 addresses laid out in a sequence, where the size must be a power of 2. Known as the network address or routing prefix, the first three groups of numbers (first 48 bits) from all addresses are the same for all hosts in the network, and they are used for routing IPv6 packets.
What follows the network address is the subnet address on the fourth group of numbers (from the 49th bit to 64 bits), together with the device address on the last four groups of numbers (the final 64 bits). If the IPv6 address is 2003:fg9:abcd:0049:0000:0000:0000:0000, then the network address is 2003:fg9:abcd, the subnet address is 49 (the leading zeros in “0049” are ignored), the network and subnet addresses form the IPv6 prefix, and the device address is 0000:0000:0000:0000.
All devices in the network share the same network and subnet addresses given by the IPv6 address, but their device addresses is unique so that you can tell them apart. That’s why the first four groups of every IPv6 address is the same but the last four groups vary by device. Since it can become difficult to keep track of all devices in the network (especially if we’re talking about numerous machines of various types like computers, faxes and printers), the device address can be simplified by writing a prefix-length in its place in the IP address.
When it comes to the address block size, it can be set by writing a slash and a decimal number. The value of this number must have the length of the network prefix (in bits). This method is preferred to the one applied by IPv4, which points out the exact network addresses in the block. As an example for IPv6, if the address block has a 28-bit prefix-length, then it’s labeled as “/28”. It also means that the block has 2128 – 228 = 2100 addresses. If the IPv4 address of the 28-bit prefix-length is 2003:fg9:abcd:0049::/28, then the system is instructed to split the network into 28 subnetworks, each having one of the total 28 devices in the network.
Networks and subnetworks
Before subnetworks were introduced, the Internet Protocol followed a simple guideline where the number of the network was always set to the most significant 8-bit section. But this meant that no more than 256 networks could be used, so it was completely incompatible with the fact that more networks were being created and were being used outside of the existing networks, which were already attributed by the network number. Eventually, this issue lead to setting up a classful network architecture.
Classful network and CIDR
The classful network splits up the IPv4 address space into five classes by taking into account the first four address bits. This results into classes A, B and C for unicast, class D for multicast, and class E for future or experimental addresses. Although this method of resolving network addressing issues is now deprecated and superseded by CIDR (Classless Inter-Domain Routing), it helped with understanding and fine-tuning the subnetwork design that’s being used today.
Classful networks couldn’t face the complexity of the rapidly growing routing tables on routers connected to the Internet that were beginning to deplete the IPv4 address space, so CIDR dropped the class system in favor of allocating address space to ISPs and casual users whose IP addresses have limited bits (bit boundary).
Thanks to CIDR, IP addresses could be better written in the CIDR notation, expressed by an IP address reduced to a minimal, compact format, along with its associated routing prefix. The routing prefix includes a suffix that specifies the number of bits in the prefix. Therefore, the CIDR notation contains the IP address, a slash symbol, and a decimal number (sum of leading 1 bits in the subnet mask). The bigger the decimal number, the smaller the network. Examples are 192.0.0.0/24 for IPv4, and 2004:fg9::/32 for IPv6.
What are subnetworks?
IP networks are often broken down into multiple logical networks, which become subnetworks (or subnets). This works with both IPv4 and IPv6, and it helps with easily performing different operations for distinct divisions of the same network. For example, companies usually put together subnets when establishing the Internet connection, in order to better manage a limited number of host computers that exist in the same location. To facilitate subnetworking, it’s considered that an IP address is made of two parts: network prefix (for the high-order bits) and rest field/host identifier/interface identifier (for the remaining bits).
Subnet masks or netmasks create subnetworks, representing a number that defines the IP address range to be applied to the network. In IPv4, for example, the subnet mask ranges from 0 to 255 (256 total devices). The larger the subnet number, the larger the network (has many devices, each with its own IP address). The netmask hides the part of the IP address that identifies the network, leaving visible just the section which indicates the host.
A common subnet mask example for IPv4 is 255.255.255.0, which is 32-bit long and has four 8-bit octets. The first three octets are identical, pointing out that the IP addresses of the devices belonging to this netmask share the first three octets, too. The last octet can have any value from 0 (inferior limit) to 255 (superior limit). 10.0.1.100, 10.0.1.101 and 10.0.1.102 belong to the same subnet, but 10.0.2.103 doesn’t.
The length of the IPv6 prefix is the same as the length of the IPv4 subnetmask. But it’s written as an numerical value ranging from 1 to 128, instead of octets like is the case of IPv4. For instance, 2003:fg9:abcd:1577::0/64 indicates a subnet whose IP addresses range from 2003:fg9:abcd:1577:0000:0000:0000:0000 to 2003:fg9:abcd:1577:ffff:ffff:ffff:ffff. The “2003:fg9:abcd:1577:” part represents the prefix of the IPv4 address, while the remaining part is the host because it points out to a specific host in the network. You can also use an online IP subnet calculator that works with both IPv4 and IPv6.
Several IP addressing and routing methods can be used for IP: unicast, broadcast, anycast, and multicast. But the way these four modes are handled by IPv4 and IPv6 are a bit different.
Most Internet traffic is routed through IPv4 unicast, where the Internet Protocol sends packets to a unicast address from the single network interface identified. IPv4 and IPv6 use unicast addressing the same way, where one IP address is assigned for each host interface.
Broadcast addressing was made to send data packets and messages to many network devices from the same subnet at the same time. For example, DHCP and BOOTP clients identify and send server requests with the help of broadcast IPv4 addresses.
Unfortunately, IP broadcasting is still facing a lot of performance-related problems since it’s necessary to avoid the broadcasting of all devices to the public internet. While traditional IP broadcasting operates well with IPv4, the same cannot be said for IPv6, where broadcast addresses remain undefined. But these issues have been overcome by multicast, and this is the reason why broadcasting is not a distinct addressing method for IPv6.
Multicast applies to many hosts, groups of IP devices. Multicast addresses are assigned to the network routers by following a certain protocol of distribution, and this is also when the hosts obtain the multicast address. Therefore, any packets sent to the multicast address are automatically received by all interfaces from the corresponding multicast group.
Multicast is supported by both IPv4 and IPv6 but improved in IPv6. IPv6 has more addresses available for multicasting, while IPv4 has functionality issues mostly due to the fact that most hardware devices don’t have obligatory support for IPv4 multicasting (unlike IPv6).
Anycast mode assigns one IP address to a group of interfaces, so that a sent packet reaches only one of the member interfaces (nearest) but not everyone. It’s difficult to tell apart anycast from unicast addresses because they share the same structure. However, they can be correctly identified by pinpointing their location in the network at multiple points.
The anycast addressing method doesn’t originally have support for IPv4 since it was specifically designed for IPv6. Nevertheless, anycast can be emulated for IPv4 to facilitate localization for services and servers.
IP address assignment: types of IP addresses
We’ve already established how network and IP addresses are formed: using a network address, a host address and subnet mask. When it comes to assigning IP addresses to hosts, there are two main methods: using static or dynamic IP addresses. But there are also sticky dynamic addresses and IP addressing conflicts, together with private, public and reserved IP addresses that we want to go through.
Static IP address
Having a static IP address means that the host device (either hardware or software) has a fixed setup that cannot be modified. Fixed addressing is often configured for devices designed to facilitate the means of communication between other machines in a network, like routers and printers, mail, FTP and web servers. It’s useful to have a static IP address if you are hosting a server, for example, which you want to be easily remembered by remote clients, such as end users or external devices or websites (e.g. an online business). But hosting a server with a dynamic IP address is possible, too. It’s usually necessary to make a special request to your ISP if you want to get a static IP address, which is more expensive than the dynamic version.
Dynamic IP address
A dynamic IP address is attributed to the device during boot and changes at each boot. Most end users have a dynamic address because it’s a cost-effective solution for ISPs and requires no configuration if Zeroconf is applied (everything’s automatic). On the bright side, your online identity changes every time you restart your router, which helps protect your privacy when surfing the Internet. On the downside, if you want to connect to your workplace via VPN, it might be tricky for the company’s network administrator to provide you round-the-clock access to the office’s intranet, since your IP address should be on its whitelist.
Apart from Zeroconf, the network administrator can assign the dynamic IP address by configuring and running network services, which is a bit more difficult to accomplish. For instance, a Dynamic Host Configuration Protocol (DHCP) server gives machines the possibility to perform an automatic request of IP addresses and other networking details from the ISP, which eliminates the manual assistance of an end user or network admin when it comes to all devices in the network.
Sticky dynamic address
As previously mentioned, the IP address of a router changes when the device resets. This happens rarely, though, since most routers are used to remain online for long periods of time. To satisfy the preferences of users interested in an IP address solution that shared both static and dynamic traits, ISPs came up with sticky dynamic address – an IP address that changes when the device is reset or after a certain period of time. After address expiration, the device reverts to its original IP address. Thanks to this DHCP method that can be implemented by the network administrator, all devices from the same network can share a limited address space by alternating the dynamic IP addresses.
Public IP addresses
The public IP address is the one you receive from the ISP, used for reaching the Internet directly. It represents your identity and can be used to track your location and find details about you, such as name of ISP, postal code, when your domain was registered and when it expires. Each public IP address is unique since all devices with an Internet connection must have a distinct address to be able to send and receive data packets. Your public IP address is the one masked by the VPN application, which finds and assigns a new IP address to set up your online identity.
Private IP addresses
Also known as local IP addresses, private IP addresses belong only to your personal network and cannot be used by your router to reach the outside world. To be able to communicate internally without consuming the limited space of public IP addresses, all devices in your private network must have a private IP address, but this is completely isolated from someone else’s private IP addresses. Routers are not required for these internal data transfers but only when it becomes necessary to transfer packets to an external network. In other words, your Internet status can be offline if you want to limit your activity to multiple devices inside the network.
Reserved IP addresses
When IPv4 and IPv6 addresses were issued by IETF and the Internet Assigned Numbers Authority (IANA), emphasis was put on reserving special IP addresses designated for specific purposes. For example, the 192.0.0.0/24 address block in IPv4 has a total of 256 IP addresses ranging from 192.0.0.0 to 184.108.40.206 that can be used in private networks for IETF protocol assignments. When it comes to IPv6, the fc00::/7 address block has a total of 2121 addresses ranging from fc00:: to fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, which can be used in a private network as a unique local address.
IP addressing conflicts
If two or more hosts connected to the same Ethernet or wireless LAN claim to have the same IP address, then it becomes a software-related conflict which may prevent either or all devices from establishing an Internet connection. The whole network will remain offline if one of the devices behaves like the network gateway, though. This can be usually fixed by assigning a new IP address to the “clone” devices, such as rebooting. More elaborate solutions involve restarting your DHCP server, disabling multiple instances for your DHCP server, manually releasing your IP address, setting a static IP address, or updating the router firmware (if it has a faulty DHCP server).
NAT, types of NAT, and NAT Traversal
Created by Cisco, NAT (Network Address Translation) provides the set of instructions that must be followed by a device in order to successfully establish a link between public and private networks. The device can be a router, firewall or just a machine specifically designed to keep the Internet connection alive for the network. Network address translation isn’t required for devices that want to reach resources from the same network, but it intervenes when they wish to step outside, like on the Internet.
Thanks to NAT, it’s possible for a single public IP address to be assigned to an entire network of subnetworks and hosts. By examining the limited IP address space available on the Internet, NAT keeps the IP addresses in check and makes sure everything is running optimal during address assignment, which is both cost-effective and secure. It’s also part of the firewall toolkit for safety purposes.
Network Address Translation doesn’t have a fixed mechanism for mediating the Internet connection. Instead, the admin may choose from several methods for NAT mapping.
Static NAT associates a private, unregistered IP address to a registered, public IP address which is static. Therefore, the private IP address of a host will always be translated into the same public IP address on each connection. It comes in handy for permitting an external, remote device to access a host from private network, if this action is permitted by the private device. This action is not possible in the case of dynamic NAT, which is the most important difference between the two NAT modes.
Dynamic NAT creates the same mapping using a public IP address selected from a group of registered IP addresses available to the world, also known as the NAT pool. However, it’s uncertain what the designated IP address will be on each session, since it depends on what’s left unclaimed in the NAT pool. The first eligible public IP address that’s not currently being used by another network will be immediately picked up from the NAT pool. This also means that the mapping between the public and private networks may vary.
A firewall is automatically created between the internal and external networks when using dynamic NAT, allowing Internet connections only if they come from the stub domain. A stub domain is represented by a local network that uses IP addresses internally, and it doesn’t matter if they are registered, unregistered, or both. This way, your network security is ensured by preventing outside hosts from reaching your internal devices, unless the internal hosts request the connection.
PAT and overlapping networks
PAT (Port Address Translation, also known as overloading, single address NAT and port-level multiplexed NAT) is a subtype of dynamic NAT that introduces a small variation when mapping private IP addresses to public IP addresses obtained from the NAT pool: it assigns a different port to the private IP address. All hosts in the internal network will use the same IP address but a different port.
An overlapping network happens after attributing a public IP address to a host in your internal network, but the address has already been claimed by another device on an external network. For example, networks are overlapped when two companies are merged into one, if both companies use IP address allocation for private networks. In case of overlapping, the router has to resolve the conflicts by keeping track of a lookup table used quickly identify duplicate IP addresses and assign unique ones.
How NAT works with VPN
The goal of a VPN service is to extend a private network across the public Internet in a secure manner by creating an encrypted connection. There are multiple VPN encryption modes available, each having its own rules and conditions for approaching Internet security and connection speed. NAT may be required for linking the private network to the web but applied differently to VPN: NAT translates the IP addresses before the VPN runs its encryption protocol (before the security association validation). The new address remains valid until the connection is removed manually.
VPN NAT for IP address conflicts and masking
VPN NAT can be configured for two purposes: to prevent IP address conflicts and to hide private IP addresses. IP address conflicts can be avoided with dynamic NAT when two merging companies intend to set up VPN connections, which requires them to pick private IP addresses from a given scope. In this case, the VPN NAT can be configured in two ways: if you’re the one making the VPN request, then you have to translate the private IP addresses of your hosts into something else that doesn’t clash with the addresses of the other company. On the other hand, if you’re the one answering to the request made by your partner, then it’s necessary to change the remote addresses into something compliant with your local IP address mappings.
Hiding private IP addresses with VPN NAT comes in handy for masking the real IP address of your system that’s visible to anyone from the public, thus increasing your privacy. To make this happen, you simply swap your current IP address for another one that you wish to remain visible to the outside world. What VPN NAT does is give you the possibility to translate the IP address of each host in your network to something else obtained from a pool of masked addresses. You’re the one responding to the requests made by the remote system, in this case.
If it’s not properly managed, NAT can interfere with VPN encryption protocols and cause problems, like making routers block remote connections. To overcome this, some VPN applications offer support for NAT Traversal (NAT-T), an option designed to automatically detect if NAT is supported on both VPN tunnel endpoints as well as to discover NAT devices on the transmission path. If both these conditions are true and if the VPN uses the IPsec protocol, then the IPsec traffic gets encapsulated within UDP packets, so that it can be processed by NAT during transfer.
NAT-T is also required for P2P file sharing and VoIP tools. There are many kinds of NAT Traversal methods available, such as Socket Secure (SOCKS), Session Traversal Utilities for NAT (STUN), UPnP Internet Gateway Drive Protocol (IGDP), NAT-PMP, and PCP (the successor of NAT-PMP).
Understanding how IP addresses work is key to understanding how VPNs work, since the role of a virtual private network tool is to swap IP addresses while maintaining a high level of security and privacy. Please don’t hesitate to leave us a comment below with your own observations, tips and tricks related to IP addresses and VPNs.