In this article in our series “ECOVIS Tech-Tips”, we look into the possibilities of virtual private networking (VPN), review technical details and shed light on legal issues this technology faces in both China and the EU.

So what are Virtual Private Networks or VPNs? In essence, a VPN is nothing more than a fully encrypted connection between two remote computers, with one computer acting as the VPN-server and the other acting as the VPN-client. Network traffic can than be send over this connection to the remote client, enabling the client to use the Internet connection and network resources (Network Storage etc.) of the server.

This makes VPN a very attractive method of connecting different branches of a business together, or giving employees who work at home or on out-of-office assignments a means to connect to company resources securely.

IT security through network segmentation

In general, there are three technologies available to create a VPN today, IPSec, SSL, and PPTP.

PPTP is the least desirable of the three, as its encryption is widely viewed as to weak and insecure to meet business usage requirements. It is however still utilized by people who stream multimedia content across borders.

IPSec is a bit tricky to set up, necessitating specific configurations for each operating system. SSL-VPNs can generally be created with a unified configuration for different systems. A popular software that utilizes SSL is OpenVPN.

A promising new approach to VPN-networking is WireGuard. This lightweight protocol is easy to configure and offers high bandwidths due to its limited amount of code. However, WireGuard is currently still in beta status, making it not yet a ready sublimate for IPSec and OpenVPN, though it should definitely be on your horizon for the coming years.

Coming back to the current challenges of VPN-Setup, you not only have to consider the technical setup, but also the legal implications of using such a system.

Due to the fact that VPNs create a fully encrypted point-to-point connection, they can be utilized to circumvent internet controls, as the de-facto access to the World Wide Web is done through the VPN server, only subjecting the traffic to the controls of the country the server is located in.

In light of this function, there are a number of legal issues to consider when using VPN, especially if a VPN-connection out of China should be established.

For one thing, VPN need to run through an officially authorized gateway, provided by one of China’s big three state-owned telecommunication service providers.

In addition, VPN-connections tend to vary in performance, especially during sensitive events when internet traffic controls in China are much more stringent.

In the months before the passage of the Chinese Cybersecurity Law many western media outlets feared that China would outright ban every VPN connections that had not been officially approved. So far, this fear has not materialized, probably due to the substantial disruptions in the Chinese economy such a ban would cause. However, Chinese authorities are currently busy drafting additional regulations and further restrictions on the usage of virtual private networking are likely. Hence it is crucial to keep a close look on the changes in the legal landscape to ensure that a your systems are up and running and compliant with current requirements.

So what should you consider before you set up a VPN? The answer to this questions varies depending on what you intend to use the VPN for. Should it be a simple point-to-point connection, should it be used only for file exchanges, or also for research purposes? Do you want to host the system yourself or use a third party? You should consider these and other questions before setting up your VPN system.

Need advice on these issues? We at ECOVIS Beijing got you covered. Feel free to contact us.