VPN protocols: Wireguard and IPSec
VPN 協議：Wireguard 和 IPSec

A VPN, or virtual private network, is a network security service that changes your public IP address and hides your virtual location so that you can keep your data private when you’re using a public network like the internet. VPNs provide a server that acts as a gateway between a computer and the internet. This server creates a path similar to a virtual tunnel that hides the computer’s IP address and encrypts the data in transit to the internet. The main purpose of a VPN is to create a secure connection between a computer and a network. Additionally, a VPN allows trusted connections to be established on non-trusted networks. VPN protocols determine how the secure network tunnel is formed. Different VPN providers provide different VPN protocols.
VPN，即虛擬私人網路，是一種網路安全服務，可以更改您的公共 IP 地址並隱藏您的虛擬位置，以便您在使用公共網路（如互聯網）時保持數據的隱私。VPN 提供一個伺服器，作為電腦與互聯網之間的網關。這個伺服器創建了一條類似虛擬隧道的路徑，隱藏電腦的 IP 地址並加密傳輸到互聯網的數據。VPN 的主要目的是在電腦和網路之間建立安全連接。此外，VPN 允許在不受信任的網路上建立受信任的連接。VPN 協議決定了安全網路隧道的形成方式。不同的 VPN 供應商提供不同的 VPN 協議。

This reading will cover the differences between remote access and site-to-site VPNs, and two VPN protocols: WireGuard VPN and IPSec VPN. A VPN protocol is similar to a network protocol: It’s a set of rules or instructions that will determine how data moves between endpoints. An endpoint is any device connected on a network. Some examples of endpoints include computers, mobile devices, and servers.
本閱讀材料將涵蓋遠端存取和站點到站點 VPN 之間的差異，以及兩種 VPN 協議：WireGuard VPN 和 IPSec VPN。VPN 協議類似於網路協議：它是一組規則或指令，決定數據如何在端點之間移動。端點是指網路上連接的任何設備。一些端點的例子包括電腦、行動裝置和伺服器。

Remote access and site-to-site VPNs
遠端存取和站點對站點 VPN

Individual users use remote access VPNs to establish a connection between a personal device and a VPN server. Remote access VPNs encrypt data sent or received through a personal device. The connection between the user and the remote access VPN is established through the internet.
個人用戶使用遠端存取 VPN 來建立個人設備與 VPN 伺服器之間的連接。遠端存取 VPN 會加密通過個人設備發送或接收的數據。用戶與遠端存取 VPN 之間的連接是通過互聯網建立的。

Enterprises use site-to-site VPNs largely to extend their network to other networks and locations. This is particularly useful for organizations that have many offices across the globe. IPSec is commonly used in site-to-site VPNs to create an encrypted tunnel between the primary network and the remote network. One disadvantage of site-to-site VPNs is how complex they can be to configure and manage compared to remote VPNs.
企業主要使用站點到站點 VPN 來擴展其網路至其他網路和地點。這對於在全球擁有多個辦公室的組織特別有用。IPSec 通常用於站點到站點 VPN，以在主網路和遠端網路之間創建加密隧道。站點到站點 VPN 的一個缺點是，與遠端 VPN 相比，其配置和管理可能會更為複雜。

WireGuard VPN vs. IPSec VPN
WireGuard VPN 與 IPSec VPN

WireGuard and IPSec are two different VPN protocols used to encrypt traffic over a secure network tunnel. The majority of VPN providers offer a variety of options for VPN protocols, such as WireGuard or IPSec. Ultimately, choosing between IPSec and WireGuard depends on many factors, including connection speeds, compatibility with existing network infrastructure, and business or individual needs.
WireGuard 和 IPSec 是兩種不同的 VPN 協議，用於通過安全的網路隧道加密流量。大多數 VPN 供應商提供多種 VPN 協議選擇，例如 WireGuard 或 IPSec。最終，在 IPSec 和 WireGuard 之間的選擇取決於多種因素，包括連接速度、與現有網路基礎設施的相容性，以及企業或個人的需求。

WireGuard VPN

WireGuard is a high-speed VPN protocol, with advanced encryption, to protect users when they are accessing the internet. It’s designed to be simple to set up and maintain. WireGuard can be used for both site-to-site connection and client-server connections. WireGuard is relatively newer than IPSec, and is used by many people due to the fact that its download speed is enhanced by using fewer lines of code. WireGuard is also open source, which makes it easier for users to deploy and debug. This protocol is useful for processes that require faster download speeds, such as streaming video content or downloading large files.
WireGuard 是一種高速的 VPN 協議，具有先進的加密功能，能夠在用戶訪問互聯網時保護他們的安全。它的設計簡單易於設置和維護。WireGuard 可用於站點到站點連接和客戶端-伺服器連接。WireGuard 相較於 IPSec 是較新的協議，因為使用較少的代碼行來增強下載速度而被許多人使用。WireGuard 也是開源的，這使得用戶更容易部署和調試。此協議對於需要更快下載速度的過程非常有用，例如串流視頻內容或下載大型文件。

IPSec VPN

IPSec is another VPN protocol that may be used to set up VPNs. Most VPN providers use IPSec to encrypt and authenticate data packets in order to establish secure, encrypted connections. Since IPSec is one of the earlier VPN protocols, many operating systems support IPSec from VPN providers.
IPSec 是另一種可用於設置 VPN 的協議。大多數 VPN 提供商使用 IPSec 來加密和驗證數據包，以建立安全的加密連接。由於 IPSec 是較早的 VPN 協議之一，許多操作系統都支持來自 VPN 提供商的 IPSec。

Although IPSec and WireGuard are both VPN protocols, IPSec is older and more complex than WireGuard. Some clients may prefer IPSec due to its longer history of use, extensive security testing, and widespread adoption. However, others may prefer WireGuard because of its potential for better performance and simpler configuration.
雖然 IPSec 和 WireGuard 都是 VPN 協議，但 IPSec 比 WireGuard 更古老且更複雜。一些客戶可能會因為 IPSec 使用歷史悠久、經過廣泛的安全測試以及被廣泛採用而偏好使用 IPSec。然而，其他人可能會因為 WireGuard 具有更好的性能潛力和更簡單的配置而偏好使用 WireGuard。

Key Takeaways  關鍵要點

A VPN protocol is similar to a network protocol: It’s a set of rules or instructions that will determine how data moves between endpoints. There are two types of VPNs: remote access and site-to-site. Remote access VPNs establish a connection between a personal device and a VPN server and encrypt or decrypt data exchanged with a personal device. Enterprises use site-to-site VPNs largely to extend their network to different locations and networks. IPSec can be used to create site-to-site connections and WireGuard can be used for both site-to-site and remote access connections.
VPN 協議類似於網路協議：它是一組規則或指令，決定數據如何在端點之間傳輸。VPN 有兩種類型：遠端存取和站點到站點。遠端存取 VPN 在個人設備和 VPN 伺服器之間建立連接，並加密或解密與個人設備交換的數據。企業主要使用站點到站點 VPN 來擴展其網路至不同地點和網路。IPSec 可用於建立站點到站點連接，而 WireGuard 可用於站點到站點和遠端存取連接。