When Did VPNs First Start?
Why 1996 is often cited, what happened in 1993 and 1995, and when VPNs became business and consumer tools
VPNs first started to take recognisable form in the early 1990s, not on one universally agreed invention date. An experimental protocol called SwIPe described authenticated and encrypted IP traffic in December 1993. The first published IPsec security architecture followed in August 1995. Commercial PPTP remote access then became important during the mid-1990s, which is why 1996 is so often presented as the year the VPN was invented.
The most accurate answer depends on what you mean by “first VPN”. Use 1993 for an early encrypted IP-layer precursor, 1995 for the first published IPsec architecture, and the mid-1990s for the start of widely deployed commercial remote-access VPNs. The popular one-year answer, 1996, is convenient but incomplete.
This article focuses specifically on the VPN invention date. For the wider development of protocols, corporate networking, consumer privacy services and WireGuard, read our complete history of VPNs.
1993: SwIPe
John Ioannidis and Matt Blaze described a network-layer protocol that could authenticate and encrypt IP packets between hosts and networks.
1995: IPsec architecture
RFC 1825 set out security mechanisms for IPv4 and IPv6 and became the architectural starting point for standardised IP-layer VPN security.
1996: commercial PPTP era
Popular timelines commonly use 1996 because PPTP-based remote access became associated with mainstream business computing during this period.
1999: RFC 2637
The informational PPTP specification was published in July 1999 and explicitly said the protocol had been developed by a vendor consortium.
VPN Invention Timeline at a Glance
Several dates can answer “when did VPNs first start?” because a VPN combines older networking ideas with tunnelling, authentication, encryption and remote access. The timeline below separates the technical prehistory from the first technologies that closely resemble modern VPNs.
ARPANET demonstrates packet-switched networking
The first ARPANET host-to-host message was sent on 29 October 1969. ARPANET was not a VPN, but packet-switched networks created the environment in which later overlays, tunnels and internet security protocols could develop.
Businesses rely on private circuits and managed networks
Organisations connected offices through leased lines and carrier services. These were private networking solutions, but they were not the internet-based encrypted VPNs normally meant by the term today.
SwIPe describes protected IP packets
The experimental swIPe IP Security Protocol provided authentication and confidentiality at the network layer. It is one of the clearest early technical ancestors of secure IP VPNs.
The first IPsec security architecture is published
RFC 1825 described security mechanisms for IPv4 and IPv6. Companion specifications covered authentication and encrypted payloads, creating a standard framework for protected IP traffic.
PPTP makes remote-access VPNs commercially practical
A vendor consortium developed PPTP to tunnel PPP through IP networks. Its association with mainstream operating systems and dial-up access helped VPNs move into ordinary business use.
PPTP and L2TP receive published specifications
RFC 2637 documented PPTP in July 1999. RFC 2661 standardised L2TP the following month, providing another method for tunnelling PPP traffic across packet networks.
OpenVPN starts the open-source era
James Yonan started the OpenVPN project in 2001, with its first official public open-source release following in 2002.
Consumer VPN services become mainstream
Broadband, public Wi-Fi, smartphones, streaming, censorship concerns and privacy awareness expanded VPN use far beyond corporate remote access.
What Counts as the Moment VPNs First Started?
The answer changes depending on whether you are asking about the idea of a private network, the first secure IP design, the first standardised VPN architecture or the first commercial product ordinary companies could deploy.
| Question | Best date | Why |
|---|---|---|
| When did private networking start? | Before the internet | Businesses used leased circuits and managed data networks long before modern encrypted internet VPNs existed. |
| When did an early encrypted IP VPN precursor appear? | 1993 | SwIPe described network-layer authentication and confidentiality for IP packets. |
| When did standardised IP-layer VPN security start? | 1995 | RFC 1825 published the first IPsec security architecture. |
| When did commercial remote-access VPNs start? | Mid-1990s | PPTP became an accessible business remote-access technology during this period. |
| Why do websites say the VPN was invented in 1996? | 1996 is shorthand | It represents PPTP's commercial emergence, but it overlooks SwIPe, early IPsec work and the collaborative nature of PPTP development. |
| When did consumer VPNs start? | Late 2000s onward | Personal VPN services expanded as broadband, Wi-Fi, smartphones and online privacy concerns became widespread. |
The best one-sentence answer: VPN technology first began taking modern form between 1993 and the mid-1990s, while 1996 is the commonly cited date for the beginning of commercially accessible PPTP-based VPNs.
What Existed Before Internet VPNs?
Before companies could build a secure tunnel across the public internet, they bought private connectivity from telecommunications providers. A leased line created a dedicated circuit between known locations. Later managed technologies, including X.25, Frame Relay and other virtual-circuit services, allowed carriers to share infrastructure while keeping customer traffic logically separated.
These networks solved the same broad business problem that site-to-site VPNs solve today: connecting offices and private systems across distance. They were generally expensive to install, tied to fixed locations and dependent on the carrier's network. Internet VPNs were attractive because an organisation could use a widely available public network as the transport layer and add its own authentication, tunnelling and encryption.
Private leased network
The provider supplies dedicated or managed connectivity. Privacy comes mainly from physical or logical separation rather than an encrypted tunnel controlled by the customer.
Internet VPN
The organisation sends private traffic over shared public infrastructure while a VPN protocol adds tunnelling, authentication and, in secure deployments, encryption.
1993: SwIPe and the First Clear VPN Precursor
One of the strongest candidates for the beginning of modern VPN technology is the swIPe IP Security Protocol, described by John Ioannidis and Matt Blaze in December 1993. SwIPe operated at the network layer and was designed to provide authentication, integrity and confidentiality for IP traffic.
This matters because a modern secure VPN does more than place one packet inside another. It must establish which endpoints are trusted, protect the contents from observation and make tampering detectable. SwIPe explored those requirements at the same layer of the network later addressed by IPsec.
SwIPe was experimental research rather than a mass-market service. There was no app store, no worldwide consumer server network and no one-click location selector. Even so, it shows that protected IP communication was being designed before the date most popular VPN histories use.
The people behind SwIPe are only part of the story. Our separate guide on who invented VPNs explains why no single engineer can accurately be credited with every stage of VPN development.
1995: IPsec Establishes a Standard Security Architecture
In August 1995, the Internet Engineering Task Force published RFC 1825, Security Architecture for the Internet Protocol. Authored by Ran Atkinson, it described security mechanisms for IPv4 and IPv6 and the services those mechanisms should provide.
The architecture was accompanied by specifications for the Authentication Header and Encapsulating Security Payload. Together, these ideas allowed systems to authenticate packet sources, check integrity and encrypt IP payloads. Later RFCs revised the design, but the 1995 documents mark a decisive point in the development of standardised IP-layer VPN security.
IPsec became especially important for site-to-site VPNs connecting offices, data centres and gateways. It was also used for individual remote access. Unlike PPTP, which focused on carrying PPP through an IP network, IPsec was a broader architecture for protecting IP traffic itself.
For that reason, 1995 is arguably the strongest answer when “VPN invention” means the start of a published, standardised architecture for secure IP networking.
Why Is 1996 Called the Year the VPN Was Invented?
The year 1996 appears repeatedly in commercial articles because it is associated with the emergence of the Point-to-Point Tunnelling Protocol. PPTP made it possible to carry PPP sessions through an IP network, supporting a practical client-server model for remote access.
PPTP mattered because it brought VPNs closer to ordinary business users. Instead of reserving secure networking for specialised gateways and research systems, organisations could support employees connecting through familiar desktop operating systems and dial-up infrastructure.
However, several cautions are necessary:
- PPTP was developed by a vendor consortium, not invented by one person.
- Experimental protected IP traffic existed before 1996.
- The first IPsec architecture was already published in 1995.
- The informational PPTP specification, RFC 2637, was published in July 1999 rather than 1996.
- PPTP tunnelling and the authentication or encryption used with it are separate components.
So, was the VPN invented in 1996? Only if you are using 1996 as shorthand for the beginning of mainstream commercial PPTP remote access. It is not a complete date for the invention of secure tunnelling or virtual private networking as a whole.
When Were VPNs First Used by Businesses?
Businesses began adopting internet-based remote-access and site-to-site VPNs during the mid-to-late 1990s. The timing varied because organisations had different operating systems, internet connections, security requirements and existing private-network contracts.
The first major business use was not streaming, anonymous browsing or changing a user's apparent country. It was connecting employees and offices to private company systems without buying a dedicated circuit for every user or location.
Remote-access VPNs
A remote employee connected to a VPN server or gateway, authenticated and received access to internal systems. Business traffic then passed through a protected tunnel over the employee's ordinary internet or dial-up connection. This model became important for travelling staff, home workers, contractors and administrators.
Site-to-site VPNs
Network gateways created persistent tunnels between branch offices, headquarters and data centres. Employees did not necessarily launch a separate VPN client because the gateways handled the protected connection. IPsec became one of the defining technologies for this use.
Why businesses adopted them
- Internet connections were easier to obtain than private circuits in many locations.
- Remote employees could reach internal systems without being physically present.
- Branch offices could be added more flexibly.
- Encryption reduced the risk of exposing private traffic across shared networks.
- Central gateways allowed organisations to apply authentication and access policy.
Early business VPNs were often difficult to configure. Administrators had to coordinate addresses, routes, keys, authentication methods, firewall rules and compatible client software. Modern apps hide much of this complexity, but the underlying functions remain recognisable.
When Did Consumer VPNs First Start?
Consumer VPN services appeared later than corporate VPNs. Personal services began expanding through the late 2000s and became much more visible during the 2010s. There is no single launch date for the entire consumer VPN industry because different providers, proxy tools and privacy networks developed independently.
Several changes made personal VPNs practical:
- Always-on home broadband replaced slow dial-up connections.
- Public Wi-Fi made local-network security a visible concern.
- OpenVPN gave providers a mature cross-platform open-source protocol.
- Smartphones turned VPN clients into everyday mobile apps.
- Streaming services and region-based licensing increased demand for location choice.
- Internet censorship and surveillance disclosures increased public interest in encrypted connections.
By the 2010s, the phrase “VPN” increasingly referred to a subscription privacy service rather than only a corporate connection. This shift changed how VPNs were advertised: secure public Wi-Fi, reduced ISP visibility, a replacement public IP address and access while travelling became central consumer messages.
A consumer VPN is still not the same as anonymity. The VPN provider becomes an important trust point, while cookies, account logins, browser fingerprinting and malware can identify a user independently of the public IP address.
How Did the First VPNs Work Compared With Modern VPNs?
The first commercial remote-access VPNs and today's consumer apps share a basic sequence: establish a tunnel, authenticate the endpoints, apply routes and carry private traffic through the connection. The differences lie in security design, automation, speed, mobility and user experience.
| Feature | Early commercial VPNs | Modern VPN services |
|---|---|---|
| Typical purpose | Employee or office access to private company systems | Business access, consumer privacy, public Wi-Fi security, travel and location choice |
| Connection environment | Dial-up and early fixed internet connections | Fibre, cable, 5G, Wi-Fi, cloud networks and mobile roaming |
| Protocols | PPTP and early IPsec implementations | IPsec/IKEv2, OpenVPN, WireGuard and provider-specific adaptations |
| Cryptography | Older designs, smaller keys and combinations now considered unsafe | Authenticated encryption, modern key exchange and stronger default configurations |
| User experience | Manual configuration and administrator support | One-click apps, automatic server choice, kill switches and leak protection |
| Mobility | Designed mainly for relatively stable desktop connections | Fast recovery when moving between Wi-Fi and mobile networks |
Our interactive guide to how a VPN works shows how a modern device establishes a tunnel, sends encrypted traffic to a VPN server and reaches the wider internet.
Common Mistakes About the VPN Invention Date
What Happened After the First Commercial VPNs?
PPTP helped establish remote access, but its security limitations became increasingly difficult to ignore. The VPN industry moved towards stronger and more flexible protocols.
1999: L2TP
RFC 2661 standardised the Layer Two Tunnelling Protocol. L2TP carries PPP traffic but does not provide encryption by itself, so secure deployments normally combine it with IPsec.
2001–2002: OpenVPN
James Yonan started OpenVPN in 2001, followed by its first official public open-source release in 2002. OpenVPN used the TLS and OpenSSL ecosystem, supported TCP and UDP, and worked across operating systems. It became a major protocol for both enterprises and consumer VPN providers.
2005: updated IPsec and IKEv2
RFC 4301 updated the IPsec architecture, while IKEv2 improved the negotiation of keys and security associations. IKEv2 later became popular on mobile devices because it can recover effectively when network conditions change.
2020: WireGuard enters mainline Linux
WireGuard brought a smaller codebase, a focused set of modern cryptographic primitives and straightforward public-key peer configuration. Its inclusion in Linux 5.6 in 2020 accelerated adoption by operating systems, routers and commercial VPN services.
The next phase is likely to combine modern VPN tunnels with identity-aware access, better obfuscation and post-quantum key establishment. Our guide to the future of VPNs examines those changes in more detail.
Final Answer: What Year Did VPNs First Start?
VPNs first started taking modern technical form in 1993, when SwIPe described protected IP traffic. Standardised IP-layer security followed with the first IPsec architecture in 1995. Commercial remote-access VPNs became practical in the mid-1990s through PPTP, which is why 1996 is often quoted as the invention year.
Therefore, the best answer is not one date but a sequence:
- 1993: an early encrypted IP-layer VPN precursor.
- 1995: the first published IPsec security architecture.
- Mid-1990s: commercial PPTP remote access begins spreading.
- 1996: the popular simplified answer, useful only with context.
- Late 2000s onward: consumer VPN subscriptions begin moving into the mainstream.
Anyone asking “when was the VPN invented?” should be told that 1996 marks a commercial milestone, not the beginning of every technology that made VPNs possible.
Primary Sources Used to Verify the Dates
The key dates were checked against original protocol documents and official project histories.
- DARPA: ARPANET and the first host-to-host message, 29 October 1969
- Ioannidis and Blaze: The swIPe IP Security Protocol, December 1993
- RFC 1825: Security Architecture for the Internet Protocol, August 1995
- RFC 2637: Point-to-Point Tunnelling Protocol, July 1999
- RFC 2661: Layer Two Tunnelling Protocol, August 1999
- RFC 4301: Security Architecture for the Internet Protocol, December 2005
- OpenVPN official project timeline
- WireGuard official project documentation