/
/
When Did VPNs First Start?

When Did VPNs First Start?

Why 1996 is often cited, what happened in 1993 and 1995, and when VPNs became business and consumer tools

VPNs first started to take recognisable form in the early 1990s, not on one universally agreed invention date. An experimental protocol called SwIPe described authenticated and encrypted IP traffic in December 1993. The first published IPsec security architecture followed in August 1995. Commercial PPTP remote access then became important during the mid-1990s, which is why 1996 is so often presented as the year the VPN was invented.

The most accurate answer depends on what you mean by “first VPN”. Use 1993 for an early encrypted IP-layer precursor, 1995 for the first published IPsec architecture, and the mid-1990s for the start of widely deployed commercial remote-access VPNs. The popular one-year answer, 1996, is convenient but incomplete.

This article focuses specifically on the VPN invention date. For the wider development of protocols, corporate networking, consumer privacy services and WireGuard, read our complete history of VPNs.

Earliest clear precursor

1993: SwIPe

John Ioannidis and Matt Blaze described a network-layer protocol that could authenticate and encrypt IP packets between hosts and networks.

Standards milestone

1995: IPsec architecture

RFC 1825 set out security mechanisms for IPv4 and IPv6 and became the architectural starting point for standardised IP-layer VPN security.

Popular answer

1996: commercial PPTP era

Popular timelines commonly use 1996 because PPTP-based remote access became associated with mainstream business computing during this period.

Formal PPTP document

1999: RFC 2637

The informational PPTP specification was published in July 1999 and explicitly said the protocol had been developed by a vendor consortium.

VPN Invention Timeline at a Glance

Several dates can answer “when did VPNs first start?” because a VPN combines older networking ideas with tunnelling, authentication, encryption and remote access. The timeline below separates the technical prehistory from the first technologies that closely resemble modern VPNs.

1969

ARPANET demonstrates packet-switched networking

The first ARPANET host-to-host message was sent on 29 October 1969. ARPANET was not a VPN, but packet-switched networks created the environment in which later overlays, tunnels and internet security protocols could develop.

1970s–1980s

Businesses rely on private circuits and managed networks

Organisations connected offices through leased lines and carrier services. These were private networking solutions, but they were not the internet-based encrypted VPNs normally meant by the term today.

December 1993

SwIPe describes protected IP packets

The experimental swIPe IP Security Protocol provided authentication and confidentiality at the network layer. It is one of the clearest early technical ancestors of secure IP VPNs.

August 1995

The first IPsec security architecture is published

RFC 1825 described security mechanisms for IPv4 and IPv6. Companion specifications covered authentication and encrypted payloads, creating a standard framework for protected IP traffic.

Mid-1990s

PPTP makes remote-access VPNs commercially practical

A vendor consortium developed PPTP to tunnel PPP through IP networks. Its association with mainstream operating systems and dial-up access helped VPNs move into ordinary business use.

July–August 1999

PPTP and L2TP receive published specifications

RFC 2637 documented PPTP in July 1999. RFC 2661 standardised L2TP the following month, providing another method for tunnelling PPP traffic across packet networks.

2001–2002

OpenVPN starts the open-source era

James Yonan started the OpenVPN project in 2001, with its first official public open-source release following in 2002.

Late 2000s–2010s

Consumer VPN services become mainstream

Broadband, public Wi-Fi, smartphones, streaming, censorship concerns and privacy awareness expanded VPN use far beyond corporate remote access.

What Counts as the Moment VPNs First Started?

The answer changes depending on whether you are asking about the idea of a private network, the first secure IP design, the first standardised VPN architecture or the first commercial product ordinary companies could deploy.

Question Best date Why
When did private networking start? Before the internet Businesses used leased circuits and managed data networks long before modern encrypted internet VPNs existed.
When did an early encrypted IP VPN precursor appear? 1993 SwIPe described network-layer authentication and confidentiality for IP packets.
When did standardised IP-layer VPN security start? 1995 RFC 1825 published the first IPsec security architecture.
When did commercial remote-access VPNs start? Mid-1990s PPTP became an accessible business remote-access technology during this period.
Why do websites say the VPN was invented in 1996? 1996 is shorthand It represents PPTP's commercial emergence, but it overlooks SwIPe, early IPsec work and the collaborative nature of PPTP development.
When did consumer VPNs start? Late 2000s onward Personal VPN services expanded as broadband, Wi-Fi, smartphones and online privacy concerns became widespread.

The best one-sentence answer: VPN technology first began taking modern form between 1993 and the mid-1990s, while 1996 is the commonly cited date for the beginning of commercially accessible PPTP-based VPNs.

What Existed Before Internet VPNs?

Before companies could build a secure tunnel across the public internet, they bought private connectivity from telecommunications providers. A leased line created a dedicated circuit between known locations. Later managed technologies, including X.25, Frame Relay and other virtual-circuit services, allowed carriers to share infrastructure while keeping customer traffic logically separated.

These networks solved the same broad business problem that site-to-site VPNs solve today: connecting offices and private systems across distance. They were generally expensive to install, tied to fixed locations and dependent on the carrier's network. Internet VPNs were attractive because an organisation could use a widely available public network as the transport layer and add its own authentication, tunnelling and encryption.

Private leased network

The provider supplies dedicated or managed connectivity. Privacy comes mainly from physical or logical separation rather than an encrypted tunnel controlled by the customer.

Internet VPN

The organisation sends private traffic over shared public infrastructure while a VPN protocol adds tunnelling, authentication and, in secure deployments, encryption.

1993: SwIPe and the First Clear VPN Precursor

One of the strongest candidates for the beginning of modern VPN technology is the swIPe IP Security Protocol, described by John Ioannidis and Matt Blaze in December 1993. SwIPe operated at the network layer and was designed to provide authentication, integrity and confidentiality for IP traffic.

This matters because a modern secure VPN does more than place one packet inside another. It must establish which endpoints are trusted, protect the contents from observation and make tampering detectable. SwIPe explored those requirements at the same layer of the network later addressed by IPsec.

SwIPe was experimental research rather than a mass-market service. There was no app store, no worldwide consumer server network and no one-click location selector. Even so, it shows that protected IP communication was being designed before the date most popular VPN histories use.

The people behind SwIPe are only part of the story. Our separate guide on who invented VPNs explains why no single engineer can accurately be credited with every stage of VPN development.

1995: IPsec Establishes a Standard Security Architecture

In August 1995, the Internet Engineering Task Force published RFC 1825, Security Architecture for the Internet Protocol. Authored by Ran Atkinson, it described security mechanisms for IPv4 and IPv6 and the services those mechanisms should provide.

The architecture was accompanied by specifications for the Authentication Header and Encapsulating Security Payload. Together, these ideas allowed systems to authenticate packet sources, check integrity and encrypt IP payloads. Later RFCs revised the design, but the 1995 documents mark a decisive point in the development of standardised IP-layer VPN security.

IPsec became especially important for site-to-site VPNs connecting offices, data centres and gateways. It was also used for individual remote access. Unlike PPTP, which focused on carrying PPP through an IP network, IPsec was a broader architecture for protecting IP traffic itself.

For that reason, 1995 is arguably the strongest answer when “VPN invention” means the start of a published, standardised architecture for secure IP networking.

Why Is 1996 Called the Year the VPN Was Invented?

The year 1996 appears repeatedly in commercial articles because it is associated with the emergence of the Point-to-Point Tunnelling Protocol. PPTP made it possible to carry PPP sessions through an IP network, supporting a practical client-server model for remote access.

PPTP mattered because it brought VPNs closer to ordinary business users. Instead of reserving secure networking for specialised gateways and research systems, organisations could support employees connecting through familiar desktop operating systems and dial-up infrastructure.

However, several cautions are necessary:

  • PPTP was developed by a vendor consortium, not invented by one person.
  • Experimental protected IP traffic existed before 1996.
  • The first IPsec architecture was already published in 1995.
  • The informational PPTP specification, RFC 2637, was published in July 1999 rather than 1996.
  • PPTP tunnelling and the authentication or encryption used with it are separate components.

So, was the VPN invented in 1996? Only if you are using 1996 as shorthand for the beginning of mainstream commercial PPTP remote access. It is not a complete date for the invention of secure tunnelling or virtual private networking as a whole.

When Were VPNs First Used by Businesses?

Businesses began adopting internet-based remote-access and site-to-site VPNs during the mid-to-late 1990s. The timing varied because organisations had different operating systems, internet connections, security requirements and existing private-network contracts.

The first major business use was not streaming, anonymous browsing or changing a user's apparent country. It was connecting employees and offices to private company systems without buying a dedicated circuit for every user or location.

Remote-access VPNs

A remote employee connected to a VPN server or gateway, authenticated and received access to internal systems. Business traffic then passed through a protected tunnel over the employee's ordinary internet or dial-up connection. This model became important for travelling staff, home workers, contractors and administrators.

Site-to-site VPNs

Network gateways created persistent tunnels between branch offices, headquarters and data centres. Employees did not necessarily launch a separate VPN client because the gateways handled the protected connection. IPsec became one of the defining technologies for this use.

Why businesses adopted them

  • Internet connections were easier to obtain than private circuits in many locations.
  • Remote employees could reach internal systems without being physically present.
  • Branch offices could be added more flexibly.
  • Encryption reduced the risk of exposing private traffic across shared networks.
  • Central gateways allowed organisations to apply authentication and access policy.

Early business VPNs were often difficult to configure. Administrators had to coordinate addresses, routes, keys, authentication methods, firewall rules and compatible client software. Modern apps hide much of this complexity, but the underlying functions remain recognisable.

When Did Consumer VPNs First Start?

Consumer VPN services appeared later than corporate VPNs. Personal services began expanding through the late 2000s and became much more visible during the 2010s. There is no single launch date for the entire consumer VPN industry because different providers, proxy tools and privacy networks developed independently.

Several changes made personal VPNs practical:

  • Always-on home broadband replaced slow dial-up connections.
  • Public Wi-Fi made local-network security a visible concern.
  • OpenVPN gave providers a mature cross-platform open-source protocol.
  • Smartphones turned VPN clients into everyday mobile apps.
  • Streaming services and region-based licensing increased demand for location choice.
  • Internet censorship and surveillance disclosures increased public interest in encrypted connections.

By the 2010s, the phrase “VPN” increasingly referred to a subscription privacy service rather than only a corporate connection. This shift changed how VPNs were advertised: secure public Wi-Fi, reduced ISP visibility, a replacement public IP address and access while travelling became central consumer messages.

A consumer VPN is still not the same as anonymity. The VPN provider becomes an important trust point, while cookies, account logins, browser fingerprinting and malware can identify a user independently of the public IP address.

How Did the First VPNs Work Compared With Modern VPNs?

The first commercial remote-access VPNs and today's consumer apps share a basic sequence: establish a tunnel, authenticate the endpoints, apply routes and carry private traffic through the connection. The differences lie in security design, automation, speed, mobility and user experience.

Feature Early commercial VPNs Modern VPN services
Typical purpose Employee or office access to private company systems Business access, consumer privacy, public Wi-Fi security, travel and location choice
Connection environment Dial-up and early fixed internet connections Fibre, cable, 5G, Wi-Fi, cloud networks and mobile roaming
Protocols PPTP and early IPsec implementations IPsec/IKEv2, OpenVPN, WireGuard and provider-specific adaptations
Cryptography Older designs, smaller keys and combinations now considered unsafe Authenticated encryption, modern key exchange and stronger default configurations
User experience Manual configuration and administrator support One-click apps, automatic server choice, kill switches and leak protection
Mobility Designed mainly for relatively stable desktop connections Fast recovery when moving between Wi-Fi and mobile networks

Our interactive guide to how a VPN works shows how a modern device establishes a tunnel, sends encrypted traffic to a VPN server and reaches the wider internet.

Common Mistakes About the VPN Invention Date

“The VPN was definitely invented in 1996.”
More accurate: 1996 is a common shorthand for commercial PPTP adoption. SwIPe appeared in 1993 and the first IPsec architecture was published in 1995.
“Microsoft alone invented VPN technology.”
More accurate: Microsoft helped commercialise PPTP, but RFC 2637 says the protocol was developed by a vendor consortium, and other researchers created earlier IP security systems.
“ARPANET was the first VPN.”
More accurate: ARPANET was a foundational packet-switched research network. It was not an encrypted consumer or business VPN service.
“PPTP was secure because it was a VPN protocol.”
More accurate: A tunnel does not guarantee strong security. Common PPTP deployments relied on authentication and encryption combinations that later proved weak.
“Consumer VPNs existed from the beginning.”
More accurate: Early VPN adoption was primarily corporate. The mass-market privacy-service model developed much later.
VPN invention date timeline showing early network security, IPsec, PPTP and modern VPN technology
There is no single VPN invention date: the strongest milestones are SwIPe in 1993, the IPsec architecture in 1995 and commercial PPTP adoption in the mid-1990s.

What Happened After the First Commercial VPNs?

PPTP helped establish remote access, but its security limitations became increasingly difficult to ignore. The VPN industry moved towards stronger and more flexible protocols.

1999: L2TP

RFC 2661 standardised the Layer Two Tunnelling Protocol. L2TP carries PPP traffic but does not provide encryption by itself, so secure deployments normally combine it with IPsec.

2001–2002: OpenVPN

James Yonan started OpenVPN in 2001, followed by its first official public open-source release in 2002. OpenVPN used the TLS and OpenSSL ecosystem, supported TCP and UDP, and worked across operating systems. It became a major protocol for both enterprises and consumer VPN providers.

2005: updated IPsec and IKEv2

RFC 4301 updated the IPsec architecture, while IKEv2 improved the negotiation of keys and security associations. IKEv2 later became popular on mobile devices because it can recover effectively when network conditions change.

2020: WireGuard enters mainline Linux

WireGuard brought a smaller codebase, a focused set of modern cryptographic primitives and straightforward public-key peer configuration. Its inclusion in Linux 5.6 in 2020 accelerated adoption by operating systems, routers and commercial VPN services.

The next phase is likely to combine modern VPN tunnels with identity-aware access, better obfuscation and post-quantum key establishment. Our guide to the future of VPNs examines those changes in more detail.

Final Answer: What Year Did VPNs First Start?

VPNs first started taking modern technical form in 1993, when SwIPe described protected IP traffic. Standardised IP-layer security followed with the first IPsec architecture in 1995. Commercial remote-access VPNs became practical in the mid-1990s through PPTP, which is why 1996 is often quoted as the invention year.

Therefore, the best answer is not one date but a sequence:

  • 1993: an early encrypted IP-layer VPN precursor.
  • 1995: the first published IPsec security architecture.
  • Mid-1990s: commercial PPTP remote access begins spreading.
  • 1996: the popular simplified answer, useful only with context.
  • Late 2000s onward: consumer VPN subscriptions begin moving into the mainstream.

Anyone asking “when was the VPN invented?” should be told that 1996 marks a commercial milestone, not the beginning of every technology that made VPNs possible.

Primary Sources Used to Verify the Dates

The key dates were checked against original protocol documents and official project histories.

Martin Needs, cybersecurity reviewer

Reviewed by Martin Needs

Director at NeedSec LTD and Lead Technical Assessor for FindCheapVPNs. Martin reviews VPN claims against original protocol documents, technical standards and practical network-security considerations.