History of VPNs: The Complete VPN Timeline
From early IP security and corporate remote access to OpenVPN, WireGuard and the rise of consumer VPN services
VPNs were not invented by one person on one exact date. The technology grew out of several overlapping ideas: private wide-area networks, packet tunnelling, cryptographic authentication, encrypted IP traffic and remote access over the public internet.
An experimental protocol called SwIPe described IP-layer confidentiality and authentication in 1993. The first published IPsec security architecture followed in 1995. PPTP became one of the earliest widely deployed commercial remote-access VPN protocols in the mid-1990s, with its informational specification later published as RFC 2637 in 1999. OpenVPN brought a practical open-source option in the early 2000s, while WireGuard modernised VPN design with a smaller codebase and mainline Linux support in 2020.
If you need the basic definition first, start with our guide to what VPN stands for. This guide explains the VPN history timeline, who contributed to the technologies now described as virtual private networks, why businesses adopted them first and how consumer VPN services became mainstream. For likely next steps in secure access, see our full guide to the future of VPNs.
There is no single year
Useful milestones include SwIPe in 1993, the first IPsec architecture in 1995, commercial PPTP development in the mid-1990s and the PPTP and L2TP RFCs in 1999.
PPTP
PPTP is often described as the first widely adopted commercial remote-access VPN protocol, especially for dial-up and Windows environments. Earlier IP security research and standards work came first.
OpenVPN
James Yonan started the OpenVPN project in 2001, with the first official public release following in 2002. Its open-source model, cross-platform support and use of TLS helped it become a major enterprise and consumer VPN protocol.
WireGuard in Linux 5.6
WireGuard entered the mainline Linux kernel in 2020, accelerating adoption of its smaller design, modern cryptography and roaming-friendly approach.
VPN history timeline: key events from 1969 to 2026
This VPN timeline brings together the main milestones in virtual private network history. Some dates refer to research or publication, while others mark commercial adoption or wider operating-system support.
ARPANET sends its first host-to-host message
Packet switching and distributed networking create part of the technical background for later overlay networks and internet tunnelling. ARPANET itself is not a VPN.
Private WANs and carrier networks expand
Businesses connect offices through leased lines and managed data services. These private networks establish the business need that internet-based VPNs later address more flexibly.
SwIPe describes IP-layer security
John Ioannidis and Matt Blaze publish an experimental design for authenticating and encrypting IP packets, providing an early milestone in encrypted tunnel history.
The first IPsec architecture is published
RFC 1825 defines security mechanisms for IPv4 and IPv6. This architecture becomes the foundation for later IPsec revisions and many enterprise VPN deployments.
PPTP enters commercial remote access
A vendor consortium develops PPTP, and support in widely used operating systems helps make remote-access VPNs practical for ordinary businesses.
IPsec architecture is substantially revised
RFC 2401 replaces the 1995 architecture and is accompanied by updated Authentication Header and Encapsulating Security Payload specifications.
PPTP and L2TP specifications are published
RFC 2637 documents PPTP in July. RFC 2661 standardises L2TP in August. L2TP becomes commonly paired with IPsec because L2TP does not provide encryption on its own.
An IETF framework describes IP-based VPN types
RFC 2764 discusses virtual private networks running across IP backbones, including different models and mechanisms for building VPN services.
OpenVPN begins
James Yonan starts the project in 2001, and the first open-source version follows in 2002. OpenVPN becomes a major cross-platform and consumer VPN protocol.
Modern IPsec and IKEv2 arrive
RFC 4301 replaces the 1998 IPsec architecture, while IKEv2 provides a more streamlined method for negotiating security associations and keys.
Consumer VPN services expand
Broadband, laptops, public Wi-Fi and global web services increase demand for personal encrypted tunnels and IP address changes.
VPNs become associated with censorship resistance and privacy
Political internet restrictions and surveillance disclosures increase awareness of VPNs outside traditional corporate IT.
WireGuard development begins
Jason A. Donenfeld develops a simpler Layer 3 VPN tunnel built around modern cryptographic primitives and public-key configuration.
WireGuard enters Linux 5.6
Mainline Linux support accelerates adoption across servers, routers, operating systems and consumer VPN providers. The same year, remote work puts secure access under unprecedented operational pressure.
NIST finalises its first post-quantum standards
FIPS 203 standardises ML-KEM for key establishment, while FIPS 204 and FIPS 205 cover post-quantum digital signatures. VPN migration remains gradual and implementation-specific.
VPNs enter the post-quantum migration and zero-trust era
Providers and enterprises test hybrid key exchange, improve protocol obfuscation and combine VPN tunnels with identity-aware access, device posture and cloud security controls.
The origins of VPN technology before the first VPN
The origins of VPN technology go back further than the phrase virtual private network. Before organisations could build encrypted tunnels across the internet, they connected offices with private leased lines and carrier-managed networks. Those links offered controlled access, but they were costly, slow to change and difficult to scale.
Packet-switched research networks created the environment in which tunnelling and network-security ideas could mature. ARPANET sent its first host-to-host message in 1969 and helped prove that data could move across a distributed network in packets. However, ARPANET was not a VPN, and it did not provide the encrypted consumer privacy tunnel people associate with a modern VPN service.
Private networks
Early organisations connected sites with leased circuits, X.25 services, Frame Relay and other private or provider-managed links. The goal was controlled connectivity between known locations, not hiding a consumer's public IP address.
Virtual circuits and overlays
Network services began creating logical paths over shared infrastructure. That idea — a virtual network carried over another network — became central to later site-to-site VPNs and provider-provisioned VPN services.
Tunnelling
A tunnel encapsulates one packet or protocol inside another so it can cross an intervening network. Tunnelling is a core VPN technique, but a tunnel is not necessarily encrypted unless a security protocol adds confidentiality and authentication.
Cryptographic protection
Encryption, integrity checks, authentication and key exchange turned basic tunnels into secure tunnels that could carry private traffic across an untrusted public network.
When was the VPN invented?
People researching when VPNs first started often come across 1996. That year is useful shorthand for the rise of commercial PPTP-based remote access, but it oversimplifies the story. Secure tunnelling developed through research, standards work and commercial products over several years.
1993: SwIPe and early IP security
In December 1993, John Ioannidis and Matt Blaze described the swIPe IP Security Protocol. SwIPe was an experimental network-layer design for adding authentication and confidentiality to IP traffic. It was not a mass-market consumer VPN, but it is an important milestone in encrypted IP communication and a clear predecessor to later IPsec work.
1995: The first IPsec security architecture
RFC 1825, published in August 1995 and authored by Ran Atkinson, described security mechanisms for IPv4 and IPv6 at the IP layer. Companion specifications covered the Authentication Header and Encapsulating Security Payload. The architecture was revised by RFC 2401 in 1998 and then by the current core architecture in RFC 4301 in 2005.
Mid-1990s: PPTP becomes commercially important
The Point-to-Point Tunnelling Protocol was developed by a vendor consortium that included Microsoft and other networking companies. PPTP carried PPP through an IP network and supported remote-access VPN deployments. It became closely associated with Windows dial-up networking and is why many popular accounts say the VPN was invented in 1996.
The most accurate wording is that PPTP emerged commercially in the mid-1990s and was documented in RFC 2637 in July 1999. RFC 2637 states that the protocol was developed by a vendor consortium and published for information, rather than as an IETF standards-track protocol.
Best answer: VPN technology developed across the early and mid-1990s rather than arriving on a single day. SwIPe appeared in 1993, the first IPsec architecture arrived in 1995, and PPTP became the first widely adopted commercial remote-access VPN protocol in the years that followed.
History of VPN protocols: from PPTP and IPsec to OpenVPN and WireGuard
The evolution of VPN protocols shows a constant balance between compatibility, security, speed, simplicity and the ability to work on restrictive networks. The table below summarises the most important stages in VPN protocol history.
| Protocol or technology | Historical milestone | Why it mattered | Position today |
|---|---|---|---|
| SwIPe | 1993 experimental draft | Early IP-layer authentication and confidentiality research showing how individual IP packets could be protected. | Historical precursor |
| IPsec | Initial architecture in 1995; major revisions in 1998 and 2005 | Created a standard framework for protecting IP-layer traffic with security associations, authentication and encrypted payloads. | Still widely used |
| PPTP | Commercial use in the mid-1990s; RFC 2637 in 1999 | Made remote-access VPN deployment easier on widely used desktop systems and helped establish VPNs as a practical business tool. | Obsolete for secure use |
| L2TP | RFC 2661 in 1999 | Standardised Layer 2 tunnelling of PPP traffic. L2TP itself does not provide encryption, so it is commonly paired with IPsec. | Legacy but still supported |
| MPLS and provider VPNs | Late 1990s and early 2000s | Allowed carriers to provide scalable Layer 2 and Layer 3 virtual private networks across shared backbones for business customers. | Important in enterprise networking |
| OpenVPN | Project started in 2001; first official public release in 2002 | Offered an open, cross-platform VPN using TLS, certificates and TCP or UDP transport. It became a foundation for many commercial VPN services. | Secure and widely deployed |
| SSL/TLS VPNs | Expanded through the 2000s | Made browser-based and application-level remote access easier, particularly where installing a full network client was impractical. | Common in business access |
| IKEv2/IPsec | Standardised in 2005 and revised in 2014 | Improved IPsec negotiation and became valued on mobile devices because connections can recover efficiently when networks change. | Modern mainstream option |
| SSTP | Introduced in the Windows Vista era | Carried VPN traffic over TLS on TCP port 443, helping connections pass through networks that blocked older tunnelling protocols. | Mostly Windows-focused |
| WireGuard | Developed in the mid-2010s; Linux 5.6 in 2020 | Used a deliberately small design, modern cryptography and public-key peer configuration to simplify secure network tunnels. | Leading modern protocol |
PPTP history: fast adoption, weak long-term security
PPTP helped move VPNs from specialist network projects into everyday corporate remote access. It was relatively simple, fast on the hardware of its era and integrated with popular operating systems. Its long-term problem was not tunnelling itself, but the security of common PPTP deployments, especially Microsoft Point-to-Point Encryption combined with MS-CHAP authentication. Those designs now have serious, well-documented weaknesses, so PPTP should not be used for modern privacy or business security.
IPsec history: the long-lived enterprise foundation
IPsec became one of the most important technologies in the history of site-to-site VPNs. Rather than defining only one tunnel, it provides an architecture for security associations, policy, authentication and encrypted IP payloads. IPsec can operate in transport mode or tunnel mode and is used for gateway-to-gateway links, remote access and many enterprise products.
Its flexibility is also a source of complexity. Real deployments must coordinate algorithms, key exchange, identity, policy and network address translation. IKE and later IKEv2 improved how peers negotiate those settings and establish keys.
L2TP history: tunnelling paired with IPsec
Layer Two Tunnelling Protocol was published as an IETF standards-track protocol in August 1999. L2TP can carry PPP sessions across an intervening network, but it does not encrypt traffic by itself. The familiar term L2TP/IPsec describes the combination in which L2TP handles the tunnel and IPsec supplies confidentiality, integrity and authentication.
OpenVPN history: open source changes trust and portability
James Yonan started the OpenVPN project in 2001, with the first official public release following in 2002. OpenVPN used the established TLS and OpenSSL ecosystem and could carry traffic over UDP or TCP. It supported routed and bridged configurations, certificates, pre-shared keys and many operating systems.
OpenVPN mattered in consumer VPN history for more than encryption strength. Its public source code could be inspected, modified and packaged by different providers. It also worked across network conditions that caused problems for some older protocols, making it a common default for commercial VPN services throughout the 2000s and 2010s.
WireGuard history: a smaller modern tunnel
Security researcher Jason A. Donenfeld created WireGuard as a general-purpose Layer 3 VPN. Its design associates a peer's public key with allowed tunnel IP addresses and uses a focused set of modern cryptographic primitives. The project aimed to be easier to configure and audit than much larger IPsec or TLS-based implementations.
WireGuard became a major VPN history milestone when it entered the mainline Linux kernel in version 5.6, released in March 2020. It is now cross-platform and widely used directly or as the basis for provider-specific protocols. Providers may add identity systems, privacy-preserving address management, obfuscation or post-quantum key agreement around the core WireGuard tunnel.
Who invented the VPN? Key people and groups in VPN history
The question who invented VPNs has no accurate one-name answer. Different people, companies, standards groups and open-source communities created the research protocols, commercial tunnels, implementations and cryptographic designs that make up today's virtual private networks.
John Ioannidis and Matt Blaze
They described SwIPe in 1993, an experimental IP security protocol that added authentication and confidentiality at the network layer. Their work belongs near the beginning of any detailed VPN technology history.
Ran Atkinson and the IPsec community
Atkinson authored RFC 1825, the 1995 security architecture for IP. Later IETF work revised and expanded the architecture into the IPsec standards used across enterprise networks.
The PPTP vendor consortium
PPTP was not the work of one Microsoft engineer. RFC 2637 credits authors from several companies and states that a vendor consortium developed the protocol. Microsoft was an important commercial participant, but the specification was collaborative.
James Yonan
Yonan built the original OpenVPN protocol and started its open-source project. His work helped make a secure, configurable and cross-platform VPN available to businesses, administrators and consumer VPN providers.
Jason A. Donenfeld
Donenfeld created WireGuard and remains closely associated with its development. The protocol's small design and modern cryptographic choices changed expectations for VPN performance and implementation simplicity.
IETF engineers and open-source communities
IPsec, IKE, L2TP, TLS-based VPNs and related standards resulted from sustained work by many authors, reviewers, implementers and security researchers. VPN evolution is a collective engineering story.
How VPNs evolved from corporate networks to consumer privacy tools
The original purpose of a VPN was usually business connectivity. Companies wanted remote employees, travelling staff and branch offices to reach internal systems without paying for a dedicated private circuit to every location. The public internet became the transport network, while a secure tunnel recreated some of the benefits of a private connection.
The first major use: corporate remote access
Early remote-access VPNs connected an individual computer to a company network. The user authenticated to a VPN gateway, received access to internal addresses and sent business traffic through an encrypted connection. This model made home working and business travel more practical long before “consumer VPN” became a mainstream term.
Site-to-site VPN growth
Site-to-site VPNs linked entire office networks. Instead of requiring each employee to launch a client, gateways at two locations built a persistent tunnel. IPsec became particularly important for this use. Businesses could connect branches over ordinary internet links while protecting traffic between the gateways.
Broadband, Wi-Fi and the rise of personal VPN services
Consumer VPN history accelerated as always-on broadband, laptops and public Wi-Fi became normal. A personal VPN could encrypt traffic between a device and a provider's server, limiting what a local network operator or internet provider could see in transit and replacing the user's public IP address with the VPN server's address.
Commercial consumer VPN services expanded during the late 2000s and 2010s. Demand came from several overlapping needs: securing public Wi-Fi, reducing ISP visibility, using services while travelling, working around censorship, sharing files more privately and reaching region-limited websites or streaming catalogues. For a practical guide to everyday use cases, see what a VPN is good for.
Provider histories also show how the consumer VPN market matured. The PureVPN history timeline is useful for tracing one early commercial provider, while our NordVPN history and PrivadoVPN history guides give further context on the modern consumer VPN market.
2011–2013: censorship and surveillance awareness
During periods of political unrest and internet blocking, VPNs became more visible as tools for accessing information across filtered networks. The 2013 disclosures about government surveillance programmes also increased public interest in encryption, privacy software and the question of who could observe internet traffic.
These events did not invent consumer VPNs, but they changed the public conversation. VPN marketing moved beyond business remote access and increasingly focused on online privacy, secure browsing, censorship resistance and control over a user's apparent IP location.
Smartphones make VPNs an everyday app
As internet use moved from desktop computers to phones and tablets, VPN apps became easier to install and keep active. IKEv2 and WireGuard-style designs suited mobile conditions because a connection could recover when a device moved between Wi-Fi and mobile networks.
2020: remote work becomes mainstream
The rapid shift to home working in 2020 made enterprise VPN capacity, secure remote access and cloud connectivity familiar topics outside IT departments. Some organisations expanded traditional VPN gateways, while others accelerated adoption of zero-trust network access and cloud-delivered security services.
This period also coincided with WireGuard entering Linux 5.6, helping a modern VPN protocol move into mainstream operating-system and commercial-provider support.
Corporate VPN
Connects an employee or office to private business resources. The organisation controls authentication, access policy and logging, and may intentionally record activity for security or compliance.
Consumer VPN
Connects a user's device to a commercial provider's server. The usual goals are privacy from the local network or ISP, IP address replacement, safer public Wi-Fi and access while travelling.
Remote-access VPN
Creates a tunnel from one device to a network or service. This is the classic home-worker model and also describes most personal VPN app connections.
Site-to-site VPN
Connects two networks through gateways. It is common for branch offices, data centres, cloud networks and hybrid infrastructure.
What modern VPNs inherited from VPN history
A current VPN app looks very different from a 1990s dial-up client, but the core design still combines familiar building blocks: virtual interfaces, encapsulation, authentication, key exchange, encryption, routing and policy.
Encrypted tunnels
A secure VPN tunnel protects traffic between two endpoints. Modern protocols normally use authenticated encryption or a combination of encryption and integrity protection so that an observer cannot easily read or alter packets in transit.
Perfect forward secrecy
Modern key exchanges commonly create temporary session keys. If a long-term credential is compromised later, previous sessions should not automatically become decryptable. This property is known as perfect forward secrecy and is an important improvement over static or poorly managed historical designs.
Kill switches and leak protection
Consumer VPN software added operating-system controls that block traffic if the tunnel disconnects, prevent DNS requests from bypassing the VPN and reduce accidental exposure through IPv6 or WebRTC. These are not separate VPN protocols, but they are now an important part of the modern VPN user experience.
Shared IP addresses and no-logs claims
Consumer providers often place many users behind shared exit addresses. This differs from a traditional corporate VPN, where each user may be directly identifiable and activity may be logged for legitimate business reasons. The consumer market also introduced no-logs claims, independent policy assessments and RAM-only server designs as trust signals.
Obfuscation
Some networks identify or block recognisable VPN traffic. Obfuscated servers and stealth protocols attempt to make a tunnel resemble ordinary HTTPS or otherwise reduce the signatures used by filtering systems. This is part of the continuing technical contest between censorship, network policy and secure communication.
VPN protocols built on other protocols
Many commercial services now create their own named protocol by adapting WireGuard, OpenVPN, IPsec or TLS. A provider-specific name does not necessarily mean the underlying cryptography was invented from scratch. It may describe privacy improvements, transport changes, faster reconnection, obfuscation or a different control system around an established tunnel.
Zero trust and ZTNA
Traditional remote-access VPNs often place a user “inside” a network after authentication. Zero-trust network access narrows that model by granting access to specific applications according to identity, device state and policy. ZTNA can replace some broad corporate VPN use cases, but encrypted tunnels remain important for site connectivity, device traffic protection, administration and consumer privacy.
Common myths about the invention and history of VPNs
Primary sources used to verify this VPN history
The dates and protocol descriptions in this article were checked against original specifications and official project documentation, rather than relying on a single commercial VPN timeline.
- Ioannidis and Blaze, “The swIPe IP Security Protocol”, December 1993
- RFC 1825: Security Architecture for the Internet Protocol, August 1995
- RFC 2401: Security Architecture for the Internet Protocol, November 1998
- RFC 2637: Point-to-Point Tunnelling Protocol, July 1999
- RFC 2661: Layer Two Tunnelling Protocol, August 1999
- RFC 2764: A Framework for IP Based Virtual Private Networks, February 2000
- RFC 4301: Security Architecture for the Internet Protocol, December 2005
- OpenVPN official project and company history
- WireGuard official project documentation
- Linux 5.6 release summary documenting the addition of WireGuard
- NIST FIPS 203: ML-KEM post-quantum key-establishment standard
- UK NCSC post-quantum cryptography migration timeline