« Back to Glossary Index
A VPN creates an encrypted connection between two points over the public internet – making it safe to send operational data across an untrusted network. A factory with 10 remote substations uses VPN tunnels to connect all of them back to the central SCADA server, as if they were all on the same local network.
Industrial routers support multiple VPN protocols. The right choice depends on what is on the other end of the tunnel:
- IPsec – best compatibility with legacy SCADA infrastructure and third-party VPN gateways
- OpenVPN – broad client platform support; runs over TCP or UDP; higher configuration overhead than WireGuard
- WireGuard – fastest, simplest to configure, lowest CPU overhead; the default choice for new deployments
- L2TP / PPTP – legacy protocols for compatibility with older clients only; not recommended for new deployments