@@ -307,7 +307,11 @@ After establishing a tunnel, the VPN client changes configuration of the host de
(previously ### 4.3.3)
A VPN server is responsible for maintaining tunnels between VPN clients and the traffic destinations the clients are requesting.
While Clause 4.1 establishes that any node within a VPN network may dynamically fulfill various operational roles, the terms "VPN server" and "VPN gateway" are used to describe nodes primarily dedicated to aggregation, routing, and access control.
A **VPN server** is responsible for maintaining secure tunnels between multiple VPN clients and the traffic destinations the clients are requesting. It typically enforces centralized authentication, authorization, and traffic filtering policies. In decentralized or mesh VPN architectures, a "server" is not necessarily a dedicated, centralized appliance; rather, it is a logical role that any authorized peer node can assume to route traffic or act as an exit node for other peers.
A **VPN gateway** specifically fulfills the gateway role, acting as the secure bridge between the restricted-use VPN network and external networks, such as a private corporate intranet or the public internet.