A Virtual Private Network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. It establishes a secure, encrypted tunnel for data transmission.
VPNs provide essential confidentiality and integrity for remote access and site-to-site connectivity. However, traditional VPN architectures can introduce latency, create network bottlenecks (hairpinning), and often function as a brittle perimeter defense that assumes internal network trust.
VPNs are a transition technology on the path to Zero Trust Network Access (ZTNA). While necessary for specific administrative access, generally broad network-level VPN access is an architectural smell. We prefer fine-grained, identity-aware proxies and modern, lightweight tunneling protocols like WireGuard over legacy, bloated IPsec implementations.