VPN alternatives in 2023?

burajin · March 12, 2025, 6:37pm

Hey there,

I moved to a small team in the last few months. They generally have their stuff together but one glaring issue off the bat is the use of bastions with whitelisted home IP addresses.

My old place used Zscaler ZIA which was okay at best but it was because they had to be FedRAMP compliant which isn’t a need at my new place.

OpenVPN is a comfort zone but I know there are better alternatives nowadays.

We have multiple environments spread across many VPCs, many of which are peered.

What are people’s setups? Thanks in advance!

somekindofsorcery · March 12, 2025, 6:37pm

We’ve been super happy with Twingate. We deploy and manage it with Terraform, connect it to the company SSO, and barely think about it. Works like a charm and the price point is reasonable.

Anonymous · March 12, 2025, 6:37pm

Wireguard all the way.

If you are looking for SaaS maybe tailscale.

MrPinga0 · March 12, 2025, 6:37pm

AWS VPN Client Endpoint and forget about it.

dogfish182 · March 12, 2025, 6:37pm

I have not tried it but read repeatedly about hashicorp boundary… anyone any experience?

Boundaryproject.io has a vid from the founder on the concept, whiteboard style

Blowmewhileiplaycod · March 12, 2025, 6:37pm

I like cloudflare WARP but haven’t used it at any real scale yet.

Tranceash · March 12, 2025, 6:37pm

anybody used netbird.io ?

SuperQue · March 12, 2025, 6:37pm

We’re trying to eliminate VPN as much as possible and do IAP access for everything. Everything internally has a web UI, so just need a oauth2 proxy.

Anonymous · March 12, 2025, 6:37pm

For cool Proxied access :

Tailscale or
Teleport or
Hashicorp Boundary

For legacy style VPN :

Wireguard

Horvaticus · March 12, 2025, 6:37pm

Check out firezone, built on top of wireguard and you can deploy it as an appliance in EC2 or docker.

PhilipLGriffiths88 · March 12, 2025, 6:37pm

Check out Ziti. It’s a zero trust overlay network which allows you to close all inbound ports. Its come in open source OpenZiti or commercial SaaS CloudZiti (with a free tier). Here is a blog on making bastions dark - https://netfoundry.io/transparent-bastions/. I work on the project.

Top-Mulberry139 · March 12, 2025, 6:37pm

We’ve got aws n perimeter 81.

Kold01 · March 12, 2025, 6:37pm

This is exactly what we do and it’s much slicker than a traditional VPN i.e. FortiClient.

hotpepperrelish · March 12, 2025, 6:37pm

same but handed over control to IT so they could connect it to AD. I don’t know if I could get them to learn TF.

hotpepperrelish · March 12, 2025, 6:37pm

Oh is this new? Last time I looked the only thing available was the IPSEC vpn tunnels for connecting externally.

Slay_Nation · March 12, 2025, 6:37pm

What about connecting to anything external to your internal network?

threwahway · March 12, 2025, 6:37pm

how is wireguard “legacy style”? lmao

somekindofsorcery · March 12, 2025, 6:37pm

hey, right tool for the right job - if you’re not responsible for it, let them do it manually lol. To be fair, if your access needs don’t change often, it’s not too difficult to manage manually.

MrPinga0 · March 12, 2025, 6:37pm

it’s not new, we switched to it before COVID and it has been working like a champ since then. we use gsuite and an authentication lambda so we don’t have to deal with passwords and stuff

Anonymous · March 12, 2025, 6:37pm

wireguard is just a tunnel from one network to another

tailscale controls access to individual hosts. its more of a host to host connection based on identity.