← Back to Articles

You don't need VPN (Zero-Trust)

Featured Image

Are you still using VPN? I mean to access your home / work / school network. What if I told you that there is a better way to access all your devices. It's called Zero Trust Network Access (ZTNA) and it's the next generation of VPN. It's more secure, more flexible, easier to use, much faster and much more reliable.

Traditional VPN

VPN was created back in 1996 and the world was a different place back then. Rarely anyone had a computer at home with internet access and there was no such thing as remote work. VPN was created to allow people to access their work network from home. It was a way to connect two networks together and make them appear as one. It worked because it was simple. People's needs were simple.

Fast forward to today and everyone has a computer at home with internet (more like 15 computers, IoT, smart devices etc.). We jump from device to device, we need to access each device from each other device. We travel with out devices (while needing to access all our other devices). The needs of today are completely different from the needs of 1996. VPN has not aged well. It's slow, it can be unreliable, it's hard to use with so many devices and the need for mobility and on demand access. We need something better. It's time to let VPN retire.

Zero Trust

Enter Zero Trust Network Access (ZTNA). It's the next generation of private networking. Wouldn't it be nice if you could just tell all your devices to get on the same private network and be able to talk to each other? That's exactly what Zero Trust and providers like Tailscale, Twingate, Zerotier and Cloudflare do. It brings all your devices together on a private network in a full mesh topology. Each device can talk to each other device. It doesn't require opening any ports on your router. It doesn't require setting up a VPN server. It's secure. It's fast. And it's super easy to set up and use.

Benefits of Zero Trust

  1. Easy Setup: You don't need to wait for your network admin to give you VPN access. You can set up ZTNA yourself in a matter of minutes. If you are able to install an app on your computer (on the remote network), then you can set up ZTNA yourself.
  2. Full Mesh Network: ZTNA creates a full mesh network between all your devices. Each device can talk to each other device. And you don't need to connect / disconnect different VPNs to access different devices. It just works.
  3. Simpler Addressing: When using traditional VPN, the IP address of your device changes depending on which network you are connected to. If you bring your computer to a different network, you will need to use a different IP address to access it. But with ZTNA, your device always has the same IP address no matter where you are. This greatly simplifies the addressing of your devices. On top of that, providers like Tailscale provide DNS/hostname resolution for your devices without any extra configuration.
  4. Peer-to-Peer Networking: Zero Trust providers like Tailscale offer peer-to-peer networking. This means that your devices talk directly to each other without going through a central server. It does this using NAT traversal techniques like STUN and UDP hole punching. Because devices talk directly to one another, it makes the connection much faster and much more secure.
  5. No Need To Connect To VPN: With Zero Trust, you don't need to connect to VPN each time you want to access your devices on a different network. This also solves the issue where you cannot connect to the same network with multiple accounts at the same time. All these problems simply disappear.
  6. Security & Logs: With Zero Trust you get granular access rights and logs of who accessed what and when. This is simply not possible with traditional VPN which gives users full access to the whole network unless you implement subnetting which can get very complex. Tailscale can even be self-hosted using open source solutions like Headscale.
  7. No IP Conflicts: With traditional VPN, you have to be mindful of your own subnet. If your own network is on 192.168.1.0/24 subnet and the network that you want to connect to also happens to be on the same 192.168.1.0/24 subnet, you will have IP conflicts. With traditional VPN it is always recommended to choose different subnets for each network which is both limiting and annoying. With ZTNA, all your devices get their own private IP addresses (like 100.12.43.56).

Getting Started With Zero Trust

Getting started with Zero Trust is extremely easy. If you use a provider like Tailscale, all you need to do is go to each of your devices and install the tailscale client and run it. That's it. Your device will be added to your own private network. There's nothing else you need to do.

Tailscale also allows to use one device as the exit node. This means that all traffic will pass through that device which is very useful for bypassing IP restrictions.

It is also useful to add SSH keys to the devices you will be connecting to and to add ssh aliases to your ~/.ssh/config to make accessing devices even easier.

# See all devices on your network
$ tailscale status
100.11.59.16    home-computer      admin@   linux   active
100.9.13.28     work-computer      josh@    linux   active

# Add SSH key to your device
$ ssh-copy-id admin@home-computer

# Edit ~/.ssh/config
Host home-computer
  HostName home-computer
  User admin

This will allow you to simply run $ ssh home-computer to SSH into it. This will work even with Nautilus file manager sftp://home-computer.

Listen to Deep Dive

Download