But in practice, especially for small teams, VPNs often introduce fragility. Connections drop, routing breaks, onboarding is awkward, and access is tied more to network location than to identity.
Over the last year, I’ve been trying to understand how “VPN-free” remote access models actually work under the hood — not from a marketing perspective, but mechanically. Most of them flip the connection model: instead of a laptop reaching into a private network, a small agent on the server establishes an outbound connection to a control plane, and access is brokered through that.
Nothing listens publicly on the server. No inbound ports are opened. Authentication and authorization happen before each session, rather than granting broad network access.
I wrote a longer explanation here, focusing on how this model works, where it helps, and where VPNs still make sense:
https://www.lynxtrac.com/how-vpn-free-remote-access-works
Curious to hear from others:
Have you used VPN-free access models in production?
Where did they simplify things?
Where did they break expectations?