{"id":11043,"date":"2025-12-26T14:37:23","date_gmt":"2025-12-26T19:37:23","guid":{"rendered":"https:\/\/stevepedwards.today\/DebianAdmin\/?p=11043"},"modified":"2025-12-26T14:38:36","modified_gmt":"2025-12-26T19:38:36","slug":"current-industry-vpn-use","status":"publish","type":"post","link":"https:\/\/stevepedwards.today\/DebianAdmin\/current-industry-vpn-use\/","title":{"rendered":"Current Industry \"VPN\" Use"},"content":{"rendered":"<div class=\"pvc_clear\"><\/div>\n<p id=\"pvc_stats_11043\" class=\"pvc_stats all  \" data-element-id=\"11043\" style=\"\"><i class=\"pvc-stats-icon medium\" aria-hidden=\"true\"><svg aria-hidden=\"true\" focusable=\"false\" data-prefix=\"far\" data-icon=\"chart-bar\" role=\"img\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\" class=\"svg-inline--fa fa-chart-bar fa-w-16 fa-2x\"><path fill=\"currentColor\" d=\"M396.8 352h22.4c6.4 0 12.8-6.4 12.8-12.8V108.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v230.4c0 6.4 6.4 12.8 12.8 12.8zm-192 0h22.4c6.4 0 12.8-6.4 12.8-12.8V140.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v198.4c0 6.4 6.4 12.8 12.8 12.8zm96 0h22.4c6.4 0 12.8-6.4 12.8-12.8V204.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v134.4c0 6.4 6.4 12.8 12.8 12.8zM496 400H48V80c0-8.84-7.16-16-16-16H16C7.16 64 0 71.16 0 80v336c0 17.67 14.33 32 32 32h464c8.84 0 16-7.16 16-16v-16c0-8.84-7.16-16-16-16zm-387.2-48h22.4c6.4 0 12.8-6.4 12.8-12.8v-70.4c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v70.4c0 6.4 6.4 12.8 12.8 12.8z\" class=\"\"><\/path><\/svg><\/i> <img loading=\"lazy\" decoding=\"async\" width=\"16\" height=\"16\" alt=\"Loading\" src=\"https:\/\/stevepedwards.today\/DebianAdmin\/wp-content\/plugins\/page-views-count\/ajax-loader-2x.gif\" border=0 \/><\/p>\n<div class=\"pvc_clear\"><\/div>\n<p data-path-to-node=\"1\">In the industry, this is known as <b data-path-to-node=\"1\" data-index-in-node=\"34\">Zero Trust Networking<\/b> or <b data-path-to-node=\"1\" data-index-in-node=\"59\">SD-WAN<\/b> (Software-Defined Wide Area Network).<\/p>\n<hr data-path-to-node=\"2\" \/>\n<h3 data-path-to-node=\"3\">Why the \"Common Sense\" apps are Enterprise-grade:<\/h3>\n<table data-path-to-node=\"4\">\n<thead>\n<tr>\n<td><strong>Feature<\/strong><\/td>\n<td><strong>Old School (Obsolete PPTP etc)<\/strong><\/td>\n<td><strong>Enterprise \"New School\" (Tailscale\/WireGuard)<\/strong><\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><span data-path-to-node=\"4,1,0,0\"><b data-path-to-node=\"4,1,0,0\" data-index-in-node=\"0\">Philosophy<\/b><\/span><\/td>\n<td><span data-path-to-node=\"4,1,1,0\">\"Trust the internal network, block the outside.\"<\/span><\/td>\n<td><span data-path-to-node=\"4,1,2,0\">\"Trust nothing. Encrypt everything, even inside the LAN.\"<\/span><\/td>\n<\/tr>\n<tr>\n<td><span data-path-to-node=\"4,2,0,0\"><b data-path-to-node=\"4,2,0,0\" data-index-in-node=\"0\">Setup<\/b><\/span><\/td>\n<td><span data-path-to-node=\"4,2,1,0\">Complex Firewall rules, NAT mappings, GRE protocols.<\/span><\/td>\n<td><span data-path-to-node=\"4,2,2,0\">Identity-based. If \"Steve\" is logged in, the connection is allowed.<\/span><\/td>\n<\/tr>\n<tr>\n<td><span data-path-to-node=\"4,3,0,0\"><b data-path-to-node=\"4,3,0,0\" data-index-in-node=\"0\">Scalability<\/b><\/span><\/td>\n<td><span data-path-to-node=\"4,3,1,0\">Adding 1,000 users requires massive hardware VPNs.<\/span><\/td>\n<td><span data-path-to-node=\"4,3,2,0\">Adding 1,000 users is as simple as sending an email invite.<\/span><\/td>\n<\/tr>\n<tr>\n<td><span data-path-to-node=\"4,4,0,0\"><b data-path-to-node=\"4,4,0,0\" data-index-in-node=\"0\">Security<\/b><\/span><\/td>\n<td><span data-path-to-node=\"4,4,1,0\">PPTP\/L2TP (Easily compromised).<\/span><\/td>\n<td><span data-path-to-node=\"4,4,2,0\">WireGuard (State-of-the-art, noise-protocol encryption).<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 data-path-to-node=\"5\">Who uses this stuff?<\/h3>\n<ul data-path-to-node=\"6\">\n<li>\n<p data-path-to-node=\"6,0,0\"><b data-path-to-node=\"6,0,0\" data-index-in-node=\"0\">Modern Tech Giants:<\/b> Companies like <b data-path-to-node=\"6,0,0\" data-index-in-node=\"35\">Google<\/b> and <b data-path-to-node=\"6,0,0\" data-index-in-node=\"46\">Netflix<\/b> moved away from traditional \"Border Firewalls\" years ago. They use \"BeyondCorp\" or similar mesh-style networking.<\/p>\n<\/li>\n<li>\n<p data-path-to-node=\"6,1,0\"><b data-path-to-node=\"6,1,0\" data-index-in-node=\"0\">DevOps Teams:<\/b> Most developers at major firms use these tools to connect to production databases securely without needing to fight the \"3D Matrix of Horror\" that is a corporate Cisco firewall.<\/p>\n<\/li>\n<li>\n<p data-path-to-node=\"6,2,0\"><b data-path-to-node=\"6,2,0\" data-index-in-node=\"0\">Compliance:<\/b> Because these tools log exactly <i data-path-to-node=\"6,2,0\" data-index-in-node=\"44\">who<\/i> (which email address) accessed <i data-path-to-node=\"6,2,0\" data-index-in-node=\"79\">what<\/i> server, they are actually better for passing security audits than old-school VPNs.<\/p>\n<\/li>\n<\/ul>\n<ol start=\"1\" data-path-to-node=\"10\">\n<li>\n<p data-path-to-node=\"10,0,0\"><b data-path-to-node=\"10,0,0\" data-index-in-node=\"0\">Fortune 500 \/ Banks:<\/b> They still use the \"Matrix of Horror\" (Cisco, Fortinet, Checkpoint). You will have to fight those settings, but usually, a dedicated \"Network Team\" does it, not the Server Admin.<\/p>\n<\/li>\n<li>\n<p data-path-to-node=\"10,1,0\"><b data-path-to-node=\"10,1,0\" data-index-in-node=\"0\"><span class=\"citation-7\">Startups \/ Cloud-Native Companies:<\/span><\/b><span class=\"citation-7\"> They use <\/span><b data-path-to-node=\"10,1,0\" data-index-in-node=\"44\"><span class=\"citation-7\">Tailscale<\/span><\/b><span class=\"citation-7\">, <\/span><b data-path-to-node=\"10,1,0\" data-index-in-node=\"55\"><span class=\"citation-7\">Cloudflare Zero Trust<\/span><\/b><span class=\"citation-7\">, or <\/span><b data-path-to-node=\"10,1,0\" data-index-in-node=\"81\"><span class=\"citation-7\">Okta<\/span><\/b><span class=\"citation-7 citation-end-7\">.<sup class=\"superscript\" data-turn-source-index=\"1\">1<\/sup><\/span> They value \"Common Sense\" and speed over legacy hardware.<\/p>\n<\/li>\n<li>\n<p data-path-to-node=\"10,2,0\"><b data-path-to-node=\"10,2,0\" data-index-in-node=\"0\">The Middle Ground:<\/b> They use <b data-path-to-node=\"10,2,0\" data-index-in-node=\"28\">OpenSSH<\/b>. As we found out, SSH is the universal language that everyone\u2014from a bank to a basement startup\u2014uses and respects.<\/p>\n<\/li>\n<\/ol>\n<h3 data-path-to-node=\"11\">Why SSH is the \"Safe Bet\"<\/h3>\n<p data-path-to-node=\"12\">Even if a company uses a fancy Enterprise app, they are almost certainly using it to protect an <b data-path-to-node=\"12\" data-index-in-node=\"96\">SSH connection<\/b>. By getting <code data-path-to-node=\"12\" data-index-in-node=\"123\">ssh steve@172.27.176.34<\/code> working today, you\u2019ve mastered the core skill that every single one of these \"Modern\" apps is built to facilitate.<\/p>\n<table data-path-to-node=\"6\">\n<thead>\n<tr>\n<td><strong>Method<\/strong><\/td>\n<td><strong>Why it's the Standard<\/strong><\/td>\n<td><strong>Status<\/strong><\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><span data-path-to-node=\"6,1,0,0\"><b data-path-to-node=\"6,1,0,0\" data-index-in-node=\"0\">OpenSSH<\/b><\/span><\/td>\n<td><span data-path-to-node=\"6,1,1,0\">The \"Universal Key.\" Works on everything, uses one port (22), and is the backbone of cloud management (AWS\/Azure).<\/span><\/td>\n<td><span data-path-to-node=\"6,1,2,0\"><b data-path-to-node=\"6,1,2,0\" data-index-in-node=\"0\">Current Standard<\/b><\/span><\/td>\n<\/tr>\n<tr>\n<td><span data-path-to-node=\"6,2,0,0\"><b data-path-to-node=\"6,2,0,0\" data-index-in-node=\"0\">WireGuard<\/b><\/span><\/td>\n<td><span data-path-to-node=\"6,2,1,0\">The modern VPN. It's incredibly fast, runs in the Linux kernel, and handles NAT without any of the GRE \"0 packets\" bullshit.<\/span><\/td>\n<td><span data-path-to-node=\"6,2,2,0\"><b data-path-to-node=\"6,2,2,0\" data-index-in-node=\"0\">Modern Choice<\/b><\/span><\/td>\n<\/tr>\n<tr>\n<td><span data-path-to-node=\"6,3,0,0\"><b data-path-to-node=\"6,3,0,0\" data-index-in-node=\"0\">Tailscale \/ ZeroTier<\/b><\/span><\/td>\n<td><span data-path-to-node=\"6,3,1,0\">\"Zero-Config\" Mesh VPNs. This is what startups and modern remote teams use to bypass networking headaches entirely.<\/span><\/td>\n<td><span data-path-to-node=\"6,3,2,0\"><b data-path-to-node=\"6,3,2,0\" data-index-in-node=\"0\">Industry Trend<\/b><\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<div class=\"pvc_clear\"><\/div>\n<p id=\"pvc_stats_11043\" class=\"pvc_stats all  \" data-element-id=\"11043\" style=\"\"><i class=\"pvc-stats-icon medium\" aria-hidden=\"true\"><svg aria-hidden=\"true\" focusable=\"false\" data-prefix=\"far\" data-icon=\"chart-bar\" role=\"img\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\" class=\"svg-inline--fa fa-chart-bar fa-w-16 fa-2x\"><path fill=\"currentColor\" d=\"M396.8 352h22.4c6.4 0 12.8-6.4 12.8-12.8V108.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v230.4c0 6.4 6.4 12.8 12.8 12.8zm-192 0h22.4c6.4 0 12.8-6.4 12.8-12.8V140.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v198.4c0 6.4 6.4 12.8 12.8 12.8zm96 0h22.4c6.4 0 12.8-6.4 12.8-12.8V204.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v134.4c0 6.4 6.4 12.8 12.8 12.8zM496 400H48V80c0-8.84-7.16-16-16-16H16C7.16 64 0 71.16 0 80v336c0 17.67 14.33 32 32 32h464c8.84 0 16-7.16 16-16v-16c0-8.84-7.16-16-16-16zm-387.2-48h22.4c6.4 0 12.8-6.4 12.8-12.8v-70.4c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v70.4c0 6.4 6.4 12.8 12.8 12.8z\" class=\"\"><\/path><\/svg><\/i> <img loading=\"lazy\" decoding=\"async\" width=\"16\" height=\"16\" alt=\"Loading\" src=\"https:\/\/stevepedwards.today\/DebianAdmin\/wp-content\/plugins\/page-views-count\/ajax-loader-2x.gif\" border=0 \/><\/p>\n<div class=\"pvc_clear\"><\/div>\n<p>In the industry, this is known as Zero Trust Networking or SD-WAN (Software-Defined Wide Area Network). Why the \"Common Sense\" apps are Enterprise-grade: Feature Old School (Obsolete PPTP etc) Enterprise \"New School\" (Tailscale\/WireGuard) Philosophy \"Trust the internal network, block the outside.\" \"Trust nothing. Encrypt everything, even inside the LAN.\" Setup Complex Firewall rules, NAT mappings, <a href=\"https:\/\/stevepedwards.today\/DebianAdmin\/current-industry-vpn-use\/\" class=\"more-link\">...<span class=\"screen-reader-text\">\u00a0 Current Industry &quot;VPN&quot; Use<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-11043","post","type-post","status-publish","format-standard","hentry","category-post"],"a3_pvc":{"activated":true,"total_views":13,"today_views":0},"_links":{"self":[{"href":"https:\/\/stevepedwards.today\/DebianAdmin\/wp-json\/wp\/v2\/posts\/11043","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/stevepedwards.today\/DebianAdmin\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/stevepedwards.today\/DebianAdmin\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/stevepedwards.today\/DebianAdmin\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/stevepedwards.today\/DebianAdmin\/wp-json\/wp\/v2\/comments?post=11043"}],"version-history":[{"count":2,"href":"https:\/\/stevepedwards.today\/DebianAdmin\/wp-json\/wp\/v2\/posts\/11043\/revisions"}],"predecessor-version":[{"id":11045,"href":"https:\/\/stevepedwards.today\/DebianAdmin\/wp-json\/wp\/v2\/posts\/11043\/revisions\/11045"}],"wp:attachment":[{"href":"https:\/\/stevepedwards.today\/DebianAdmin\/wp-json\/wp\/v2\/media?parent=11043"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/stevepedwards.today\/DebianAdmin\/wp-json\/wp\/v2\/categories?post=11043"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/stevepedwards.today\/DebianAdmin\/wp-json\/wp\/v2\/tags?post=11043"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}