All I want out of a VPN is easy setup, SSO, and to not force the entire company to use a proprietary client.
Bonus round, we have no physical location. Our network is a cloud network. Something like a physical device as a gateway is a no-go.
@FreedomATX
Tailscale?
@voltronic Might work. CTO wants me to look at Duo as well. The problem is our email encryption scheme within gcloud. It's easy to make work with a traditional network and VPN, but these mesh security networks... It will probably work, but it's a lot murkier.
Tagging in @john_b @opie @SpaceSloth2000 who know way more about this stuff than me.
@voltronic @FreedomATX @john_b @SpaceSloth2000
pretty sure tailscale is the answer here...whether or not it meets all the requirements; of course, depends on the specific requirements, and would be a lengthy discussion...it's the first thing I'd take a look at it if I were FreedomATX tho...
@opie @voltronic @FreedomATX @SpaceSloth2000
Yep, another Tailscale vote, especially for a fully-remote workforce. Traditional point-to-point VPN gateways don't make sense in that scenario.
I'm not sure how that would interfere with email encryption either; would need to know more about the setup but I'm sure there's a solution even if that is a hurdle somehow.
Tailscale is the way to do modern network security.
@opie @voltronic @FreedomATX @SpaceSloth2000
That said, Tailscale does require the use of the Tailscale client. You're unfortunately not really going to get away without using a software client unless (1) it's a Linux workforce with kernel-mode Wireguard built in and you don't mind managing complicated key exchanges whenever you add a device, or (2) you fall back to an old-style point-to-point setup (OpenVPN, etc).
I still think Tailscale is the way to go though.