无VPN远程访问的工作原理
VPN(虚拟私人网络)长期以来一直是远程访问的默认解决方案,它解决了一个实际问题:网络可达性。
但在实际应用中,尤其是对于小团队而言,VPN往往会引入脆弱性。连接中断、路由失效、入职过程尴尬,且访问权限更多地依赖于网络位置而非身份。
在过去的一年里,我一直在尝试理解“无VPN”远程访问模型的实际运作方式——不是从营销的角度,而是从机制上进行分析。大多数此类模型颠覆了连接模式:不是笔记本电脑连接到私有网络,而是服务器上的一个小代理建立到控制平面的出站连接,访问权限通过这个连接进行调配。
服务器上没有任何公开监听的服务。没有开放入站端口。身份验证和授权在每个会话之前进行,而不是授予广泛的网络访问权限。
我在这里写了一个更长的解释,重点介绍了这个模型的运作方式、它的优势以及VPN仍然适用的场景:
https://www.lynxtrac.com/how-vpn-free-remote-access-works
我很想听听其他人的看法:
你们在生产环境中使用过无VPN的访问模型吗?
它们在哪些方面简化了流程?
又在哪些方面打破了预期?
查看原文
VPNs have been the default answer to remote access for a long time, and they solve a real problem: network reachability.<p>But in practice, especially for small teams, VPNs often introduce fragility. Connections drop, routing breaks, onboarding is awkward, and access is tied more to network location than to identity.<p>Over the last year, I’ve been trying to understand how “VPN-free” remote access models actually work under the hood — not from a marketing perspective, but mechanically. Most of them flip the connection model: instead of a laptop reaching into a private network, a small agent on the server establishes an outbound connection to a control plane, and access is brokered through that.<p>Nothing listens publicly on the server. No inbound ports are opened. Authentication and authorization happen before each session, rather than granting broad network access.<p>I wrote a longer explanation here, focusing on how this model works, where it helps, and where VPNs still make sense:<p>https://www.lynxtrac.com/how-vpn-free-remote-access-works<p>Curious to hear from others:<p>Have you used VPN-free access models in production?<p>Where did they simplify things?<p>Where did they break expectations?