[microcolonel]

In general it seems convenient to configure; but in terms of operation how does it really differ from connecting your services as clients to a VPN LAN? With WireGuard for the tunnels themselves, you can even have as many routers/"relays" as you want, with virtually no overhead.

[onorua]

VPN has one important limitation - it either provides you with default gateway and all the traffic goes through your VPN node, or you need to maintain and play with routes in order to prevent this. Another limitation is - as soon as you passed the VPN GW - you are "at home", and can access anything you like. Twingate provides you with the possibility to avoid VPN gateway for everything except for specific "access points" which are close to the sites you would like to limit access to. They also check the endpoint client attempts to connect and if the client doesn't have permission - it got rejected. Even though it can access other available resources through the same access point. You can have many "access points". I believe they use some proprietary protocol (which is bad if you ask me), I could not find any security audit on their site about the protocol. From the other hand, according to the documentation they use TLS, which is good. I believe WireGuard could be a better use here because it is OpenSource and widely used by big players. On the other hand, TLS is used even more, but I would like to get some security audit results.