[snapplebobapple]

selfhost headscale or netbird or nebula for basically the same thing pretty fully in your control. The appeal is it's a an encrypted mesh network with a very performant point to point with relay if needed vpn backing it up. This lets you keep things reasonably private and much higher performance than the traditional vpn to the office router/infrastructure at office vpn. it lets you create an overlay network that matches your vlan rules keeping everyone segregated in their lane no matter where their devices are. Services on the internet with TLS are a bad idea for many, many things (both attack surface wise with everyone in the world being able to hit the service, but also with how questionably secure massive corporate technical projects often are, which can only change slowly due to business concerns (i.e. spending the dough to change this means no profit for the quarter and significant downtime because it was built wrong over a couple decades but manages to power the a lot of the business activity flow))