we're a software development agency with several clients scattered across Europe. Due to the nature of our products many require to connect to the client's VPN to offer assistance and perform maintenance. Most times we can't install our own VPN.
This has led to some of our devs needing to manage more than 20 different VPNs, all with different clients (sometimes with incompatible versions, looking at you Fortinet), credentials, expirations, tokens and such. Some of those get unused for months, only to discover they're broken when you most need them to fix an outage in production. For us, it has become a mess.
So the first question for you: Is this a fairly common problem or is this just us? If it is, did you solve it in any way? I've been looking for tools to streamline this but haven't found anything.
That said, we’ve been exploring an idea for a while: basically a control layer on top of existing VPNs. A sort of virtualization framework where vpn clients run on containers managed by the control plane. Users would only then have one client to our VPN layer installed and just decide which endpoint to connect to. This would also open up other possibilities like full connection audits, quick offboarding, better OTP management, expiration notifications. Of course we would design it to be zero knowledge to avoid security issues.
Still very early and we’re honestly not sure if this is actually a widespread pain or just limited to the few environments we’ve seen.
Happy to be told this is dumb (but I'd like to know why) or to discuss potential problems we haven't considered yet.