VPNs serve a great purpose as a secure access medium for administrators and road warriors. Administrators should by default use a VPN to access the management plane whether they are on a company’s LAN “trusted zone” or outside of it “the internet”. A normal user typically has trusted access from the LAN to company systems but not from the outside. Many people use port forwarding or other rules on a firewall to provide this type of access to these users from the outside. This is insecure as firewalls are nothing more than guards asleep at the gate. It is way better for these users to VPN into these systems using the typical road warrior configuration.
Read the article over at Medium: Life in the VPN Lane