pangolin_mirror/docs-v2
1
0
Fork 0
mirror of https://github.com/fosrl/docs-v2.git synced 2026-02-23 05:16:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6d4043229ac251f7dd9b69585512593a49ae6daf
docs-v2/about/pangolin-vs-vpn.mdx
miloschwartz 647080c1d5 test deploy
2025-07-31 21:44:10 -07:00

89 lines
4.5 KiB
Plaintext
Raw Blame History

---
title: "Pangolin vs. VPN"
description: "Learn how Pangolin provides application-specific access with zero-trust security compared to traditional VPNs"
---
Pangolin and VPNs both provide secure remote access, but they serve different purposes and offer different levels of security and convenience.
## Traditional VPN Limitations
Traditional VPNs provide full network access but come with significant drawbacks:
- **Over-Permission**: Users get access to entire networks, not just the applications they need
- **Client Software Required**: Users must install and configure VPN client software
- **Network Complexity**: Requires public IP addresses, open ports, and complex network configuration
- **Limited Access Control**: Basic network-level security with few granular controls
- **Single Point of Failure**: If the VPN server goes down, all access is lost
## Pangolin's Application-First Approach
Pangolin provides secure, application-specific access without the limitations of traditional VPNs:
### Zero-Trust Access Control
- **Application-Specific**: Users access only the applications they're authorized to use
- **Browser-Based**: No client software installation required - works with any web browser
- **Granular Permissions**: Role-based access control, path-based rules, and contextual policies
- **Multi-Factor Authentication**: Support for SSO, OIDC, 2FA, and passkeys
### Simplified Infrastructure
- **No Public IPs**: Edge networks don't need public IP addresses
- **No Open Ports**: Eliminates the need to expose ports to the internet
- **Automatic Tunneling**: Secure WireGuard tunnels are established automatically
- **Distributed Architecture**: Multiple points of presence ensure high availability
<Info>
Pangolin's application-specific approach follows the principle of least privilege - users only get access to what they need, when they need it.
</Info>
## Key Differences
| Feature | Traditional VPN | Pangolin |
|---------|----------------|----------|
| **Access Scope** | Full network access | Application-specific access |
| **Client Software** | Required | Not needed (browser-based) |
| **Network Requirements** | Public IP, open ports | No public IP needed |
| **Access Control** | Network-level | Zero-trust, granular |
| **Authentication** | Basic credentials | Multi-factor, SSO, OIDC |
| **Infrastructure** | Single server | Distributed points of presence |
| **Security Model** | Network-based trust | Identity-based trust |
## Use Cases
### Choose Traditional VPN When:
- You need full network access for all users
- Users are comfortable installing client software
- You have simple access control requirements
- You can manage public IP addresses and open ports
### Choose Pangolin When:
- You want to expose specific applications securely
- You prefer browser-based access without client software
- You need granular access control and audit trails
- You want to eliminate network infrastructure complexity
- You need high availability and global distribution
<Warning>
Traditional VPNs provide broad network access, which can be a security risk if user devices are compromised. Pangolin's application-specific approach minimizes this risk.
</Warning>
## Mesh VPN Comparison
Mesh VPNs like Tailscale and Netbird provide peer-to-peer connectivity for full network access. While they offer some advantages over traditional VPNs, they still:
- Require client software installation
- Provide full network access rather than application-specific access
- Lack the granular access control and audit capabilities of Pangolin
- Don't offer the distributed, high-availability architecture
<Card title="Try Pangolin Cloud" icon="rocket" href="https://pangolin.fossorial.io/auth/signup">
Experience application-specific access with zero-trust security and no client software required.
</Card>
# Pangolin vs. Mesh VPN (e.g., Tailscale, Netbird)
Pangolin and mesh VPNs like Tailscale or Netbird both provide secure remote access, but they differ in their approach and functionality. Mesh VPNs focus on creating peer-to-peer connections between devices for full network access, while Pangolin is designed to expose specific applications or services securely through points of presence, with no need for client-side software on user devices.
Pangolin is a better choice for application-specific access with zero-trust security and no client-side software requirements. Mesh VPNs like Tailscale or Netbird are more suitable for full network access and peer-to-peer connectivity. For environments prioritizing granular access control and simplicity, Pangolin offers a more focused and secure solution.
Reference in New Issue View Git Blame Copy Permalink