VPN gets used as a catch-all term for very different things. A consumer VPN service that hides your browsing from your ISP is a very different product from the business VPN that lets your staff securely connect to your office network from home. Understanding the distinction, and knowing which type your business actually needs, helps you make the right decision.
What a VPN Does
A VPN (Virtual Private Network) creates an encrypted tunnel between two endpoints across a public network — usually the internet. Traffic inside the tunnel is protected from interception, and the connection behaves as if both endpoints are on the same private network.
For businesses, this solves two distinct problems: secure remote access for individual users, and secure connectivity between multiple locations.
Remote Access VPN
A remote access VPN allows individual users to connect to your business network from anywhere (home, a hotel, a coffee shop) as if they were sitting in the office.
Once connected, the user’s device can reach internal resources: file servers, internal applications, printers, network-attached storage. Traffic between the user’s device and the office is encrypted, regardless of what network they’re connecting from.
Common use cases:
- Staff working from home
- Travelling employees needing access to internal systems
- IT administrators managing servers remotely
How it works: The office has a VPN server (often built into the firewall or router). Users install a VPN client on their device and connect using credentials. The connection is authenticated and encrypted.
Common protocols include OpenVPN, WireGuard (fast and modern), IKEv2/IPsec, and SSL/TLS VPN (browser-based or client-based).
Site-to-Site VPN
A site-to-site VPN connects two entire networks together (typically two office locations, or an office and a data centre) so that devices on both sides can communicate as if they’re on the same local network.
Unlike remote access VPN, no individual client software is needed on user devices. The VPN tunnel is maintained between the two locations’ routers or firewalls, and traffic passes through automatically.
Common use cases:
- Connecting a branch office to a head office
- Linking an office network to a cloud-hosted environment
- Connecting to a co-location facility or managed data centre
How it works: Both locations have compatible VPN-capable routers or firewalls. A persistent encrypted tunnel is established between them, and routing is configured so that traffic destined for the remote network travels through the tunnel automatically.
Which Does Your Business Need?
| Scenario | VPN Type |
|---|---|
| Staff working remotely or from home | Remote Access |
| Two or more office locations | Site-to-Site |
| Accessing a cloud server or hosted environment | Site-to-Site or Remote Access |
| Sensitive data travelling across public networks | Both, depending on use case |
Most small businesses primarily need remote access VPN. Site-to-site becomes relevant once you have multiple fixed locations that need to share resources reliably.
Consumer VPN Services vs Business VPN
It’s worth being clear about what consumer VPN services (NordVPN, ExpressVPN, and similar) are and aren’t.
These services route your internet traffic through the VPN provider’s servers, masking your IP address and encrypting traffic between you and the provider. They’re useful for privacy when using public WiFi, accessing geo-restricted content, or preventing your ISP from seeing your browsing.
They do not give you access to your business network. They don’t replace a business VPN. And using a consumer VPN on a work device without understanding the implications can create security and compliance issues, since your business traffic is passing through a third-party provider.
Security Considerations
A VPN is only as secure as the credentials used to access it. VPNs without multi-factor authentication are a known target for attackers — compromised credentials are frequently used to establish VPN connections and move laterally through business networks.
Always enable MFA on your VPN. This is one of the most important security controls for any remote access solution.
Also consider:
- Keeping VPN software and firmware updated, vulnerabilities in VPN appliances are actively exploited
- Using split tunnelling carefully, it routes only business traffic through the VPN, which reduces load but means internet traffic goes out unprotected
- Logging and monitoring VPN connections for unusual activity
Popular Options
- Sophos Firewall — includes SSL VPN and site-to-site IPsec, managed through Sophos Central
- Ubiquiti UniFi — built-in VPN options including WireGuard and L2TP
- pfSense / OPNsense — open source firewalls with strong VPN support
- WireGuard — fast, modern protocol; available on many platforms and well supported by open source firewall distributions
- Cisco Meraki — strong site-to-site and remote access options for slightly larger SME environments