I don’t have a problem with Virtual Private Networks (or VPNs) as a technology. They serve a purpose and I do work with them a lot where I am currently employed. But, I have come to the conclusion that using them for common or casual remote access is a total hack.
For the remote computer, the VPN essentially takes that remote system and virtually places it on the office network. That’s the hack. Instead of using secure technology and SSL tunneling, you “fake” having the computer on the office network. Obviously this is sometimes required, but should remote users be using VPN just to send and recieve mail? I’m not even sure you need a VPN for file access if you have a good, secure portal that allows uploads and downloads. End users dependent on VPNs for access to their day-to-day tools are depending on a single point of failure. If the VPN doesn’t work, the user is out of commission.
I feel that a VPN should be used to connect office LANs together and as an emergency for remote users who can’t get what they want through normal secure methods.