I would note that under Linux even if your IT department try and put everything down the VPN to rewrite the routing table after the VPN is up to change that. Probably easy under other OS's if you know what you are doing. I used to do it routinely at my previous employer as their VPN policy followed the same stupid model.
Of course. And I suspect there is a race between the root user and the VPN client with each version. A race the root user will always win.
Finally the VPN model is now out of fashion. You are making the assumption that everything inside your network is trustworthy... Security in depth is the new mantra.
Yep, the Zero Trust model, where your data/application lives in a conceptual island, and your authentication is multi-factor (E.g. device cert + user credentials + token etc).
Exactly the model my corporate (~300,000 staff) has adopted for the last 5 years. We still have a lot of systems/applications on our internal network, so we have VPN as well, just don’t always need to connect it. It has been split tunnel for over 20 years.
21 years of broadband connectivity since 1999 trial - Live BQM