The problem

Every company knows this situation: a vendor, an auditor, an external consultant arrives and needs temporary access to an internal server, a local application, or a file share. The traditional options hurt both sides:

Classic VPN (OpenVPN, FortiClient, Cisco AnyConnect…): installer, drivers, admin rights on the vendor's laptop — which is often their personal PC or a device belonging to a different company. The vendor pushes back, and rightly so.
Sharing internal-user VPN credentials: the vendor ends up with permanent access nobody revokes, and broader privileges than they needed.
Bastion / web-based RDP: works, but limits the use cases (no arbitrary protocols, no using the vendor's own tools from their own PC).
Creating a "guest" user in Active Directory: nobody decommissions it, the audit trail is poor, and it opens up too much of the network.

On top of that, most commercial VPN clients harvest device inventory: hostname, installed software, antivirus, OS version… Information that the external vendor does not want to share with the customer, and that the customer should not really be asking for either.

What ConnectaSec Guest is

ConnectaSec Guest is a single-file portable client built for exactly this case:

A single ~150 MB portable .exe. No installer. No system service. No persistent drivers. The vendor downloads it once and keeps it around.
It asks for no permissions beyond what's needed to bring up the tunnel while it's running. When the window closes, nothing keeps running.
One auth key per session. The customer generates the key, hands it to the vendor through whatever channel they prefer (email, chat), and the vendor pastes it into the GUI. The key has a limited lifetime and a limited scope, enforced by ACLs.
Ephemeral node. As soon as the guest closes the window, the node disappears from the control plane. No permanent user record is left behind.
ACL-bound scope. The vendor only reaches the machines and ports the customer has defined in policy. The rest of the internal network is invisible to them.

The detail no VPN on the market offers

Here's where it gets interesting. ConnectaSec Guest makes a split that commercial VPNs do not make:

Collected from the guest's device	Collected from traffic into the customer
❌ Hostname	✅ Network flows to internal resources
❌ Software inventory	✅ Destination address, port, protocol
❌ Antivirus / device posture	✅ Connection volume and duration
❌ OS version	✅ All tagged with the customer's tenant
❌ Client logs
❌ Client auto-update

Technically, the daemon only exports flows over the ConnectaSec mesh and the customer's subnet routes — the guest's personal browsing (Gmail, banking, Netflix…) is not touched, not seen, not reported. The customer gets a full audit trail of what the guest did inside their network, and nothing about what the guest does outside it.

No commercial VPN on the market draws that line: either they audit nothing (and the customer has to trust blindly), or they audit everything (and the vendor gives up privacy needlessly). Guest is the honest middle ground.

Who it's for

IT vendors and contractors who need occasional access to a customer's server for maintenance, installations, deployments.
Internal and external auditors reviewing systems for a bounded period.
Consultants working on a project with a defined timeline.
Third-party support from the maker of a critical application who has to connect to the customer's server to resolve an incident.
External DevOps teams during migrations, go-lives, or load tests.

For the customer (who grants access)

Generates the key in the console, hands it to the vendor, and the vendor is in within a minute.
Sees in real time what the vendor is touching on their network, from the ConnectaSec audit panel.
When the vendor closes their laptop or the window, access ends on its own — no one has to remember to revoke it.

For the vendor (who receives access)

Installs nothing on their PC.
Shares no data about their device.
Leaves nothing behind when the session ends.