Hello,
i would like to replace our VPN with Cloudflare WARP/Zero Trust.
The plan is to have a split tunnel to the local network of the company to access the windows servers and other resources.
Also the devices in that local network should be reachable by hostname and domain.
Does anyone know how to configure this? I‘m having a hard time. Thanks yall!
TBH the Cloudflare docs are very good, you won’t get a much better hand-holding walk through. You could try /r/cloudflare and their community forums next, then come back here if you have specific issues that need addressing.
Not sure if it answer your q but I purchase a domain from CF and set Public Hostname in Zero Trust tunnel to reach my local service. For example:
domain.com:1001 → localip:1001
Not sure if the solution matches your needs. AFAIK CF tunnels is basically a reverse proxy (http or tcp) with a tunnel initiated from local site. I am not sure if you can replicate a generic VPN.
What’s your backup solution when Cloudflare goes down?
it can if setup right.
You’re thinking of something different. Zero Trust is a full SSO+2FA capable proxy with granular permissions and access control. Server side services use the tunnel to get to the cloud so there are no open ports.
running a backup tunnel on another onprem server in the local network
Are you saying that cf tunnel is as safe as a vpn connection?
You say this to the OP, I believe. - What you said was my concern about OP‘s use case.
I hate when generic technology names become big B Brand Names.
It would be safer, as access is specific and granular versus simply bridging networks. You get SSO with 2FA, no client VPN software to manage, etc.
What safety/feature do you think it not replicable?