Do you use cloudfare tunnel or a vpn like tailscale or wireguard ? Why would you choose of these over the other?
wireguard because no one else needs to know what services i run in my local network
Not sure about others but I use Tailscale to connect to services on my local network and Cloudflare tunnel for apps I put online.
Pretty simple answer: Wireguard.
Why? It’s the fastest of them all, works on almost all devices you can imagine, does not rely on any 3rd party like Tailscale with OICD or other IdP. Tailscale has its use when you are behind CGNAT and don’t want to VPS a Wireguard server somewhere with a static IP, other than that, it has no use in my opinion. I’m fully aware that I get downvotes from people who praise the zero trust principals of Tailscale and all the rest, but they always forget that you can do zero trust since decades with any network equipment (VXLAN) and add Wireguard to the mix. You can even run Wireguard in your local network to encrypt unencryptable traffic like NFS.
Check back in a few hours /u/Silencer306, this comment will have a few if not many downvotes.
Wireguard.
Because I would like to self-host everything myself, so why should I use another 3rd party service?
Wireguard ( + VPS as Wireguard-Gateway with fixed IP to my HomeNet)
- No Cloudflare, as I don’t want a Man-in-The-Middle breaking my certificates
- No Tailscale, as I’m using OPNsense and want complete controll over my Networking
- No Port-Forwarding with Reverse Proxy, as I don’t trust Selfhosted-Github-projects to be hardened enough for Security
But I only use my Selfhosted-Apps on my own devices. Otherwise Reverse Proxy with strict 2FA / Forward-Authentication would also be an option.
Wireguard to access my services from anywhere, automatically connected on my phone when it is not in my home wifi.
I use all three.
-
CF tunnels to access generic apps I want public.
-
Tailscale to have remote access to my home network.
-
Wireguard tunnel going to a VPS for apps that I don’t feel comfortable running through CF due to the bandwidth (Jellyfin, AzuraCast).
I totally could move everything that’s on CF tunnels over to Wireguard, but I see no need to do it. Cloudflare is trustworthy enough and I like the additional protection it offers.
I use WireGuard. It is sufficient for me, because I have no need to make my services publicly visible.
wireguard as primary, Tailscale as backup.
if I have something I don’t mind Cloudflare and the government taking a look, then Cloudflare tunnel.
I wanna host everything myself, but also love tailscale, so I’m using tailscale with headscale… It’s so convenient to not open up ports, especially since I don’t have a static IP
Wireguard because my consumer router has it built-in.
Tailscale is amazing. Soo easy to setup.
They’re different tools:
-
WireGuard/Tailscale is designed to allow you to access private resources remotely.
-
Cloudflare Tunnels are designed to allow you to make private resources available publically.
There’s some overlap - Cloudflare has a zero-trust product called Access which can be enabled, and Tailscale has Funnels, say - but they’re literally basically different tools designed to solve different problems.
So it all comes down to… Do you have stuff at home you and only you need to access? WG/TS. Do you have stuff at home that you want people (everyone or a subset) on the internet to be able to access? Cloudflare Tunnels (or just open it up unless you’re behind CGNAT etc).
I’ve used IPSec to connect to my home (and office when I had my own company) networks. It has never failed me and the client is built right into my iphone and mac.
Would this be instead of a reverse proxy?
I use cloudflare with overseerr
I use both. Cloudflare is for public facing services. Like overseerr and wizarr.
Tailscale is how I access my private services and dashboards.
For work, Tailscale between vps and server. It works like cloudflare tunnels but doesn’t have the issues with the TOS excluding media streaming etc.
Keeps the internal server relatively safe and we can stream media/serve media content.
Cloudflare is our registrar and dns provider.
correct file saw work rainstorm advise voiceless axiomatic gray paint
This post was mass deleted and anonymized with Redact