I run my self hosted WireGuard server that points to my subdomain in order to connect so that way in case my IP changes I don’t have to worry loosing connection. The problem is I don’t think I should be trusting Cloudflare with all my traffic even though I am not doing anything particularly sensitive. After all, the point of self hosting is to keep your stuff private.
What’s everyone doing? Should even bother?
Your traffic goes through cloudflare only if you enable reverse proxy, but you could just use dynamic dns.
If you’re going to connect to a subdomain on a domain who’s DNS is hosted at Cloudflare you’re going to have to diasable the proxying of the subdomain for it to work anyway so Cloudflare won’t ever see your traffic. Traffic will be direct from client to server.
Additionally WG traffic is inscrutable so even if you routed traffic through them (which you can do if you really, really want to) they wouldn’t be able to see the contents and could only infer your actions through the metadata they could collect (time of connection, amount of data etc).
If you’re only using CloudFlare for DNS (toggle the orange switch off) then none of you data goes through them.
It even tells you on the DNS page if it’s proxied through CF or not.
I use an ISP+hoster with stable ips and run my own.
I don’t think I should be trusting Cloudflare with all my traffic even though I am not doing anything particularly sensitive
something something threat model something something
If the connection is proxied, it’s fine. If it’s a DNS record, I’d probably remove it and just connect to your vpn via your ip.
Having it unproxied in a dns record just makes it easier for domain dns record dumpers to find it and attack it for no reason other than they can.
Limit visibility. It’s not a complete solution to it, but it does help.
Regarding giving cloudflare any info… you’re running a vpn lol how would they possibly know what you’re doing? All your traffic is encrypted. All they know is you connect to vpn.doma.in and transfer data to it.
I’m interested in the answer as well.
How were you able to use your sub domain with WG?
Do you have to open up any ports in order for WireGuard to work?
Connect directly to my OpenVPN services.
Edit (for clarity):
I connect directly to my OpenVPN services. No third party.
cloudflare itself doesn’t provide that, you need some script for that, there are some on github
can anyone explain to me a noob, while this answer was downvoted?
I thought about using cloudflare instead of using my direct ip and the first thing that came to my mind was that it would be more visible to external visitors.
WireGuard can only be proxied by Cloudflare if you use Cloudflare Spectrum or wrap it in ssl using something like wstunnel.
On the WireGuard app you simply point to your subdomainq
I think people are interpreting this comment as you asking OP to point their domain to YOUR OpenVPN! But I think I understand what you are saying.
Any chance you can share how to do this? Did you follow a guide you can point me to?
Downvotes with no response. That’s not helpful for anybody. Give somebody something to work with.
They still provide an API.
And have your subdomain pointed to your home IP?
Ah, I see. Edited my response.
It doesn’t matter if the VPN service I have deployed is from Cisco or OpenVPN, I have to configure it for a given set of requirements and in order to do that reading documentation is necessary.
https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/