←back to thread

SSH into private machines from anywhere using Cloudflare Tunnel

(orth.uk)
319 points SpaghettiX | 8 comments | 10 Feb 22 09:18 UTC | HN request time: 0.42s | source | bottom
1. morelish ◴[10 Feb 22 11:38 UTC] No.30284853[source]
Personally I’m happier to use wireguard to access my network. I don’t know when I’d ever want a pure SSH tunnelling solution.
replies(5): >>30285025 #>>30285367 #>>30289249 #>>30290444 #>>30293490 #
2. hoppyhoppy2 ◴[10 Feb 22 12:05 UTC] No.30285025[source]
Cloudflare Tunnel uses Wireguard under the hood.
replies(2): >>30285298 #>>30288911 #
3. amiller2571 ◴[10 Feb 22 12:47 UTC] No.30285298[source]
Never heard of Wireguard, so I went to their website and for a half second. I thought I cracked the screen on my new phone, because of their freaking background image....

But, it looks interesting. I'll have to check it out more.

4. synthos ◴[10 Feb 22 12:55 UTC] No.30285367[source]
So easy to set up too with docker. You can even generate a QR code to easily set up a mobile device. You do need a domain name, DDNS, or a static IP and the ability to port forward from the router
5. anderspitman ◴[10 Feb 22 16:50 UTC] No.30288911[source]
I believe they use WireGuard internally but the client connections are terminated over HTTP/2 frames, with QUIC support in the works.

https://blog.cloudflare.com/getting-cloudflare-tunnels-to-co...

6. poxrud ◴[10 Feb 22 17:10 UTC] No.30289249[source]
WireGuard is great and is not too difficult to setup on something like a RPi. I have one running on my home network which lets me access my local network remotely, including access to my local media server. I have another one running at my parents' house for times when I need to RDS into their windows machines for troubleshooting, or if I need to tweak settings on their router. You can also configure your clients (phone, laptop) to forward all traffic through the tunnel, which then secures your connection for when you're over an untrusted/public wifi.
7. LoveGracePeace ◴[10 Feb 22 18:30 UTC] No.30290444[source]
There was a Cloudflare article posted a couple of days ago, I'll post my comment which agrees with you, Wireguard and a cheap VPS are hard to beat: "Similar, I use a cheap AWS Lightsail VPS $3.50 (Lightsail has DDOS protection)-> Wireguard -> Apache Reverse Proxy mod -> my local services."
8. gen220 ◴[10 Feb 22 22:18 UTC] No.30293490[source]
Wireguard, with dynamically-updated DNS resolution to a residential IP is very solid for a free tier and has the key benefit of zero third-party (i.e. not controlled by you) dependencies, other than the IP provider and the DNS resolver, which is a commodities business with low switching costs. Cloudflare is very nice and will be around for a long time, but it's still a third party dependency.

As it boils down, the OP's solution is "free" as in money but not as in freedom for a certain set of requirements.

Basically, going with CF trades-off some freedom for the considerable/legitimate protection benefits of being under the "cloudflare umbrella". It's probably a good trade for this moment in time. But rational people can disagree about whether it's a good trade when you broaden the time horizon to 5, 10, etc. years.

Like all things, it depends on the requirements you're building for.