←back to thread

SSH into private machines from anywhere using Cloudflare Tunnel

(orth.uk)
319 points SpaghettiX | 6 comments | 10 Feb 22 09:18 UTC | HN request time: 1.079s | source | bottom
1. 72deluxe ◴[10 Feb 22 13:40 UTC] No.30285810[source]
Why not just run Wireguard on a raspberry pi, set up DDNS to send your home IP to a Dynamic DNS provider (if you're on a dynamic IP), and then SSH to your machines at home using keys (instead of passwords)?

Setting up a Pi and running the Wireguard install script is about half an hour of work.

replies(1): >>30288832 #
2. anderspitman ◴[10 Feb 22 16:45 UTC] No.30288832[source]
If you're using ddns why do you need WireGuard at all?
replies(2): >>30290782 #>>30291123 #
3. Skunkleton ◴[10 Feb 22 18:54 UTC] No.30290782[source]
I use a similar setup. The VPN is needed because it is the only port accessible outside my network. Wireguard is easy to setup right, and I already need it for accessing other stuff on my home network.
4. philjohn ◴[10 Feb 22 19:22 UTC] No.30291123[source]
Wireguard needs an endpoint
replies(1): >>30291701 #
5. anderspitman ◴[10 Feb 22 20:05 UTC] No.30291701{3}[source]
If I understand GP correctly, the goal is to SSH into an RPi on a home network. Since they mention DDNS, it's implied that they're connecting directly to their home router. What I'm saying is why not port forward directly to the RPi?
replies(1): >>30330296 #
6. 72deluxe ◴[14 Feb 22 10:13 UTC] No.30330296{4}[source]
Yes you are right. If just connecting to the Pi, port forwarding is fine (and I use this).

When adding more devices at home (IP cameras etc.) and not connecting just to the Pi then the Wireguard VPN comes in.