I finally understand Cloudflare Zero Trust tunnels

(david.coffee)

311 points eustoria | 2 comments | 16 Nov 25 17:39 UTC | HN request time: 0.014s | source

Show context

jorams ◴[16 Nov 25 23:38 UTC] No.45949508[source]▶

> after frustration with Tailscale in environments where it couldn’t properly penetrate NAT/firewall and get a p2p connection, I decided to invest some time into learning something new: Cloudflare Zero Trust + Warp

...which doesn't even try to get a p2p connection. Instead you always get the thing you didn't want. If you're okay with that you could've just ignored how Tailscale connected those devices, that's kind of the point. You've also in the process converted your entire security model to Cloudflare's idea of "Zero Trust" which involves 100% trusting Cloudflare.

The rest of the blog post is fine, but the motivation is honestly baffling.

replies(2): >>45949670 #>>45950123 #

1. stingraycharles ◴[17 Nov 25 01:35 UTC] No.45950123[source]▶

>>45949508 #

The difference is that Cloudflare has their own high quality network and PoPs everywhere, so the quality is generally even better than P2P.

This is my experience, we are a fully remote world-wide company and we recently migrated away from Tailscale to Cloudflare and it has been much better.

replies(1): >>45961968 #

2. o11c ◴[18 Nov 25 06:23 UTC] No.45961968[source]▶

>>45950123 (TP) #

Eh, kind of.

Peering in Europe is such a mess that even Cloudflare can be pretty bad. Sometimes you have to manually calculate "okay, there's a colo in this particular city that will force the correct route if we proxy all our traffic through it ..."

↑