I finally understand Cloudflare Zero Trust tunnels

(david.coffee)

311 points eustoria | 1 comments | 16 Nov 25 17:39 UTC | HN request time: 0.223s | source

Show context

jchw ◴[16 Nov 25 20:21 UTC] No.45948083[source]▶

One thing that makes Cloudflare worse for home usage is it acts as a termination point for TLS, whereas Tailscale does not. If you use a Tailscale Funnel, you get the TLS certificate on your endpoint. With Cloudflare, they get a TLS certificate for you, and then strip and optionally re-add TLS as traffic passes through them.

I actually have no idea how private networks with WARP are here, but that's a pretty big privacy downgrade for tunneling from the Internet.

I also consider P2P with relay fallback to be highly desirable over always relaying traffic through a third party, too. Firstly, less middlemen. Secondly, it continues working even if the coordination service is unavailable.

replies(11): >>45948135 #>>45948861 #>>45950399 #>>45950603 #>>45950673 #>>45950728 #>>45951628 #>>45951656 #>>45951950 #>>45957225 #>>45963338 #

jpdb ◴[16 Nov 25 22:06 UTC] No.45948861[source]▶

>>45948083 #

I generally prefer tailscale and trust them more than cloudflare to not rug-pull me on pricing, but the two features that push me towards cloudflared is the custom domains and client-less access. I could probably set it up with caddy and some plugins, but then I still need to expose the service and port forward.

replies(3): >>45949115 #>>45953064 #>>45955265 #

1. dewey ◴[17 Nov 25 12:40 UTC] No.45953064[source]▶

>>45948861 #

That's a fair personal decision, but if I would have to put money on it I'd say the chances of new company that raised 160 million of VC funding this year alone vs. established profitable company with a track record of offering free services for many years already I'd put my money on the latter.

↑