Hello! I’ve been playing a bit with the Cloudflare Tunnels and so far I’m impressed with it. The lack of having to expose a server to the internet, set certificates and DNS entries make it extremely simple to use! It’s almost, but not 100% making me drop my self-hosted home network VPN servers.
There’s basically 2 reasons why I set up a home network VPN:
- Access to local network resources remotely
- Gateway traffic to local network
I’ve spent a few hours reading about Cloudflare tunnels and the WARP client and it’s pretty useful and solve the first reason beautifully and although I don’t care much for the added security against the ISP, it’s also a good thing to have if needed.
The second reason however is clear to me after quite a bit of studying that is not the reason to use WARP and it’s not something that is supported. I’ve seen the documentation about using a VPN on top of WARP which seemed complicated and probably not at all efficient.
I think if there is or will be any way to route the traffic through the local network gateway, even if for part of it as the geo location is probably the biggest reason to have a VPN today and having one self-hosted solves all my use cases.
Another question I have is around enrollment security. Is the OTP the only means of authentication if you don’t have an external authentication service? I wonder if the best security practice when you’re using it solely for yourself is to enroll your devices and then disable the enrollment altogether as compromising the e-mail server is probably quite possible compared to more sustainable forms of authentication like keypairs.