I'm thinking about exposing some services outside of my LAN, and wondering whether it would be better to go with Tailscale or Cloudflare Tunnel. [1]. At a high-level both solutions seems pretty similar, with a client service running on the machine you want to share.
My sense is that tailscale makes sense for a more locked-down service that is not accessible to the general public (although they do have a way to open up access to the world [4], it felt like more of a temporary thing than a permanent solution when I was looking into it).
And Cloudflare is more for exposing a service to the world, with support for a custom domain name, DDoS protection and other IP blocking feaures, etc. Cloudflare does have a "Zero Trust Network Access" product that I think might offer similar functionality to Tailscale, but honestly pretty hard to tell what it does from their website or how hard it would be to set up.
They both have free tiers that are pretty generous for "homelab" use cases. [2][3]
Does that sound pretty much correct? Are Tailscale and Cloudflare competitors with a lot of overlapping functionality? Or are they mostly distinct products serving different use cases/markets?
Cloudflare Access is a reverse proxy: you encrypt to Cloudflare, Cloudflare decrypts and scans the traffic, Cloudflare re encrypts to the origin server.
So, traffic is not end to end encrypted (Cloudflare man in the middles the traffic). That’s the reason we didn’t use it. Otherwise it’s a good service.
Good luck with CF's Tunnel. It may have been the complexity of my network at work, but I wasted a day trying to get that to work. Endless web setup 'wizards' and clicking around different components and their settings in the CF portal. It felt like trying to build out a moderately complicated cloud infra environment.
Tailscale is dead simple, even to create 'routers' that act more like a VPN appliance inside your network. It really does feel like something Apple would've come out with in their hayday: missing advanced features for power users, but is somehow able to deliver what feels like magic with minimal setup.
I'm very happy with Cloudflare Tunnel on the free tier. Setting it up didn't feel that complex, you just install a client app, link it to your account/domain and then go through their equivalent of setting up nginx, i.e. assign hostnames to ports, and you can even do that through the web interface.
Yes, Cloudflare has tons of functionality you probably won't need and their dashboards can be several layers deep, but just setting up the tunnel with HTTPS and some basic security takes one evening at most.
My sense is that tailscale makes sense for a more locked-down service that is not accessible to the general public (although they do have a way to open up access to the world [4], it felt like more of a temporary thing than a permanent solution when I was looking into it).
And Cloudflare is more for exposing a service to the world, with support for a custom domain name, DDoS protection and other IP blocking feaures, etc. Cloudflare does have a "Zero Trust Network Access" product that I think might offer similar functionality to Tailscale, but honestly pretty hard to tell what it does from their website or how hard it would be to set up.
They both have free tiers that are pretty generous for "homelab" use cases. [2][3]
Does that sound pretty much correct? Are Tailscale and Cloudflare competitors with a lot of overlapping functionality? Or are they mostly distinct products serving different use cases/markets?
[1] https://developers.cloudflare.com/cloudflare-one/connections...
[2] https://tailscale.com/pricing
[3] https://www.cloudflare.com/plans/
[4] https://tailscale.com/kb/1223/funnel