I finally understand Cloudflare Zero Trust tunnels

https://news.ycombinator.com/rss Hits: 23
Summary

A while ago, after frustration with Tailscale in environments where it couldn鈥檛 properly penetrate NAT/firewall and get a p2p connection, I decided to invest some time into learning something new: Cloudflare Zero Trust + Warp.There are so many new concepts, but after way too long, I can finally say that I understand Cloudflare Zero Trust Warp now. I am a full-on Cloudflare Zero Trust with Warp convert, and while I still have Tailscale running in parallel, almost everything I do now is going through Zero Trust tunnels.This post is an explanation of the basic concepts, because I鈥檓 sure others will have similar issues wrapping their head around it.Why tho?#Why would you even sink so much time into learning this? What does it give you?Argo tunnels through Zero Trust allow you to do a bunch of really cool things:Connect private networks together - can be home networks, can be kubernetes clusters, you can create tunnels to and from every infraExpose private services to the public, on public hostnames, no matter where they are running. You could even put your router running at 192.168.1.1 on the internet, accessible to everyone, no Warp client requiredCreate fully private networks with private IPs (10.x.x.x) that only resolve when Warp is connected, to services you specifyQuickly expose a public route to any service running locally or on any server, for quick development, testing webhooks or giving coworkers a quick previewCreate a fully private network running at home that鈥檚 only available when you鈥檙e connected to the Warp VPN client, or only to you, reachable anywhereNo worries about NAT, everything goes through the Cloudflare network, no direct p2p connection requiredAdd very granular access policies on who can access what - what login method does the user need, which email addresses are allowed. Allow bots and server-to-server exceptions with service access tokens.Does the user need to have Warp running? Does he need to be enrolled in Zero Trust? Does he need some spec...

First seen: 2025-11-16 19:58

Last seen: 2025-11-17 17:47

Read Full Article More from this Source
Related News
SSE sucks for transporting LLM tokens
2025-12-13 路 1 hits
Hacking Google Chrome Source Code: Make Puppeteer work over Redis PubSub
2025-12-13 路 1 hits
Photographer Built a Medium-Format Rangefinder, and So Can You
2025-12-13 路 11 hits
Fast, Memory-Efficient Hash Table in Java: Borrowing the Best Ideas
2025-12-13 路 1 hits
Computer Animator and Amiga fanatic Dick Van Dyke turns 100
2025-12-13 路 10 hits