Great video! Thanks! My general practice is three-pronged: 1. Public access: Cloudflare Tunnel 2. Access restricted to a few known users: Cloudflare Tunnel + Cloudflare Application 3. Personal access for administration: Tailscale
Came over here after watching Network Chuck, compared to him I like the way you go over the details slowly but also explain things in simple terms. I'll be trying this out tomorrow morning. You earned by sub! Look forward to more tutorials.
Best. Tutorial. Ever. Holy cow! I cannot thank you enough! I can't even count the number of step by step install instructions that fail to mention crucial information and cause endless hours of frustration. This was simple, and you had the troubleshooting right there to get me past the last step! Stoked to finally have real domain names for my servers!
Chris, This was so easy to set up in a matter of a few minutes. I admit the TLS had me a little tweaked. But all has been rectified and working as it was intended. Thank you.
I kept hearing about how great cloudflare tunnels are but never bothered to look into it.Then all of the sudden I stumble on your video. I was up and running in a few minutes. I should have look for it earlier. Cloudflare tunnels are amazing and so simple to use! Just don't wait to put authentication on your tunnels, in fact I think it should be part of the main workflow before the tunnel route is active. Treat actors do monitor DNS zone updates and will very quickly scan your exposed internal endpoint upon creation of the tunnel.
It should ALWAYS be mentioned that when using Cloudflare's services they can decrypt all of your tunneled TLS-encrypted traffic. There is a reason this service is offered for free, and it's not because Cloudflare is a charity. I wouldn't touch it with a ten foot pole.
Great tutorial! One thing to note: g. You will be required to add a payment method even though it's free. Add the payment on the main page if you get an error when prompted for a payment elswhere. Works like a charm.
When hosts deliberately omit key aspects especially costing etc. I simply follow cancel culture and move on. Why would you omit key aspects? its the same as some omitting certain steps in a process etc. Time is value, I already wasted time writing this. :)
I just find there are simply too many youtube channels promoting aspects of learning which are in demand, but end up to be a promotor or affiliate or such, without the facts being put forward before-hand. It takes away from the positive experience and leave viewers such as myself feel cheated. @@doujinflip
Because the account can turn on paid features as well. I've been using it for the past year and love it. Haven't personally paid a cent but I liked it so much that I end up using it at work so their strategy worked.
I am currently going through a home server rabbit hole. I've wanted set up a nice home server that serves also as cloud storage for personal files, and I wasn't sure about going forward because of security. This is seriously giving me motivation to try it out and set up a personal server.
without cf tunnels you can still have a relatively locked down home server if you just open the port to vpn in and nothing else. But vpns are not as neat.
Man, this is actually awesome! Thank you very much for the walkthrough! I already played around the console with some domains I own but never actually explored the tunnels! Awesome stuff! You just got yourself a new subscriber!
Thanks for this Chris. Very well presented. I might set this up as a secondary access model. I currently use WireGuard running on a VM and will keep it that way. My concern about the CloudFlare setup it that its "cloud service" that the user is giving a lot of personal information, and even control. Then tying security authentication back to Google, who we all know retains more information on people than they know, just like this message I am send you, further makes me not want to do this. CloudFlare states it keeps 24 hour "logs", another reason to avoid. No logs, maybe, but we all know that all ISP and VPN providers retain logs, even when they lie and say they dont. Nothing is perfect or secure. Best regards, this was a great video.
Add on abit, vpn providers market vpn services as secure connection while not exposing any information on your device. But This can be only true if you have logs to verify that the connection is secure. Without it, the claim is vague.
I'm using this to externally connect to my Home Assistant instance, as well as a couple media management tools I have, and it's flawless! Very glad that this exists, and is aimed at making things simple, while being secure.
thinking of doing the same , just a matter of remembering my CF account last time I was just pointing the CNAME . Domain Name to what ever port I wanted *edit* finally found the correct email account so on tomorrows todo list
I shill cloudflare every chance I get, all their stuff is top notch and rock solid. I heavily use tunnels, workers, and ZT, and can’t imagine a world without them now.
for those who get an empty page with HTML code when setting up the nas subdomain, you have to disable the Automatically redirect HTTP connection to HTTPS for DSM desktop option from Control panel -> Login portal -> DSM
Chris... I have implemented CF in my homelab as well similar to your configuration. Only difference was using an Ubuntu Virtual Machine as my cloudflare connector server. Works like a charm...
Chris, very through. I have done this same thing a few months back. I did it in a poking around method. I came to both you and Tom L for clarification in the process. The Warp is also a very nice portion of this product.
I appreciate your instructive dialog! You have a great way of slowing down enough and explaining WHY something is being selected! Extremely helpful! Thank you!
I'm glad you went over the locking it all down stuff, because I was thinking yeah i'd still prefer a VPN. But after seeing the options available for securing it I'm thinking I might give it a try now.
I have a raspberry pi 4 based on 32-bit ARM, and I could not use the docker command from the cloudflare website zero trust dashboard to work (and yes I installed docker and cloudfared before trying the command). However, if you follow an online guide for setting up a cloudflare tunnel on raspberry pi through the CLI, you can migrate it over to the Zero Trust Dashboard once you are finished. Then, you can manage everything easily the same way as Chris shows in the video. I even have retronas running on the same rasperry pi and after everything was done, everything still works concurrently.. even after multiple reboots.
Tried this. Works well for low bandwidth applications like a router web ui. With things like video this is stupendously slow, causing disconnects. Might work faster if it is not a docker container. Need to test more
Hey Chris, again great video! it's worth mentioning that people who set up Zero trust for the first time, need to pick a plan. You can choose a $0 free plan, but you do need to enter CC details or another payment method.
Wiele poradników obejrzałem, ale żadena z konfiguracji nie działała. Twój poradnik jest najlepszy i co ważne cloudflare działa!!!! Dziękuje po wielokroć!!!
Help! Everything was working good until around the 12:18 mark. When I clicked "Traffic," there was NO Cloudflare Tunnel button to click! It's missing! Now what??
Chris, you are a one of a kind honest and helpful. This was a great video tutorial. Many youtubers like to leave/hide out a few steps here and there making it frustrating to implement. hope to see more videos like this.
Thank you so much for your helpful tutorial on setting up a Cloudflare tunnel! Your clear and concise explanation made it so easy for me to get started. I really appreciate the time and effort you put into creating this video
Best tutorial ever. Thank you! For other synology users, i had to set my config in cloudflare to "https" and enable the TLS verify like he did with firewall^
Hi Chris, great tutorial - well paced and easy steps to follow. As with Jeff, tripped up on TLS which needed to be turned on - as you had documented so I would recommend people download this too. Great Job
As you mentioned, this just scratches the surface of what can be done with Cloudflare/d. How about a high level video on the various services and things that could be done, as I don't even know what else to look for on the CF connector. It looks like the sky's the limit.
I had Cloudflare already installed but this video explained a lot more. Further if you are running Home Assistant on a Raspberry Pi then there is a Cloudflare Add on which you can install. Question: How do you need to set it up if you want Synology apps like Photo and DS Video and want to use 2FA ? In the app you need to setup the server name but then an authentication is needed ?
Dude you're amazing. I first thoght "an overexplained version" but no, as someone else pointed, you mention all the critical steps thst others YTbers skip. A MEGA thank you brother, keep it up. ❤❤❤
@@eyehear10 If you enable SSH in the "Additional Settings" section when you're making a new application policy, you can access SSH directly from the browser. You can't add it retroactively though, you will just have to create a new policy and you'll see it at the bottom of the 3rd page in "browser rendering" where you then select "SSH" in the dropdown
wow! after all these failed trials with forwarding ports, public IP and other nonsens stuff and wasted literally days of my life, I finally managed to access to my home services outside of my local network. Thank you! I am so glad I have found your tutorial with potential problem examples. These problems weren't potential in my case.
Please do more videos on this technology, including other Zero Trust solutions from Zerotier and Tailscale. These tunneling technologies are the future of secure remote access. Traditional VPNs are failing in terms of performance. When everyone has fast upload Internet speeds with no data cap from home, running private servers will be an attractive option to keep one's data inhouse. This comes at the cost of security. These new secure access technologies will play a major role in this new data sharing lifestyle.
If you set up a tunnel through Cloudflare and transfer a lot of data (lets say 20 terabytes per month) would you have to pay for that traffic going through this Cloudflare tunnel? (Think off-site backups to a datacenter.)
I think it's important to note (learned from doing with Home Assistant) section 2.8, which restrict usage to "website" like services. I am not sure if Cloudflare will block/warn if you do a lot of traffic over the tunnel.
they will... you will get ip banned.. you cannot use these for your NAS or media related stuff... only html websites... if they see you are using it for something else then static websites you will get banned... Cloudflare Tunnels are very limited... i would choose for wireguard vpn since that is opensource and selfhosted
Why are you not using docker on a RPI ? I prefer to setup a RPI with docker on it, so I can easely shutdown the RPI if no external connection is needed. For example, if I need to provide support for family members, it is easier for them to power on the Pi then starting a docker instance on a NAS :)
Great Vidéo tks and in my CF GUI, "Tunnel" has been moved to : Access-> then the rest is the same ->Launch Zero Trust->Select an account->Access->Tunnels. Also, on Synology Docker might be now called "container manager". Hope this helps someone :)
It is worth pointing out that Cloudflare is able to MITM all of your traffic if they wanted to. They already effectively do this for HTTPS, because TLS is terminated on their systems and not on yours.
Hi Chris, I'm at the traffic part, but It is not giving the choice for a tunnel. I have looked everywhere in cloudflare but I can't find it. What options do I have? thanks.
Wow, first of all, love the way you vividly and clearly present this. Secondly , this is sth I've been thinking of for months, since providers in Brazil and in Europe are massively switching to cg-nat. Making my VPN a hassle. Would be awesome if Mikrotik will support the function that you put in the docker. Seems the right function for a router to me. Thanks.
Thanks Chris, it is a great tutorial. I appreciate your time and effort to make this video. but I think it might not be a great solution for everyone. There is a limitation on serving non-html content such as video, audio and pictures especially for their free plan. I believe Cloudflare should be more transparent about their services.
Thank for this very helpful tutorial. I had a few bumps in the road for my particular situation, but using both the video and the blog post, I finally succeeded.
THANK YOU!! I’ve been searching for something like this to access my LAN while away from home. I have been on Starlink for just over a year and haven’t found a great solution to access my NAS, security system and cameras. Touring the country this summer will be a lot less stressful! :)
My question exactly! Tailscale always relays my traffic through their DERP relays, probably because I'm on LTE (CGNAT). Will this Cloudflare setup be better?
I think TailScale is better because Cloudflare has limits on what you can run traffic wise against their terms etc especially servers. TailScale just works. Performance varies for sure and it won’t win any awards there but I feel like it’s the better choice in most cases.
Tailscale is a VPN installed ideally on every device unless using subnet routing features. Where as the cloudflare tunnel is used without a VPN so, no config on client side devices. I personally never even considered using it for personal use only used it in buisness, but after watching this has me thinking about all the things I could do with it. Not sure that helps, but hope it does.
@@blindside995 Yes, I only install it on one device in my network (either Synology or my pfsense router) with subnetting, then on devices (phones, tablets) that I will want to access from. Agreed it needs to be installed on those portable devices where Cloudflare Tunnel wouldn't need that. I can then access any device in my home network. And my connection is direct, not through another access point. Just curious if the Cloudflare solution (which involves more setup) has advantages.
Man this is so cool, I love networking! This is going to make security of company resources way easier, no hassle of using VPN's for employees. Thanks for the video!
I was already using cloudflare tunnels, but you gave me new information I hadn't known about. I originally set up individual applications with standardized rules for everything I'm hosting, but when you mentioned using a wildcard for the subdomain a light bulb went off in my head to change how I have it set up. Thanks!
Thanks for the tutorial. I have a Synology NAS and was able to set it up exactly as you outlined. Can remotely manage my home network. Initially had some issues connecting to my Synology NAS but figured it out. Works like a charm. This is so much better than using a VPN and it's complicated for me to open ports because my LAN is behind two NAT routers.
For this to overtake VPN the service would need to be embedded into gateway routers and network security appliances. From an IT support perspective, VPNs are also used for remote troubleshooting/problem resolution which cannot rely on devices to host VPN or equivalent services. From a security perspective, the trust in cloudflare to maintain rock-solid security in their hub would otherwise be unnecessary where vpn keeps that in-house. This has a potential for microbusinesses that rely on ad-hoc support, I doubt Managed Service Providers will be keen to accept this for larger businesses.
Thanks for the walkthrough! The basic Cloudflare docker setup procedure you outline for the Synology NAS will also work for QNAP NAS that have the QNAP ContainerStation installed.
Well done! I'm a seasoned (old) I.T. guy and I'm easily bored with videos that are "dumbed down" for less techy people. This one is very well-balanced. I only skipped the docker part.
@@joshpoore5288 No not yet, I am currently looking into a few other options. I never could get RDP to work with cloudflare. It might be due to the free version I have like you mentioned.
Well done for making this video, you prompted me to do this but I used a Raspberry Pi as the "connector". It works exceedingly well so I have moved my existing domain name to CloudFlare. The Raspberry Pi does not need detailed configuration via command line, just the basics to get it operating, from then on it is configurable via the Cloudflare dashboard. A slight variance to your set up was that even going for the free package it still went through payment options page. So far I am very pleased, it works very smoothly. One criticism is that using the emailed PIN option the email contains the URL that you are wanting access to, fine as long as the email is not intercepted.
A super secure DDNS server on steroids. If Docker can be integrated into consumer-based routers through a software repository without the need for a secondary device to run 24-7, it would be a major game changer for home and small office users that require remote access to NAS devices, surveillance systems, and other basic resouirces. Thanks for the info! I've never heard of this service before! A very informative video!
it was very informative & Very educative content. I highly encourage you to keep this type of content up!i'm waiting for your next video about cloudflare Tunnels . thnx
Hello Chris, this is great and i set it up some time ago, however i have changed a a fair few this in my setup and have found that Cloudflare have changed their site quite a bit and i am getting confused about what i am doing. Is it still worthwhile doing the tunnels option or have things changed?
Very well done tutorial and makes maintenance much easier than maintaining DNS records and a proxy manager with SSL Certs. Only thing I'd love to see is the ability to use TOPT from an authenticator app instead of the emailed code. Any tips on getting TOPT to work instead?
Yeah i want this. Im surprised there isnt an option to just use the host cloudflare authentication, IE just ask for me to enter my TOTP code of the root cloudflare account to access the site
Agreed this is much slicker, and more secure than using reverse proxy on Synology and having to punch holes in the firewall! I'm with you, I'd love to find out how to use Google Authenticator as an alternative to the e-mail codes.
'Skinning a Cat with a Knife is easier the Skinning a Cat with a Spoon'? I'll take that Bet! 😁 Great video - well explained and concise. PS. I'd like to see this used as a 'general' VPN for internal users. Subscribed.
I looked at their zero trust pricing plans and couldn't find any transfer limitations mentioned for the free plan, I'm guessing that's hidden somewhere. Can you give a synopsis of the limitations or a pointer on where to find that information from cloudflare?
😭 This would have saved me so much time trying to figure out how to set up my synology to cloudflare. I figured it out but this would have saved me lots of time.
I'd love to see a comparison of Cloudflare to Tailscale. With Tailscale, you don't need a domain name and that's a big hurdle for some of us as easy as it may be.
Great video! Thanks!
My general practice is three-pronged:
1. Public access: Cloudflare Tunnel
2. Access restricted to a few known users: Cloudflare Tunnel + Cloudflare Application
3. Personal access for administration: Tailscale
thanks for the suggestion! i was thinking about the same.
Came over here after watching Network Chuck, compared to him I like the way you go over the details slowly but also explain things in simple terms. I'll be trying this out tomorrow morning. You earned by sub! Look forward to more tutorials.
This literally solved my 2 weeks headaches of messing with NAT, firewall rules, gateways and whatnot in Pfsense. Thankkk you!
Best. Tutorial. Ever. Holy cow! I cannot thank you enough! I can't even count the number of step by step install instructions that fail to mention crucial information and cause endless hours of frustration. This was simple, and you had the troubleshooting right there to get me past the last step! Stoked to finally have real domain names for my servers!
EXACTLY!!
Chris, This was so easy to set up in a matter of a few minutes. I admit the TLS had me a little tweaked. But all has been rectified and working as it was intended. Thank you.
I kept hearing about how great cloudflare tunnels are but never bothered to look into it.Then all of the sudden I stumble on your video. I was up and running in a few minutes. I should have look for it earlier. Cloudflare tunnels are amazing and so simple to use! Just don't wait to put authentication on your tunnels, in fact I think it should be part of the main workflow before the tunnel route is active. Treat actors do monitor DNS zone updates and will very quickly scan your exposed internal endpoint upon creation of the tunnel.
Yes! Please. A video on setting up cloudflare to access your entire network! Fantastic content.
It should ALWAYS be mentioned that when using Cloudflare's services they can decrypt all of your tunneled TLS-encrypted traffic. There is a reason this service is offered for free, and it's not because Cloudflare is a charity. I wouldn't touch it with a ten foot pole.
😂👍
how dare you
Not a good idea. Why expose your entire network ???
Sarcasm?
Great tutorial! One thing to note: g. You will be required to add a payment method even though it's free. Add the payment on the main page if you get an error when prompted for a payment elswhere. Works like a charm.
When hosts deliberately omit key aspects especially costing etc. I simply follow cancel culture and move on. Why would you omit key aspects? its the same as some omitting certain steps in a process etc. Time is value, I already wasted time writing this. :)
Or because the account was set up some time before, the host either forgot or wasn't required to enter a payment method at the time of enrollment.
I just find there are simply too many youtube channels promoting aspects of learning which are in demand, but end up to be a promotor or affiliate or such, without the facts being put forward before-hand. It takes away from the positive experience and leave viewers such as myself feel cheated. @@doujinflip
Why are they requiring a payment method if its free?
Because the account can turn on paid features as well. I've been using it for the past year and love it. Haven't personally paid a cent but I liked it so much that I end up using it at work so their strategy worked.
I am currently going through a home server rabbit hole. I've wanted set up a nice home server that serves also as cloud storage for personal files, and I wasn't sure about going forward because of security. This is seriously giving me motivation to try it out and set up a personal server.
curl into the fetal position and lay on the floor
without cf tunnels you can still have a relatively locked down home server if you just open the port to vpn in and nothing else. But vpns are not as neat.
Thank you for a very thorough and easy to follow tutorial. This is exactly what I've been looking for for months.
Man, this is actually awesome! Thank you very much for the walkthrough! I already played around the console with some domains I own but never actually explored the tunnels! Awesome stuff! You just got yourself a new subscriber!
Pretty sweet. I didn't even know this was offered, let alone for free. As of this date the tutorial went flawlessly.
Thanks for this Chris. Very well presented. I might set this up as a secondary access model. I currently use WireGuard running on a VM and will keep it that way. My concern about the CloudFlare setup it that its "cloud service" that the user is giving a lot of personal information, and even control. Then tying security authentication back to Google, who we all know retains more information on people than they know, just like this message I am send you, further makes me not want to do this. CloudFlare states it keeps 24 hour "logs", another reason to avoid. No logs, maybe, but we all know that all ISP and VPN providers retain logs, even when they lie and say they dont. Nothing is perfect or secure. Best regards, this was a great video.
Add on abit, vpn providers market vpn services as secure connection while not exposing any information on your device. But This can be only true if you have logs to verify that the connection is secure. Without it, the claim is vague.
@@huyongjie2992 Or you can run independent live-test certifications to verify the security without logging the user traffic.
And if the provider is in the USA, they legally have to provide logs if asked by the authorities.
This is legit guys! Tried it and works perfectly. You must have patience when doing this also. Thank you! You earn a sub here
I'm using this to externally connect to my Home Assistant instance, as well as a couple media management tools I have, and it's flawless! Very glad that this exists, and is aimed at making things simple, while being secure.
would you mind sharing how you did it? Thank you!
thinking of doing the same , just a matter of remembering my CF account last time I was just pointing the CNAME . Domain Name to what ever port I wanted *edit* finally found the correct email account so on tomorrows todo list
I shill cloudflare every chance I get, all their stuff is top notch and rock solid. I heavily use tunnels, workers, and ZT, and can’t imagine a world without them now.
cloudflare tunnels are freaking amazing
Agreed.
@@CrosstalkSolutions How is this different from Ngrok?
for those who get an empty page with HTML code when setting up the nas subdomain, you have to disable the Automatically redirect HTTP connection to HTTPS for DSM desktop option from Control panel -> Login portal -> DSM
THANK YOU! Been beating my head against my desk for an hour. This fixed it.
Chris... I have implemented CF in my homelab as well similar to your configuration. Only difference was using an Ubuntu Virtual Machine as my cloudflare connector server. Works like a charm...
5:36
I love and appreciate all of your help with serious information online for CHRISTOPHER FAWCETT!!
@@machook1987 I have submitted the features of business.
Chris, very through. I have done this same thing a few months back. I did it in a poking around method. I came to both you and Tom L for clarification in the process. The Warp is also a very nice portion of this product.
I appreciate your instructive dialog! You have a great way of slowing down enough and explaining WHY something is being selected! Extremely helpful! Thank you!
I'm glad you went over the locking it all down stuff, because I was thinking yeah i'd still prefer a VPN. But after seeing the options available for securing it I'm thinking I might give it a try now.
I have a raspberry pi 4 based on 32-bit ARM, and I could not use the docker command from the cloudflare website zero trust dashboard to work (and yes I installed docker and cloudfared before trying the command). However, if you follow an online guide for setting up a cloudflare tunnel on raspberry pi through the CLI, you can migrate it over to the Zero Trust Dashboard once you are finished. Then, you can manage everything easily the same way as Chris shows in the video.
I even have retronas running on the same rasperry pi and after everything was done, everything still works concurrently.. even after multiple reboots.
Tried this. Works well for low bandwidth applications like a router web ui. With things like video this is stupendously slow, causing disconnects. Might work faster if it is not a docker container. Need to test more
Hey Chris, again great video! it's worth mentioning that people who set up Zero trust for the first time, need to pick a plan. You can choose a $0 free plan, but you do need to enter CC details or another payment method.
Thanks, I was confused until I read this.
Wiele poradników obejrzałem, ale żadena z konfiguracji nie działała.
Twój poradnik jest najlepszy i co ważne cloudflare działa!!!!
Dziękuje po wielokroć!!!
Thanks for the great video! I’d be really interested to see another video about how Cloudflare Tunnels could replace a VPN for full LAN access.
Help! Everything was working good until around the 12:18 mark. When I clicked "Traffic," there was NO Cloudflare Tunnel button to click! It's missing! Now what??
Chris, you are a one of a kind honest and helpful. This was a great video tutorial. Many youtubers like to leave/hide out a few steps here and there making it frustrating to implement. hope to see more videos like this.
i just started watching this video but the way you talk shows that you know what you do and you are confident about it, very nice.
Yt😅😅😅
i've seen a lot of videos to do this, this is BY FAR the best, thanks.
Very helpfull. Please another video on how to set up full access to LAN .
i vouch for cloudflare tunnel, super quick to setup and no ports opened on my network. great video btw!
Thank you so much for your helpful tutorial on setting up a Cloudflare tunnel! Your clear and concise explanation made it so easy for me to get started. I really appreciate the time and effort you put into creating this video
Best tutorial ever. Thank you!
For other synology users, i had to set my config in cloudflare to "https" and enable the TLS verify like he did with firewall^
Yes! Please. A video on setting up cloudflare to access your entire network would be great! Thank you very much.
I have cloudflare tunnels running on a pi zero w. It works great, has been running for months, and has never gone down.
I can recall at least 2x Cloudflare had major outages causing huge issues online...wonder how it works at that point
Hi Chris, great tutorial - well paced and easy steps to follow. As with Jeff, tripped up on TLS which needed to be turned on - as you had documented so I would recommend people download this too. Great Job
This tutorial is definitely worth $5 in coffee. Thanks for the details. I got it running in a QNAP docker.
As you mentioned, this just scratches the surface of what can be done with Cloudflare/d. How about a high level video on the various services and things that could be done, as I don't even know what else to look for on the CF connector. It looks like the sky's the limit.
I had Cloudflare already installed but this video explained a lot more. Further if you are running Home Assistant on a Raspberry Pi then there is a Cloudflare Add on which you can install. Question: How do you need to set it up if you want Synology apps like Photo and DS Video and want to use 2FA ? In the app you need to setup the server name but then an authentication is needed ?
Dude you're amazing. I first thoght "an overexplained version" but no, as someone else pointed, you mention all the critical steps thst others YTbers skip.
A MEGA thank you brother, keep it up. ❤❤❤
I would love to see a more advanced version, with network tunnelling, and ssh security
They get money from selling collected data, I doubt that will happen
Have a look at Nebula
There’s an ssh option in the drop-down that you can configure. The rest of the steps are the same
@@eyehear10 it is possible to route IP traffic (subnets) via such tunnel when connecting with Warp client from user side.
@@eyehear10 If you enable SSH in the "Additional Settings" section when you're making a new application policy, you can access SSH directly from the browser. You can't add it retroactively though, you will just have to create a new policy and you'll see it at the bottom of the 3rd page in "browser rendering" where you then select "SSH" in the dropdown
Bedankt
Great Tutorial Video !!! Could you create a video tutorial on how to use Cloudflare Tunnel to access servers/PCs via RDP?
For me, with a cgnat internet connection this is GOLD! Thanks!
This service is very compelling and most important of all FREE. Which begs the question… what’s the catch?? 😅
means we are the product.... info you used is collected
Onley 50 users for free then you have to pay 😐
wow! after all these failed trials with forwarding ports, public IP and other nonsens stuff and wasted literally days of my life, I finally managed to access to my home services outside of my local network. Thank you! I am so glad I have found your tutorial with potential problem examples. These problems weren't potential in my case.
This is great, Cloudflare and government agencies will also be able to access your home more easily, it's so cool.... so cool🤣🤣🤣
@@elbgFr xD
Please do more videos on this technology, including other Zero Trust solutions from Zerotier and Tailscale. These tunneling technologies are the future of secure remote access. Traditional VPNs are failing in terms of performance. When everyone has fast upload Internet speeds with no data cap from home, running private servers will be an attractive option to keep one's data inhouse. This comes at the cost of security. These new secure access technologies will play a major role in this new data sharing lifestyle.
Tailscale is easier
If you set up a tunnel through Cloudflare and transfer a lot of data (lets say 20 terabytes per month) would you have to pay for that traffic going through this Cloudflare tunnel? (Think off-site backups to a datacenter.)
This was extremely useful and clear. Thank you, I didn't know Cloudflare offered free tunneling!
I think it's important to note (learned from doing with Home Assistant) section 2.8, which restrict usage to "website" like services. I am not sure if Cloudflare will block/warn if you do a lot of traffic over the tunnel.
they will... you will get ip banned.. you cannot use these for your NAS or media related stuff... only html websites... if they see you are using it for something else then static websites you will get banned... Cloudflare Tunnels are very limited... i would choose for wireguard vpn since that is opensource and selfhosted
so I wouldn't be able to use this cloudflare service for my website?
@@ayden7241 I think for websites, it is okay. They removed that section. However there is vague definition of fair usage. Your site is self-hosted?
@@hunordori yes, they're self-hosted
@@ayden7241 Websites are ok. I have my Home Assistant. Anything that is not a high traffic.
Thanks!
Why are you not using docker on a RPI ?
I prefer to setup a RPI with docker on it, so I can easely shutdown the RPI if no external connection is needed.
For example, if I need to provide support for family members, it is easier for them to power on the Pi then starting a docker instance on a NAS :)
Great Vidéo tks and in my CF GUI, "Tunnel" has been moved to : Access-> then the rest is the same ->Launch Zero Trust->Select an account->Access->Tunnels. Also, on Synology Docker might be now called "container manager". Hope this helps someone :)
It is worth pointing out that Cloudflare is able to MITM all of your traffic if they wanted to.
They already effectively do this for HTTPS, because TLS is terminated on their systems and not on yours.
Back to my trusted OpenVPN tunnel on my Synology NAS then.
Yes! Either the op is a total newb/idiot, or he was payed/sponsored by cloudfail.
This is not OK. If they have access to this the government and theoretically anyone with clout can "Man in the middle" your data..
Facts
@@xpediteafrica5177the feds can mitm you by compelling your isp to do it to your connection anyway.
Not gonna lie, having to pay for a domain server drove me away from this tut, but wow... you've explained it very nicely indeed. Nicely done.
Hi Chris, I'm at the traffic part, but It is not giving the choice for a tunnel. I have looked everywhere in cloudflare but I can't find it. What options do I have? thanks.
Been using cloudflare with warps for 3-4 years now, no complaints
Chris bringing quality and useful content as always! Keep it up! You are doing great! :)
This is cool. It opens up a whole host of remote LAN access options.
Wow, first of all, love the way you vividly and clearly present this. Secondly , this is sth I've been thinking of for months, since providers in Brazil and in Europe are massively switching to cg-nat. Making my VPN a hassle.
Would be awesome if Mikrotik will support the function that you put in the docker. Seems the right function for a router to me. Thanks.
Went looking for Mikrotik solutions right away. Seems they are fully supporting it. Awesome.
The way you explain the things is next level! Answered all my questions
Thanks Chris, it is a great tutorial. I appreciate your time and effort to make this video. but I think it might not be a great solution for everyone. There is a limitation on serving non-html content such as video, audio and pictures especially for their free plan. I believe Cloudflare should be more transparent about their services.
Cloudfail is a downgrade compared to vpn.
Thank for this very helpful tutorial. I had a few bumps in the road for my particular situation, but using both the video and the blog post, I finally succeeded.
Great tutorial, really appreciate you going through what breaks linkages, particularly with respect to TLS certs.
Hello, this is the most descriptive, detailed and step-by-step video I have ever watched. Thank you very much.
THIS LOOKS GREAT!! i love zerotier! wonder how these two services compare? perhaps another video? :)
THANK YOU!! I’ve been searching for something like this to access my LAN while away from home. I have been on Starlink for just over a year and haven’t found a great solution to access my NAS, security system and cameras. Touring the country this summer will be a lot less stressful! :)
So how does the Cloudflare Tunnel compare to Tailscale mesh VPN, which also work without opening firewall ports?
My question exactly! Tailscale always relays my traffic through their DERP relays, probably because I'm on LTE (CGNAT). Will this Cloudflare setup be better?
I think TailScale is better because Cloudflare has limits on what you can run traffic wise against their terms etc especially servers. TailScale just works. Performance varies for sure and it won’t win any awards there but I feel like it’s the better choice in most cases.
Tailscale is a VPN installed ideally on every device unless using subnet routing features.
Where as the cloudflare tunnel is used without a VPN so, no config on client side devices. I personally never even considered using it for personal use only used it in buisness, but after watching this has me thinking about all the things I could do with it.
Not sure that helps, but hope it does.
@@blindside995 Yes, I only install it on one device in my network (either Synology or my pfsense router) with subnetting, then on devices (phones, tablets) that I will want to access from. Agreed it needs to be installed on those portable devices where Cloudflare Tunnel wouldn't need that. I can then access any device in my home network. And my connection is direct, not through another access point. Just curious if the Cloudflare solution (which involves more setup) has advantages.
Man this is so cool, I love networking! This is going to make security of company resources way easier, no hassle of using VPN's for employees. Thanks for the video!
I was already using cloudflare tunnels, but you gave me new information I hadn't known about. I originally set up individual applications with standardized rules for everything I'm hosting, but when you mentioned using a wildcard for the subdomain a light bulb went off in my head to change how I have it set up. Thanks!
Same
Great, this is exactly that i needed, forget problems with CG-NAT, no more open ports and DMZ
Great video. But you act like a Raspberry Pi can't also run docker containers. It can and it does it well.
Thanks for the tutorial. I have a Synology NAS and was able to set it up exactly as you outlined. Can remotely manage my home network. Initially had some issues connecting to my Synology NAS but figured it out. Works like a charm. This is so much better than using a VPN and it's complicated for me to open ports because my LAN is behind two NAT routers.
What did you do to fix it? I am currently having issues and can't seem to figure it out.
For this to overtake VPN the service would need to be embedded into gateway routers and network security appliances.
From an IT support perspective, VPNs are also used for remote troubleshooting/problem resolution which cannot rely on devices to host VPN or equivalent services.
From a security perspective, the trust in cloudflare to maintain rock-solid security in their hub would otherwise be unnecessary where vpn keeps that in-house.
This has a potential for microbusinesses that rely on ad-hoc support, I doubt Managed Service Providers will be keen to accept this for larger businesses.
100% - Engineer with a Northern California MSP
Thanks for the walkthrough! The basic Cloudflare docker setup procedure you outline for the Synology NAS will also work for QNAP NAS that have the QNAP ContainerStation installed.
Would love to see the more advanced VPN setup as mentioned in your video.
Chris - Can Cloudflare be used to frontend a Remote Desktop gateway server. Would like to see a video on the specific configuration.
Well done! I'm a seasoned (old) I.T. guy and I'm easily bored with videos that are "dumbed down" for less techy people. This one is very well-balanced. I only skipped the docker part.
i can't believe i learn a such hard thing in one go. will definitely try it.
If you have a chance can you please do a video with cloudflare and a setup with Remote desktop, thanks!
Running Guacamole in a Docker container is a good way to achieve this. Not sure if this is the answer you want though
Did you ever figure this out? I saw a comment on another channel that said cloudflare closed RDP on the free version
@@malasoat1 thanks for the suggestion, I'll look into this.. it might be what I need.
@@joshpoore5288 No not yet, I am currently looking into a few other options. I never could get RDP to work with cloudflare. It might be due to the free version I have like you mentioned.
I have a lil bit similar setup achieved through nginx but this is way more intuitive. thanks for this video. new knowledge gained :)
Awesome awesome work. You are on a different universe on making tutorials compared to anything else on the net!
That is the best tutorial by far in internet for this technology!! Thank you so much for it!!
Use tailscale also free with SSH security and wireguard. Very simple and works.
Well done for making this video, you prompted me to do this but I used a Raspberry Pi as the "connector". It works exceedingly well so I have moved my existing domain name to CloudFlare. The Raspberry Pi does not need detailed configuration via command line, just the basics to get it operating, from then on it is configurable via the Cloudflare dashboard. A slight variance to your set up was that even going for the free package it still went through payment options page. So far I am very pleased, it works very smoothly. One criticism is that using the emailed PIN option the email contains the URL that you are wanting access to, fine as long as the email is not intercepted.
A super secure DDNS server on steroids. If Docker can be integrated into consumer-based routers through a software repository without the need for a secondary device to run 24-7, it would be a major game changer for home and small office users that require remote access to NAS devices, surveillance systems, and other basic resouirces. Thanks for the info! I've never heard of this service before! A very informative video!
it was very informative & Very educative content. I highly encourage you to keep this type of content up!i'm waiting for your next video about cloudflare Tunnels . thnx
Remember friends... Nothings free.
Finally, I found the best instructions to be smooth and the answers to my questions.
Did I miss the mention of section 2.8 "Limitation on Serving Non-HTML Content" of the Cloudflare Self-Serve Subscription Agreement?
Hello Chris, this is great and i set it up some time ago, however i have changed a a fair few this in my setup and have found that Cloudflare have changed their site quite a bit and i am getting confused about what i am doing. Is it still worthwhile doing the tunnels option or have things changed?
Very well done tutorial and makes maintenance much easier than maintaining DNS records and a proxy manager with SSL Certs. Only thing I'd love to see is the ability to use TOPT from an authenticator app instead of the emailed code. Any tips on getting TOPT to work instead?
Yeah i want this. Im surprised there isnt an option to just use the host cloudflare authentication, IE just ask for me to enter my TOTP code of the root cloudflare account to access the site
Agreed this is much slicker, and more secure than using reverse proxy on Synology and having to punch holes in the firewall! I'm with you, I'd love to find out how to use Google Authenticator as an alternative to the e-mail codes.
'Skinning a Cat with a Knife is easier the Skinning a Cat with a Spoon'? I'll take that Bet! 😁 Great video - well explained and concise. PS. I'd like to see this used as a 'general' VPN for internal users. Subscribed.
It seems like wireguard is more functional then this, there are some serious file transfer limitations in their terms.
I looked at their zero trust pricing plans and couldn't find any transfer limitations mentioned for the free plan, I'm guessing that's hidden somewhere. Can you give a synopsis of the limitations or a pointer on where to find that information from cloudflare?
😭 This would have saved me so much time trying to figure out how to set up my synology to cloudflare. I figured it out but this would have saved me lots of time.
Would absolutely love an extended video on using it for users to VPN in
Oh my damn this was awesome. I also have Synology and have always struggled trying to have secure access outside my network. This was perfect.
This is awesome, great tutorial! Please do more!!!
I use this for my HomeAssistant. Works great!
I'd love to see a comparison of Cloudflare to Tailscale. With Tailscale, you don't need a domain name and that's a big hurdle for some of us as easy as it may be.