A while ago, after frustration with Tailscale in environments where it couldn’t properly penetrate NAT/firewall and get a p2p connection, I decided to invest some time into learning something new: Cloudflare Zero Trust + Warp.
There are so many new concepts, but after way too long, I can finally say that I understand Cloudflare Zero Trust Warp now. I am a full-on Cloudflare Zero Trust with Warp convert, and while I still have Tailscale running in parallel, almost everything I do now is going through Zero Trust tunnels.
This post is an explanation of the basic concepts, because I’m sure others will have similar issues wrapping their head around it.
Why would you even sink so much time into learning this? What does it give you?
Argo tunnels through Zero Trust allow you to do a bunch of really cool things:
Connect private networks together - can be home networks, can be kubernetes clusters, you can create tunnels to and from every infra
Expose private services to the public, on public hostnames, no matter where they are running. You could even put your router running at 192.168.1.1 on the internet, accessible to everyone, no Warp client required
Create fully private networks with private IPs (10.x.x.x) that only resolve when Warp is connected, to services you specify
Quickly expose a public route to any service running locally or on any server, for quick development, testing webhooks or giving coworkers a quick preview
Create a fully private network running at home that’s only available when you’re connected to the Warp VPN client, or only to you, reachable anywhere
... continue reading