Pretty simple answer: Wireguard.
Why? It’s the fastest of them all, works on almost all devices you can imagine, does not rely on any 3rd party like Tailscale with OICD or other IdP. Tailscale has its use when you are behind CGNAT and don’t want to VPS a Wireguard server somewhere with a static IP, other than that, it has no use in my opinion. I’m fully aware that I get downvotes from people who praise the zero trust principals of Tailscale and all the rest, but they always forget that you can do zero trust since decades with any network equipment (VXLAN) and add Wireguard to the mix. You can even run Wireguard in your local network to encrypt unencryptable traffic like NFS.
Check back in a few hours /u/Silencer306, this comment will have a few if not many downvotes.
I use WireGuard. It is sufficient for me, because I have no need to make my services publicly visible.
How do you access those services from a public network? Say, you want to access something while working from your office or a friend’s computer.
How do you access those services from a public network?
With Wireguard?
I use all three.
-
CF tunnels to access generic apps I want public.
-
Tailscale to have remote access to my home network.
-
Wireguard tunnel going to a VPS for apps that I don’t feel comfortable running through CF due to the bandwidth (Jellyfin, AzuraCast).
I totally could move everything that’s on CF tunnels over to Wireguard, but I see no need to do it. Cloudflare is trustworthy enough and I like the additional protection it offers.
-