Right now I’ve been using Tailscale because it automatically adapts to my network conditions. If I’m at home, it’ll prioritize local network connection, but when I’m out and about, it’ll automatically beam a direct connection or use a relay.
One gripe I have about it is I can’t run it alongside my normal VPNs on my mobile devices. I have to choose between one or the other.
I have tried Cloudflare Tunnel before, but using it for streaming, like Jellyfin, is forbidden. There’s also the added latency and slowness to having to hop through multiple DCs to reach Cloudflare and back.
Currently I have a bastion host running a hardened distro, which establishes a reverse proxy tunnel to its
sshport via my $4/mo VPS usingrathole, an excellent reverse proxy utility I switched to fromfrp.I also maintain a Tor hidden service pointed at the bastion host’s
sshport and another on a different internal host. These are so that I can still get in if the bastion host, my VPS, or certain aspects of networking are down for some reason.Eventually I will implement port knocking / single packet authorization by deploying
fwknopon some or all of these services to further enhance security.