VPN/ZeroTrust?
How can I self-host a VPN or implement a Zero Trust framework using Cloudflare Zero Trust, and could you clarify how this process works as I am finding it confusing?
4 Replies
WireGuard: fast, modern, secure VPN tunnel
WireGuard: fast, modern, secure VPN tunnel
Dave Finger
Open Source Zero Trust Networking
Open Source Zero Trust Networking
OpenZiti is an open source zero trust network applying zero trust principles directly into applications through SDKs or to existing networks using tunnelers
😕
The first piece is the 1.1.1.1 Zero Trust Client and that is free for anyone to use, can download from CF for PC/Mac and the app stores for mobile devices. You then signup for Cloudflare Zero Trust which provides you with a web console where you can define your users, devices and rule sets. Once your device is included in the Cloudflare configuration, you can then apply what your users can access, through in this interface, when they have the ZT client turned on. Now the next part is somewhat tricky and really depends on where the web app is hosted - on-prem or public cloud but the theory is the same in that you use a firewall or similar tech and at that level, only accept requests to your web app/service from Cloudflare IPs, a Dedicated Egress IP or use the Cloudflare Tunnel to get inside the private network.
https://developers.cloudflare.com/learning-paths/replace-vpn/
https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/
https://www.cloudflare.com/ips/
Replace your VPN · Cloudflare Docs
Give users secure, auditable network and application access.
Cloudflare Tunnel · Cloudflare Zero Trust docs
Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address. With Tunnel, you do …
Cloudflare
IP Ranges | Cloudflare
This page is intended to be the definitive source of Cloudflare’s current IP ranges.