====== Alternatives to Port Forwarding =====

Use tunnels and VPNs when port forwarding is not possible or desirable.

> //Cloudflare Tunnel and VPNs provide secure access without exposing ports to the internet.//

===== Overview =====

Port forwarding is not always possible or desirable. Alternatives like Cloudflare Tunnel and VPNs provide secure access without exposing ports to the internet.

===== Cloudflare Tunnel =====

**Benefits:**
  * Works behind CG-NAT
  * No public IP needed
  * Automatic TLS certificates
  * DDoS protection included
  * Requires Cloudflare account

**Setup:**
  1. Create Cloudflare account
  2. Add your domain to Cloudflare
  3. Install cloudflared on your server
  4. Configure tunnel to point to your services
  5. No port forwarding required

**Use cases:**
  * ISP uses CG-NAT
  * Don't want to expose ports
  * Want DDoS protection
  * Need automatic TLS

===== Tailscale =====

**Benefits:**
  * Mesh VPN for private access
  * No port forwarding needed
  * Works behind CG-NAT
  * Easy setup
  * End-to-end encryption

**Setup:**
  1. Create Tailscale account
  2. Install Tailscale on server
  3. Install Tailscale on client devices
  4. Devices connect via private network
  * Access services via Tailscale IP

**Use cases:**
  * Personal access to home network
  * Remote file access
  * Secure device-to-device communication
  * Not for public hosting

===== VPN Services =====

**WireGuard:**
  * Modern, fast VPN protocol
  * Easy to configure
  * Lightweight
  * Good performance

**OpenVPN:**
  * Widely supported
  * Mature protocol
  * More configuration options
  * Good compatibility

**Benefits:**
  * More secure than port forwarding
  * Encrypts all traffic
  * Requires authentication
  * No ports exposed to internet

**Use cases:**
  * Remote access to home network
  * Secure browsing on public WiFi
  * Access internal services
  * Better for remote access than public hosting

===== When to Use Each =====

**Cloudflare Tunnel:**
  * Public hosting behind CG-NAT
  * Want automatic TLS
  * Need DDoS protection
  * Hosting services for others

**Tailscale:**
  * Personal device access
  * Home network access
  * File sharing
  * Private services

**VPN (WireGuard/OpenVPN):**
  * Remote network access
  * Secure browsing
  * Internal service access
  * Team access to resources

===== References =====

  * [[https://github.com/StringManolo/HostingMobile|HostingMobile - Host services from mobile devices with Cloudflare Tunnel]]

===== See Also =====

  * [[hosting:networking:start|Networking Overview]]
  * [[hosting:networking:cgnat|CG-NAT Detection]]

Last updated: 2026-06-19
  * [[hosting:start|Return to hosting]]