logoalt Hacker News

preisschildtoday at 6:21 PM1 replyview on HN

Nowadays I question the necessity of vpn overlay networks. Why not just serve QUIC/HTTP3/Iroh over the internet directly in your application? And use oidc/client cert for authn/authz


Replies

ElectricalUniontoday at 7:25 PM

I believe the main usecases for this is not requiring changing code, not requiring adding a reverse proxy in front of code I can't change, and "OSI"ish protocols (as in, not really TCP protocols - Remote Database Access, Oracle Net Services/Java Message Queues/X.500, LDAP/smb/ncacn_np).

Those days, rather that actual "vpn overlay", I use Tailscale myself mostly for the Tailscale Funnel - a somewhat stable, yet free arbitrary DNS and free reverse proxy termination of incoming data for anonymous users.