I moved off Tailscale

Cloudflare Developers| 00:10:49|Mar 26, 2026
Chapters7
The video compares Cloudflare Tunnels as a free alternative for extending private networks, highlighting its ease of setup and integration for remote access to home or business networks.

A practical, hands-on look at moving from Tailscale to Cloudflare Tunnels for home networks and remote access, with a step-by-step setup and real-world tips.

Summary

Cloudflare Developers walks through replacing Tailscale with Cloudflare Tunnels as a free, scalable alternative for home labs and small teams. The host explains why they switched—50 user seats, easy setup, and deep integration with Cloudflare’s ecosystem (Workers, D1, etc.). The video then demonstrates end-to-end setup: deploying the tunnel on a always-on home server using Docker, configuring a forwarder IP range, and attaching a Warp client on a mobile device to access private network resources from anywhere. A live verification shows a Python server on a home machine reachable from a mobile device on a public network, proving the tunnel’s effectiveness. The walkthrough covers adding users via traffic policies, and configuring local DNS and custom domains for easier access. If you’re running a home lab or small business and need a free, enterprise-grade remote-access solution, this tutorial offers a clear, practical blueprint. Expect future tips on deeper Cloudflare networking features and broader use cases.

Key Takeaways

  • Cloudflare Tunnels offer a free tier for up to 50 users, making it a viable alternative to paid plans for home labs or small teams.
  • Install the tunnel on an always-on device (e.g., a home server) via Docker for wide OS compatibility and minimal maintenance.
  • Remote devices connect through Warp (formerly named Warp client) to access private home-network services without port-forwarding or static IPs.
  • You can add multiple users through Cloudflare Access policies, enabling controlled access for family, friends, or coworkers without extra licenses.
  • Local network resources can be accessed with local DNS domain mappings (e.g., mbp16.host) when connected through the tunnel, simplifying access.
  • The architecture enables private network reachability from public networks by routing through Cloudflare’s Zero Trust network, effectively bridging home and remote devices.

Who Is This For?

This is essential viewing for home-lab enthusiasts, small businesses, or developers already using Tailscale who want a cost-free, enterprise-grade alternative with tight Cloudflare ecosystem integration.

Notable Quotes

"What could go wrong? The best part is that private networks created with Cloudflare tunnels are tightly integrated into the ecosystem."
The speaker highlights the seamless ecosystem integration as a key advantage of Cloudflare Tunnels over alternatives.
"You install the agent and it handles all of the networking magic behind the scenes."
Emphasizes the simplicity and automation of the setup process.
"We are connected to my private network running in my home lab."
Demonstrates successful end-to-end connectivity from a mobile device to a home network.
"This is the public network and that service is running inside of my home lab in a private network, but we’ve used Cloudflare tunnels to bridge these two networks together."
Describes the core bridging capability enabling access from anywhere.
"You can add as many as 50 different users to this."
Notes the free tier cap for user seats in Cloudflare Tunnels.

Questions This Video Answers

  • How does Cloudflare Tunnels compare to Tailscale for home networks?
  • Can I set up Cloudflare Tunnel with Docker on a home server?
  • How many users can I grant access to Cloudflare Tunnels for free?
  • How do I configure local DNS domains when using Cloudflare Warp with tunnels?
  • What are the steps to verify end-to-end connectivity from a mobile device to a home server through Cloudflare Tunnels?
Cloudflare TunnelsZero TrustWarp/1.1.1 Warp clientCloudflare Access policiesDocker deploymentHome networkingPrivate networksLocal DNS and custom domainsRemote accessNetwork tunneling
Full Transcript
Are you currently using Tailscale? It's pretty good. And to be completely honest with you, I have been using it in my home lab for over a year now until last month when I needed to add more users to my tail net. I either needed to upgrade my plan or switch to using Cloudflare Tunnels, which is free for up to 50 users and is super easy to set up. With 50 seats, I could add my entire family and friends, my parents, my kids, my grandkids without running out of seats. So, I decided to give it a try because it's free. What could go wrong? The best part is that private networks created with CloudFare tunnels are tightly integrated into the ecosystem. So, they can talk to your entire CloudFare network like workers, D1, everything in between and you just get the benefits of it which keeps compounding. So if you run tail scale in your home lab or your business and you're looking for a free enterprisegrade alternative, this video is for you. And the use case we are exploring today specifically is accessing your private network when you're away from home or letting friends, families or co-workers who are remote to you access your private network. So in this video, I'll show you how to set up cloud tunnels to work with private networks. I'll show you how to set up the agent on a machine in your home network and also how to configure the client on the mobile device that's outside your network. So, let me show you how this works conceptually. We're going to switch to my screen and I have a diagram here to show you how it all works like at a conceptual level. Um to the right here I have my home network and this has a bunch of devices, my router, some servers, a computer, a mobile device. And um on one of these devices I need to install the Cloudfl tunnel and I'm going to be doing that on the server because it's always going to be turned on and it's always going to be connected to the internet. So you install that in the server and what happens is that it creates a reverse proxy to the cloudy network such that the cloudy network can reach your home network, your private network using that tunnel. And this is really cool because you don't have to um reserve an IP static IP address with your ISP. You also don't have to open up ports on your router or your firewall. It's just so seamless. You just have to install the agent and it handles all of the networking magic behind the scenes. Then to the other end of the diagram, I have a mobile device that's on a public network. So this is you traveling or this is your family and friends or co-workers who are remote from your home network. They install the client on their mobile device and when you turn on that client, they are connected to the CloudFare network. And the cloud network is where the magic happens because when a request comes in from that device to the cloud network that is targeted at your private network say on this uh local IP address 192.126.0.1 cloud intelligently routes that request or connection to the network where you have that cloud ID tunnel set up. And the cool thing about this is that um that request can be forwarded to any device within your network that is reachable from the machine where you have that tunnel installed. So you can access services running on a separate computer or like your computer or a separate server even if you don't have the cloud D tunnel installed on them. You just have to install it once on a device in your home network and through that device you can talk to every other device within your home network. Now the other part is when you need to actually access a public service that's not within your home lab. So again your device on the public network sends the request to CloudFare and Cloudare looks at it and figures out this is a request not destined for your home network. So it sends that out to the public internet and then you get that uh resolved. So this is how it works conceptually. And now I'm going to show you how to actually go to set this up. It's actually really quite easy. So, what you want to do is go to your Cloudflare dashboard. That's going to be on dash.cloudflare.com. And you want to scroll down to where it says zero trust. So, go to zero trust. And then you want to go to networks. So, I'm going to go to networks, click on manage tunnels, and click on add a tunnel. So, I'm going to call this tunnel home server because I'm going to install this on a device that's always on and running in my home network. And these are all the options you have to set it up on Windows, Mac OS, DBN, Red Hat, and Docker. I'll be going with the Docker installation setup because it's actually quite easy and quite universal. You can run this on any operating system and any hardware. So, I'll switch to the terminal where I have my home server and I'll paste this in. I already have Docker installed. So, this is going to spin up the Docker container and set it up with Cloud ID using my API token. Um, don't worry about it. I'm going to delete my API token after this. And when you head back to the dashboard, you should see the status change to connected, which is cool. So, I'll click on next. And we want to set up one last thing here. We want to set up the IP addresses that should be forwarded to this tunnel. So, this is going to be the IP address on your home network. For me, I have this set to 1010.10.0.24. So, that's the entire subnet of my home network. And I can call this home network. and I can click on complete setup. And really that's all I have to do to set that up on the node where I have the tunnel running. Now on the device I want to connect for I have my Android device here and I have installed the 1.1.1 warp client. This is also available for iOS as well as Android. So I have this installed on my mobile device. I am going to open this up and go through the installation steps. So we need to install the VPN profile. Click on okay. Um, I'm also going to allow notifications. And what I'm going to do is go to the settings account and let's go to login to zero trust. And I'm going to log in to my CloudFare network here. That's actually what I'm trying to do. So, I'm going to click on accept. And here it's asking for my organization name. To actually get that, scroll to your zero trust dashboard to the settings and look at the team name. Mine is Conflair. So, you want to type that in here. So, this is going to be Conflare and it's going to prompt me to login and redirect me back to the Warp client. So, now you notice it says zero trust, no longer warp. So, I'm just going to enable that. And with that, I'm connected to my private network running in my home lab. Now, I'm going to prove this to you. I'm going to go back to my server. I'm going to open a new tab. Um, I'm going to check for what the IP address is. I think this is if config. Yep. So the IP address is 1010.10.129. And I'm going to run a Python server here. So let's run a simple Python server on port 3000. Now going back to my mobile device, I will turn off Wi-Fi so that I'm actually using my mobile network and it's actually on the public network as it is right now. Then I'll go open up my browser. So let's go to the browser. I'm going to type in the IP address of the device which is my server and also the port. And we hit that. And you notice we are able to load that Python server. We able to access that service. Although I'm on a public network and that service is running inside of my home lab in a private network, but we've used Cloudflare tunnels and also the warp client to bridge these two networks together. So I can actually send requests to it. I'm going to show you two last things here really quick. And the first is going to show you how to add more users to your network. And the last thing I'll do is show you how to configure like custom domains if you have custom domains or local domains such that it's easier to actually uh type in stuff instead of always using the IP address. So let's head back to the dashboard. And what I want to do here is first show you how to add more users. What you want to do is go to traffic policies. Actually that's um access control. Go to policies and you'll see a default policy that's created for your CloudFare tunnel and the WAP connector which is going to be by default named allow emails and then the date. So you want to go configure this and here is where you add all the emails you want. So this could be [email protected] and then they have access to my server and you can add as many as 50 different users to this. I'm just going to save this and click on save. And now mom can log in using the warp connector to connect to services I have running locally. The last thing I'm going to show you here really quickly is how to set up um local DNS records for local domains you may have running in your home lab. So I'm just going to show you that quickly. So go to team and resources, go to devices, go to device profiles, and you should have a default device profile. So what you want to do is go configure that. Scroll down to the bottom where it says local domain fallback and you want to click on manage and this is where you define what domains exist in the local network. So for me I have um ahost domain. So I'm just going to delete this because I'm recreating it. So this is going to be ahost domain and it's going to point to the DNS server I have in my local network which is 1010.1 and I can save this and that's really good. So what I can do is go back to my mobile device. I'm going to go open up a new tab and what I can do is type in the host name and use the local domain of my setup. So this is going to be mbp16.host and then the port where the service is running which again is 3000. When I hit that I should be able to open this up. And as you can see I'm able to use the local domain on my local network to access the service running privately in my home network while I'm in the public network and everything bridge to cloudflare tunnel. So this is how easy it the setup is. I just wanted to share this quickly with you. Um, I'm going to be sharing more tips in using CloudFi tunnels and CloudFi networking stack in really awesome ways if you have a home lab or if you have a small business and you're trying to figure out the networking bits. Um, it's really powerful. It's enterprise grade. You can do a whole lot more than I've shown you today. So stay tuned for more videos. Get subscribed and I'll see you in the next video. Take care. Bye.

More from Cloudflare Developers

Related Videos

Cybersecurity Predictions 2026: What Security Leaders Learned in 2025 thumbnail

Cybersecurity Predictions 2026: What Security Leaders Learned in 2025

 Cloudflare
00:24:18
Moltworker (for OpenClaw) & Markdown for Agents: Running AI on Cloudflare thumbnail

Moltworker (for OpenClaw) & Markdown for Agents: Running AI on Cloudflare

 Cloudflare
00:27:30
Coffee shop networking with Cloudflare One thumbnail

Coffee shop networking with Cloudflare One

 Cloudflare
00:06:38
Cyber Attacks In Business: Case Studies And Prevention Tips | Real Case Study Lessons | Simplilearn thumbnail

Cyber Attacks In Business: Case Studies And Prevention Tips | Real Case Study Lessons | Simplilearn

 Simplilearn
01:18:26
I almost quit YouTube.... thumbnail

I almost quit YouTube....

 NetworkChuck
00:23:08

Get daily recaps from
Cloudflare Developers

AI-powered summaries delivered to your inbox. Save hours every week while staying fully informed.

Get Started