Want a spoiler? I bet they’re going to circlejerk about more browser privacy invasion.

Wireguard doesn’t send anything back if the key is not correct.

Because of this, Tailscale port swapping is inconsequential vs wireguard here.

Tailscale transfers trust of your VPN subnet to a third party, which is a real security concern.

I agree SSH service will be attacked if they are plainly exposed, out of date and allow login challenges.

Also agree that under or misconfiguration is a massive cause for security issues.

Authelia does support oidc and its amazing.

https://developers.cloudflare.com/cloudflare-one/policies/gateway/http-policies/tls-decryption/

https://community.cloudflare.com/t/does-cloudflare-proxy-servers-decrypt-my-data/145691

Afaik, they decrypt and recrypt all traffic.

I just don’t see the point of using cloudflared. Its easy to use but it just gives all your data to cloudflare in return for very little.

You should try it.