[ycuser2]

Hidden services are very easy to configure (the basic config, if you want to be as anonym as possible you have to do more). Install tor, add a few lines to config, done. And: You don't have to change your firewall settings at all. Nothing is exposed to the clearnet.

You can also make your service be accessible only to certain clients which have a certificate. I consider this very secure.

[conradev]

Only recently has there been an easy to setup and secure alternative with the same properties – Tailscale

It is centralized, yes, but it is way, way faster if you care about latency

https://tailscale.com/

(you can also self-host it with the open source “headscale” project)

[rattlesnakedave]

+1 for tailscale, it is an absolute joy to use.

[heavyset_go]

> You can also make your service be accessible only to certain clients which have a certificate. I consider this very secure.

Are you talking about this? https://community.torproject.org/onion-services/advanced/cli...

[ycuser2]

Yes, client authentification it is called.

[heavyset_go]

Thanks for mentioning it, I would have overlooked that feature entirely, otherwise.

[steerablesafe]

I guess I can understand that from an ease of configuration standpoint. Having said that I had no trouble with setting up zerotier VPN, which is also very easy to configure.

[Karrot_Kream]

I do the same but you still need to be careful when running Zerotier to listen only on IP addresses that the ZT link is assigned. I run a private mailserver and I've made sure that there are no sockets listening on any non-ZT externally routable IP address. (I guess for good measure I could have nftables drop traffic coming in on those ports on my WAN link.) But with Tor you just point it to a service listening on 127.0.0.1 or [::1] and you're in business. For me ZT is fine, but for folks who want to muck around a bit less, I can see the appeal of Tor.