[mypastself]

> It's similar to SSH works, but with SSH you'd need your Pi exposed to the Internet.

How does Pi Connect’s access differ from regular port forwarding? Isn’t the device still exposed to the Internet?

The article mentions Cloudflare tunnels near the end. Does this work on a similar principle as Argo? (I haven’t watched the video yet.)

[crote]

The trick is that the connection is made using a third-party server: both the laptop and the Pi make an outgoing connection to this server, and the server sets up a connection between the two when there's pre-existing authorization. This means there's no need to poke a hole in your NAT/firewall to allow an incoming connection to the Pi.

There's some magic stuff going on in the background to avoid having all data flow via the server by making it peer-to-peer after initialization, but that's the gist of it.

[curiousdeadcat]

Its not black magic. Its yet another one-off nat hole punch implementation. Absolutely no reason to even think of this when tailscale exists.