The whole point of mTLS is that you dont need to use a VPN
Comment on Securely Expose your Homelab Services with Mutual TLS - YouTube
dan@upvote.au 5 weeks ago
I haven’t watched the video yet, but it’s generally not worth using mutual TLS if you’re already using a peer-to-peer VPN like Tailscale, as the VPN software is already doing mutual authentication.
Netrunner@programming.dev 5 weeks ago
dan@upvote.au 5 weeks ago
I get that, but a lot of people are already using a VPN to access their home server or VPS.
WhyJiffie@sh.itjust.works 5 weeks ago
that’s not that same security. an observer will still know that you are connecting over HTTPS to a particular doman/IP, maybe they can also deduce that you are using mTLS, and all your other traffic is not protected by it at all. all the while with wireguard, they can see that it’s wireguard traffic, and where it goes, but anything inside is secret, plus if an app uses unencrypted traffic for some reason (smb, dns, custom and special protocols), wireguard will hide and protect that too.
antithetical@lemmy.deedium.nl 5 weeks ago
This is only true for the connection security. With mTLS you can also authenticate to the webapplication you’re trying to reach. So consider your use-case between von/mtls.
dan@upvote.au 5 weeks ago
Oh yeah that’s a great point I didn’t consider. Thanks.