The whole point of mTLS is that you dont need to use a VPN
Comment on Securely Expose your Homelab Services with Mutual TLS - YouTube
dan@upvote.au 2 months ago
I haven’t watched the video yet, but it’s generally not worth using mutual TLS if you’re already using a peer-to-peer VPN like Tailscale, as the VPN software is already doing mutual authentication.
Netrunner@programming.dev 2 months ago
dan@upvote.au 2 months ago
I get that, but a lot of people are already using a VPN to access their home server or VPS.
WhyJiffie@sh.itjust.works 2 months ago
that’s not that same security. an observer will still know that you are connecting over HTTPS to a particular doman/IP, maybe they can also deduce that you are using mTLS, and all your other traffic is not protected by it at all. all the while with wireguard, they can see that it’s wireguard traffic, and where it goes, but anything inside is secret, plus if an app uses unencrypted traffic for some reason (smb, dns, custom and special protocols), wireguard will hide and protect that too.
antithetical@lemmy.deedium.nl 2 months ago
This is only true for the connection security. With mTLS you can also authenticate to the webapplication you’re trying to reach. So consider your use-case between von/mtls.
dan@upvote.au 2 months ago
Oh yeah that’s a great point I didn’t consider. Thanks.