Cloudflare Tunnel proxies HTTP and HTTPS traffic — it can't do RDP, VNC, or SSH. It can't reach NVR cameras or PBX systems. And all your client traffic flows through Cloudflare's US-based infrastructure. ProxyLink uses WireGuard, supports any TCP protocol, and stays in the EU.
| Feature | ProxyLink | Cloudflare Tunnel |
|---|---|---|
| RDP / VNC / SSH support | ||
| Browser terminal (no client install) | ||
| TCP protocol support | HTTP/HTTPS only | |
| Reach NVR cameras, PBX, switches | ||
| One tunnel = entire LAN | ||
| EU-hosted infrastructure | US (Cloudflare global) | |
| WireGuard encryption | ||
| NIS2 audit log + session recording | ||
| MSP multi-tenant management | ||
| Free tier | ||
| Traffic passes through provider servers | Encrypted WireGuard | Cloudflare sees plaintext |
Cloudflare Tunnel terminates TLS at Cloudflare's edge and re-proxies HTTP. It cannot forward raw TCP connections. RDP (port 3389), VNC, or proprietary protocols used by NVR cameras and PBX systems are simply not supported. For web apps, it's great. For MSP remote access, it stops at the browser.
ProxyLink routes TCP traffic of any kind — RDP, VNC, SSH, camera RTSP streams, PBX SIP, proprietary management ports. Browser-based access uses guacamole for RDP/VNC and xterm.js for SSH. For TCP links, traffic is forwarded as raw TCP through the WireGuard tunnel.
Cloudflare Tunnel terminates your HTTPS sessions at Cloudflare's edge servers, then re-encrypts and forwards. For HTTP services this means Cloudflare decrypts your traffic. For European MSPs this raises GDPR questions — is client web traffic (NAS admin panels, PBX management) passing through US infrastructure?
Traffic travels through WireGuard tunnels encrypted end-to-end. The ProxyLink server routes packets but never decrypts application-layer data for browser proxy links. For browser RDP/VNC sessions, the guacd relay runs on the EU server — no data leaves Europe.
Free during early access. WireGuard. No client software. No credit card.
Get free access →