Tailscalar here: your own CNAME won't work because of how the routing logic in funnel works. When tailscaled sets up a funnel with the control plane, it uses the derived DNS name from your tailnet (eg: pneuma.shark-harmonic.ts.net for the machine pneuma on the tailnet shark-harmonic.ts.net). As far as I understand there's no issue currently tracking this work.

Tailscale Funnel does allow you to use any TLS-wrapped protocol (IE: one where the client does TLS and the server can optionally listen over plain TCP), but I'm not sure it would really meet the same goal as port forwarding in Mullvad does (for one you could use any non-TLS or UDP protocol with Mullvad port forwards, IE: Minecraft server hosting, Minecraft doesn't use TLS afaik). It's great for HTTPS though. I'm not sure how the bandwidth limits would add up over time for something more interactive like Minecraft.

Either way, Funnel does do some things well, but it's not a generic replacement for Mullvad port forwards.

aww, I really hope CNAME/generic host support comes one day. Thanks for making an awesome product!

You could use zrok.io. Its an open source alternative to ngrok which you can self host (thus pick you own CNAME etc) as well as supporting TCP/UDP tunneling as of 0.4 release - https://blog.openziti.io/the-road-ahead-for-zrok

Interesting, thanks! I'll take a look :)

Funnel has come in handy for me a number of times. Though I now wonder if the abuse experienced by Mullvad will be realized by Tailscale as well. Perhaps compounded by an exodus of Mullvad (ab)users seeking alternatives.