We are planning to use balenaCloud for deployment of our app across multiple client sites. Our app includes server and client components that talk to each other. Some of our client devices will be remote to the server devices, and use cellular for connectivity. In those cases, we need to establish a VPN tunnel from the remote devices to the server for communication.
We have tried out the balena tunnel functionality and it works great (we are planning to use it for remote VNC-based support). What I am wondering is whether I can use the balena tunnel for client-server connectivity as well. Given this will be transmitting sensitive client data, I would like to understand if the tunnel is established directly from device A to device B, rather than having data transmitted from device A to balenaCloud and then relayed from balenaCloud to device B. In an ideal world, the devices would just find each other via balenaCloud but establish direct tunnels.
If anyone is familiar with how this works I would appreciate any insights into this. Otherwise I suppose we could always just set up our own VPN tunnels - but would be nice to be able to use all of this pre-built architecture to achieve our goal. Thanks in advance.