The "What's new in Bareos 18" document says that in Bareos 17:
TLS is only started AFTER authentication is complete!
and under "Gloals(sic) achieved" (for version 18):
Per default the network communication is encrypted Certificate authority and certificates are not needed
but under "Gloals(sic) still open" it says:
CRAM-MD5 authencation is done inside of TLS Tunnel
Then, on the Bareos "What's new" web page it says:
Bareos 18.2.5 uses TLS encryption right from the start. All daemons (Bareos Director, File Daemon, and Storage Daemon) now support TLS encryption via pre-shared key (PSK) when authenticating.
Is it therefore now safe (using Bareos defaults) to do backups over a public network or do I still need to pipe remote backups over an encrypted tunnel?
There never was a need to use an encrypted tunnel. Previously you could set up a PKI (CA certificate and server certificates together with some amount of configuration) to configure TLS with certificates. This is still a valid option for Bareos 18.2 and it will provide encryption on all communication channels.
However, previously the default has been to run unencrypted, because it wasn't possible to setup TLS with certificates automatically.
Starting with 18.2 there is support for TLS-PSK which doesn't require any advanced configuration or a PKI, but works with the normal pre-shared keys Bareos has been using forever. As this does not require any special setup, this is the new default.
With 18.2 and newer you will have to explicitly disable encryption to use the plain-text protocol.