Friendly reminder that Tailscale is VC-funded and driving towards IPO
-
Can you segregate connections between different nodes on the tailnet, like say node G and H can only talk to each other and no other nodes?
Not sure, not tried that as that's outside my use case. But I would assume its possible with ACLs!
-
I never really understood the point of using Tailscale over plain ol' WireGuard. I mean I guess if youve got a dozen+ nodes but I feel like most laymens topologies won't be complex beyond a regular old wireguard config
Simplicity?
-
Simplicity?
I mean sure, but I don't think it's simpler than setting up a wireguard config IMO.
For tailscale you gotta make an account, register devices, connect them. Feel like wireguard is about the same except you don't have to make an account. -
I never really understood the point of using Tailscale over plain ol' WireGuard. I mean I guess if youve got a dozen+ nodes but I feel like most laymens topologies won't be complex beyond a regular old wireguard config
wrote last edited by [email protected]Wireguard doesn't do NAT/Firewall traversal nor does it have SSO
Tailscale manages the underlying Wireguard for you. I would be great if Wireguard had native NAT traversal but that isn't the case.
-
I didn't really get the allure of it TBH. For most home-based nerds a simple Wireguard host (or OpnSense, OpenWRT etc running such) should be fine, and there are better options for commercial from better-known vendors in the network security space
The "well known vendors" tend to be crap especially on a security level
-
I can't. I tried it first and installed it on my phone from f-droid. After opening it up, it connected to an already existing network with other people's old machines from years ago on it. I was horrified.
So then I tried to delete my whole account and couldn't due to an error. I sent them an email about it and they took like two weeks to respond.
Netbird isn't on F-droid
Are we talking about the same thing?
-
I can recommend to take a look at netbird.io
Much more user friendly
Json is awful for config
-
Headscale requires tailscale client so it’s a no-go for me. I’m still trying to block cloudflare from my network.
Tailscale needs Tailscale to work
That seems obvious
-
I think a lot of companies view their free plan as recruiting/advertising --- if you use TailScale personally and have a great experience then you'll bring in business by advocating for it at work.
Of course it could go either way, and I don't rely on TailScale (it's my "backup" VPN to my home network)... we'll see, I guess.
It also doesn't cost them much of anything
Positive PR and little draw backs means that everyone is generally pretty happy
-
Netbird isn't on F-droid
Are we talking about the same thing?
It used to be
-
It used to be
It has never been on F-droid. I've been following the service since it started. It didn't even have a mobile app not that long ago.
-
Or get something like a rapsberry-pi (second hand or on a sale). I have netbird running on it and I can use it to access my home network and also use it as tunnel my traffic through it.
I don’t think that would solve the cgnat issue.
I use a vps because I don’t want to pay 250 a month for a starlink routable ip -
CGNAT is for IPv4, the IPv6 network is separate. But if you have IPv6 connectivity on both ends setting up WG is the same as with IPv4.
I usually have IPv6 access in my home, on the outside it varies from the ISPs
-
Thats just how IPv6 works. You get a delegate address from your ISP for your router and then any device within that gets it own unique address. Considering how large the pool is, all address are unique. No NAT means no port forwarding needed!
I guess so, my previous ISP also gave me IPv6 address (I could navigate using it) but I could never access my NAS services with it from an IPv6 ready network, I thought it would be the same with the newer ISP, but nope.
Maybe some firewall is active by the ISP? I could not do much thinker back then as I used the stock modem (router) and it was heavily locked.
-
I mean is anything iOS really open source?
Yes? There are Lemmy clients that are open source, for instance. And the Wireguard client is.
-
Yeah, OpenVPN definitely doesn't have light spec requirements
thankfully hardware is unfathomably powerful these days.Sure but wireguards connection is just faster.
-
Corporate VPN startup Tailscale secures $230 million CAD Series C on back of “surprising” growth
Pennarun confirmed the company had been approached by potential acquirers, but told BetaKit that the company intends to grow as a private company and work towards an initial public offering (IPO).
“Tailscale intends to remain independent and we are on a likely IPO track, although any IPO is several years out,” Pennarun said. “Meanwhile, we have an extremely efficient business model, rapid revenue acceleration, and a long runway that allows us to become profitable when needed, which means we can weather all kinds of economic storms.”
Keep that in mind as you ponder whether and when to switch to self-hosting Headscale.
become profitable when needed
By what, laying off all QA and support staff and half your developers the moment a single quarterly earnings report isn't spotlessly gilded?
-
I never really understood the point of using Tailscale over plain ol' WireGuard. I mean I guess if youve got a dozen+ nodes but I feel like most laymens topologies won't be complex beyond a regular old wireguard config
NAT punching and proxying when a p2p connection between any 2 nodes cannot be achieved. It’s a world of difference with mobile devices when they always see each other, all the time. However, headscale does all that.
-
Why does it need to be on a VPS? It seems to work on a home network when I played around with it.
Well a VPS or an exposed service, but I feel like the latter ends up somewhat defeating the purpose anyway.
When running locally (not exposed), it worked great until I tried to make the initial connection from mobile data - can't establish a connection to headscale if it can't reach it in the first place. Unless I'm mistaken, the headscale service needs to be publicly accessible in some way.
-
Chances are you've had the same public IP for a long time. Mine hasn't changed in 2 years.
That was the case when I lived with my parents, but now it changes every 5 minutes sadly.
So I had to shut down my Minecraft server etc for now because I am on a 5G modem which makes it really annoying to open up ports and point a domain to your IP
