Netbird seemed to go in a similar way, though still good. I want to try zrok next, looks interesting

Tailscale/headscale/wire guard is different from a normal vpn setup.

VPN: you tunnel into a remote network and all your connections flow through as if you’re on that remote network.

Tailscale: your devices each run the daemon and basically create a separate, encrypted, dedicated overlay network between them no matter where they are or what network they are on. You can make an exit node where network traffic can exit the overlay network to the local network for a specific cidr, but without that, you’re only devices on the network are the devices connected to the overlay. I can setup a set of severs to be on the Tailscale overlay and only on that network, and it will only serve data with the devices also on the overlay network, and they can be distributed anywhere without any crazy router configuration or port forwarding or NAT or whatever.

Vps can be really inexpensive, I pay $3 a month for mine

Join our Discord server for a chat and community support.

Sigh...

And even worse:

Everything in Tailscale is Open Source, except the GUI clients for proprietary OS (Windows and macOS/iOS), and the control server.

Corporate VPN startup Tailscale secures $230 million CAD Series C on back of “surprising” growth

Pennarun confirmed the company had been approached by potential acquirers, but told BetaKit that the company intends to grow as a private company and work towards an initial public offering (IPO).

“Tailscale intends to remain independent and we are on a likely IPO track, although any IPO is several years out,” Pennarun said. “Meanwhile, we have an extremely efficient business model, rapid revenue acceleration, and a long runway that allows us to become profitable when needed, which means we can weather all kinds of economic storms.”

Keep that in mind as you ponder whether and when to switch to self-hosting Headscale.

Corporate VPN startup Tailscale secures $230 million CAD Series C on back of “surprising” growth

Pennarun confirmed the company had been approached by potential acquirers, but told BetaKit that the company intends to grow as a private company and work towards an initial public offering (IPO).

“Tailscale intends to remain independent and we are on a likely IPO track, although any IPO is several years out,” Pennarun said. “Meanwhile, we have an extremely efficient business model, rapid revenue acceleration, and a long runway that allows us to become profitable when needed, which means we can weather all kinds of economic storms.”

Keep that in mind as you ponder whether and when to switch to self-hosting Headscale.

What do you mean by going in a similar way? Towards an IPO?

I just replaced my entire setup with base wireguard as a challenge, easier than I expected it to be, and not hard to mimic tailscale.

Yeah and steam is closed source DRM platform. Great software sometimes is worth the trade off.

I just replaced my entire setup with base wireguard as a challenge, easier than I expected it to be, and not hard to mimic tailscale.

Can you elaborate how?

How does WG work on the local side of the network? Do you need to connect each VM/CT to the wireguard instance?

I am currently setting up my home network again, and my VPS will tunnel through my home network and NPM will be run locally on the local VLAN for services and redirect from there.

I wonder if there is any advantage to run NPM on the VPS instead of locally?

Steam is a private company, not publicly traded and has no VC funding.

VC funding and potential IPO normally means enshittification is inevitable, as they will eventually need to make insane profits by turning the screws on its users, as their business model wasn't self sustaining.

Corporate VPN startup Tailscale secures $230 million CAD Series C on back of “surprising” growth

Pennarun confirmed the company had been approached by potential acquirers, but told BetaKit that the company intends to grow as a private company and work towards an initial public offering (IPO).

“Tailscale intends to remain independent and we are on a likely IPO track, although any IPO is several years out,” Pennarun said. “Meanwhile, we have an extremely efficient business model, rapid revenue acceleration, and a long runway that allows us to become profitable when needed, which means we can weather all kinds of economic storms.”

Keep that in mind as you ponder whether and when to switch to self-hosting Headscale.

Crap, I really need to switch of Tailscale but currently it is an easy way for me to access my stuff outside of home as a temporary solution while I am on a 5G modem.

You really don't though. I use wireguard myself under the same scenario without issue. You just need to use some form of dynamic DNS to mitigate the potentially changing IP. Even if you're using Tailscale you'll still need to have something running a service all the time anyways, so may as well skip the proxy.

Enshittification is inevitable for all free services (services as in with a server component). Thankfully the functions of tailscale are open source so until enshittification actually happens I will be happy with using a a useful but VC funded project. When I am not willing to make the trade off anymore I will use headscale or some other drop in replacement.

If you only need to worry about the IP changing, then your ISP is not using NAT, or CGNAT as it is better known. I'm pretty sure that you can also use port forwarding, which is not commonly available under CGNAT.

To be fair, anything the GUI clients do can be done with the CLI which is still open source and on all desktop platforms and headscale is literally their open source control server.

Huh, I actually didn't know this because I don't use Windows/macOS/iOS. Somehow completely missed this.