Friendly reminder that Tailscale is VC-funded and driving towards IPO
-
I never really understood the point of using Tailscale over plain ol' WireGuard. I mean I guess if youve got a dozen+ nodes but I feel like most laymens topologies won't be complex beyond a regular old wireguard config
Same thing here, either tailscale selfhosted or Netbird selfhosted I'd the way to go for all the nice features, having the free tier or tailscale for personal data never sounded right to me.
-
Used to run OpenVPN. Tried Wireguard and the performance was much better, although lacking some of the features some might need/want fit credential-based logins etc
I can highly recommend Netbird selfhosted, it has SSO support, logins, complex network topologies, it uses wireguard under the hood and it's open source.
-
Well a VPS or an exposed service, but I feel like the latter ends up somewhat defeating the purpose anyway.
When running locally (not exposed), it worked great until I tried to make the initial connection from mobile data - can't establish a connection to headscale if it can't reach it in the first place. Unless I'm mistaken, the headscale service needs to be publicly accessible in some way.
Oh gotcha yes it does. Are you on CGNAT with your ISP so you can't forward ports?
-
Oh gotcha yes it does. Are you on CGNAT with your ISP so you can't forward ports?
Nah, but personally I have no need to expose anything and would rather avoid the security headaches and such that come with it
-
Thank you for your insight, I'm assuming the only public part is the UI and coturn (the bit that enables two clients between firewalls to hole-punch)?
Yes, the underlying model is the same as Tailscale, Zerotier and Netmaker (also worth checking out, btw). Clients connect to a central host (which can be self-hosted) and use that to exchange information on addresses and open ports, then form direct connections to each other.
-
Much more user friendly
Json is awful for config
wrote last edited by [email protected]Crockford is a good and smart person but he really dropped the fucking ball on JSON.
Double-quotes-only and no comments kill the whole spec for me. Extremely opinionated and dumb. I fucking hate JSON.
My boss once sent me a machine generated config. He's terminally addicted to double-quotes (like, a fatal condition). I searched and there were 27k sequences of
\".Edit: my point is - all that compute and network wasted, every single time the file is requested and parsed. Completely pointless waste
-
That was the case when I lived with my parents, but now it changes every 5 minutes sadly.
So I had to shut down my Minecraft server etc for now because I am on a 5G modem which makes it really annoying to open up ports and point a domain to your IP
If your IP changed every 5 minutes, you would not be able to have a voice call or anything similar. Your IP probably changes every 24 hours
-
I can highly recommend Netbird selfhosted, it has SSO support, logins, complex network topologies, it uses wireguard under the hood and it's open source.
That sounds kinda cool. I'll have to check it out. It's kinda hard sometimes to push FOSS stuff in a largercorporate environment but this looks like something I could recommend/build for small-mid private SOHO clients.
-
I've realized how easy it is to just actually run a network rather than half ass it with tailscale. I recommend this, it's fun.
Tell me more.
-
If your IP changed every 5 minutes, you would not be able to have a voice call or anything similar. Your IP probably changes every 24 hours
I just checked, yes it is every 24 hours, but I have to restart that thing regularly so that it is why it feels quicker I gues
-
Corporate VPN startup Tailscale secures $230 million CAD Series C on back of “surprising” growth
Pennarun confirmed the company had been approached by potential acquirers, but told BetaKit that the company intends to grow as a private company and work towards an initial public offering (IPO).
“Tailscale intends to remain independent and we are on a likely IPO track, although any IPO is several years out,” Pennarun said. “Meanwhile, we have an extremely efficient business model, rapid revenue acceleration, and a long runway that allows us to become profitable when needed, which means we can weather all kinds of economic storms.”
Keep that in mind as you ponder whether and when to switch to self-hosting Headscale.
Just came here to say that the guy looks like a creep!
-
Corporate VPN startup Tailscale secures $230 million CAD Series C on back of “surprising” growth
Pennarun confirmed the company had been approached by potential acquirers, but told BetaKit that the company intends to grow as a private company and work towards an initial public offering (IPO).
“Tailscale intends to remain independent and we are on a likely IPO track, although any IPO is several years out,” Pennarun said. “Meanwhile, we have an extremely efficient business model, rapid revenue acceleration, and a long runway that allows us to become profitable when needed, which means we can weather all kinds of economic storms.”
Keep that in mind as you ponder whether and when to switch to self-hosting Headscale.
Good thing I deleted it from my homeserver a month ago.
-
It has never been on F-droid. I've been following the service since it started. It didn't even have a mobile app not that long ago.
It's possible I misremembered and got the apk from their website or github. Doesn't change anything though.
I just went back though my emails, I got a reply email from their CTO promising to look into it and they would get back to me, but they never did.
-
There are some community webUIs for Headscale, headplane in particular looks pretty good: https://headscale.net/stable/ref/integration/web-ui/
I'm not sure otherwise how different the experience would be.
wrote last edited by [email protected]I actually did this instead of tailscale first; installing tailscale on a pfsense router was a challenge, iirc i had to find and install the freebsd tailscale pkg from the command line because the plugin doesn't give the option to connect to a non-tailscale control plane.
After I did that and connected to my headscale server (on my vps) I could ping pfsense's local ip over the tailnet, but couldn't get any traffic out from pfsense. Turns out I had forgotten the pfsense tailscale plugin automatically sets up outbound rules for you.
That was a rabbit hole I didn't feeling like falling down, so I turned off headscale and just used tailscale account and the normal pfsense tailscale plugin. But it's there and it does work fine if I ever wanted to go figure out the outbound traffic rules.
-
That sounds kinda cool. I'll have to check it out. It's kinda hard sometimes to push FOSS stuff in a largercorporate environment but this looks like something I could recommend/build for small-mid private SOHO clients.
This is what I used in a small/mid sized company to replace a legacy VPN, generally we had only very few issues but probably the employee personal computer is to blame, right now is very stable.
