Question: if I setup Headscale on my network, I would have to open a port on my router to connect to it right? And also if I setup Headscale with some cloud provider, could they theoretically go and use the setup to get to my home network? I know its unlikely, I just mean if the technology is like e2e from clients to my home network, or if the cloud headscale 'centre' would be also an unguarded entry point (from the perspective of cloud admins). I hope I am clear Thanks
(btw you probably guess why I currently use Tailscale )

Yup, I don't know if that is OP's intention, but I would agree myself with the complaint that "Tailscale is a business"

The way I see it, if it's a business it must generate revenue (either now or down the road), and that is enough to have me worried.
I do have a Tailscale registration, and the way they approach email communication is already a yellow flag to me (too many ad emails)

Corporate VPN startup Tailscale secures $230 million CAD Series C on back of “surprising” growth

Pennarun confirmed the company had been approached by potential acquirers, but told BetaKit that the company intends to grow as a private company and work towards an initial public offering (IPO).

“Tailscale intends to remain independent and we are on a likely IPO track, although any IPO is several years out,” Pennarun said. “Meanwhile, we have an extremely efficient business model, rapid revenue acceleration, and a long runway that allows us to become profitable when needed, which means we can weather all kinds of economic storms.”

Keep that in mind as you ponder whether and when to switch to self-hosting Headscale.

The point is there really is no separation or clear line of demarcation on what is “good” funding and what is “bad” funding.

I understand and I disagree. A demarcation emerges from the goal of the funding and its effects. For me, one example of bad funding is funding that drives user acquisition at unsustainable prices by a firm that is also significantly controlled by the funding source. This is predominantly what VC-funding goes to. VC-funding that goes to a non-profit that the VC has no control over, where the VC can't and does not demand financial return from, is not bad funding in my books. Corporate funding doing the same thing is also not bad funding. Government funding often has the least strings attached as it does not demand direct return, and this also is not bad funding. To top that off citizens can exercise control over government funding via the democratic process, unlike corporate or VC funding, where the vast majority have zero control, and are owed no accountability by the businesses.

I get your point, though Tailscale specifically crosses a line for me in this sense:

• Using code created/maintained by businesses: ok
• Relying in infrastructure maintained by businesses: not ok

I am not that big of an enthusiast, but the way I see it, if a company goes rogue and you're using their open source code, it's just a matter of forking it (I'm thinking about Emby/Jellyfin as an example)
If you rely on their infrastructure (such as Tailscale servers) then you are at the mercy of the companies

To that end: I'd say that OP is prettt on point by suggesting Headscale, you're still "using Tailscale" in a sense, but without chaining yourself to the business

Corporate VPN startup Tailscale secures $230 million CAD Series C on back of “surprising” growth

Pennarun confirmed the company had been approached by potential acquirers, but told BetaKit that the company intends to grow as a private company and work towards an initial public offering (IPO).

“Tailscale intends to remain independent and we are on a likely IPO track, although any IPO is several years out,” Pennarun said. “Meanwhile, we have an extremely efficient business model, rapid revenue acceleration, and a long runway that allows us to become profitable when needed, which means we can weather all kinds of economic storms.”

Keep that in mind as you ponder whether and when to switch to self-hosting Headscale.

Are there better alternatives? I was planning on using tailscale until now.

Tailscale is great. The principle concern to me is that your super easy mesh network depends on Tailscale so if they want it they have control, and if they change their pricing or options you depend on them, and though they can't see the data you send they can see the topology of your network and where all your computers/devices are.

I use Nebula, which is more work to set up and doesn't have some of the features, not
But if you slap the 'lighthouse' (administrating node) on a cheap VPS it works great. And it has some advantages. But Nebula also troubles me: though it's fully open source and fully in your control, the documentation isn't great. Instead, you can now get "managed nebula", which puts you in the same problem as Tailscale: the company sees and controls your network topology. I fear the company (Defined Networking) is trying to push things that way. Even their android app you can't fully configure unless you use their 'managed' service.

For now, Nebula is great, and my preferred mesh network (I looked into all the main ones). And for Tailscale you can run the administration server yourself with Headscale and be fully in your control.

Actually I wish Tailscale the best as a profitable business. They've created a fantastic service and system. But for me, I'd rather my network be in my own hands and for my own eyes. And, as is OP's main point, once they have enough dependent users, the service might turn much worse.

@exu @Wahots Yggdrasil, too.

There's a disclaimer in the readme: https://github.com/juanfont/headscale/?tab=readme-ov-file#disclaimer

The maintainer Tailscale contributes happens to be the lead developer by commit count at the moment.

Didnt even work for me, i use mullvad so if i wanted to use tailscale on my android to connect to my desktop, it wants me to disable mullvad unlike on my desktop..

Corporate VPN startup Tailscale secures $230 million CAD Series C on back of “surprising” growth

Pennarun confirmed the company had been approached by potential acquirers, but told BetaKit that the company intends to grow as a private company and work towards an initial public offering (IPO).

“Tailscale intends to remain independent and we are on a likely IPO track, although any IPO is several years out,” Pennarun said. “Meanwhile, we have an extremely efficient business model, rapid revenue acceleration, and a long runway that allows us to become profitable when needed, which means we can weather all kinds of economic storms.”

Keep that in mind as you ponder whether and when to switch to self-hosting Headscale.

You really don't though. I use wireguard myself under the same scenario without issue. You just need to use some form of dynamic DNS to mitigate the potentially changing IP. Even if you're using Tailscale you'll still need to have something running a service all the time anyways, so may as well skip the proxy.

Tailscale is a business seeking profit? (clutches pearls gasp)

Historically, Accel has never pushed acquisition. On the contrary, they do the opposite. Its why they VC fund over 300 companies, but you've never heard of them. That's not to say they couldn't, but they haven't ever acted in that manner previously so logically it would be safe to assume that trend continues with Tailscale. I think that's important here: its not about ability its about intent. If as a organization you give funding to another organization (even non-profits) you exercise at least some control over them as they are dependent on that money to function. This is actually a point other commenters have made in regards to Headscale. Headscale is maintained by a Tailscale employee. As they fund him personally, they can exercise some control over him as he depends on that money/employment. Again, even their comments circle back to ability vs intent. Tailscale could influence their employee, but would they? That's where a lot of the VC argument goes. Its just speculation as what a group could do, not what they would do.

::: spoiler spoiler
safsafsfsafs
:::

I think that's because both work on Android by being a VPN, and the system can't handle doing two vpns simultaneously

Didnt even work for me, i use mullvad so if i wanted to use tailscale on my android to connect to my desktop, it wants me to disable mullvad unlike on my desktop..

“The trend” is making money no matter what. That means they’re gonna screw you over eventually, the countdown has already begun, and it’s just a matter of time

Is there an actual example you can provide of Accel doing that or is this more an emotionally driven statement you have?