←back to thread

Tailscale raises $100M

(tailscale.com)
854 points gmemstr | 6 comments | 04 May 22 13:17 UTC | HN request time: 2.17s | source | bottom
Show context
eadmund ◴[04 May 22 13:42 UTC] No.31260261[source]
> For people who believe there’s a catch — and most still do — then I don’t know how to write a blog post or hire a marketing or sales team to change their minds.

I think the catch is that (at least at the free level) one must trust an identity providers. For many companies that's probably fair enough, but for high-security companies and private individuals one absolutely cannot trust anything running outside of one's physical control. Service providers can be suborned, either legally by corrupt regimes or illegally by employees. There is no way that I would permit Google, Microsoft or GitHub (their three supported options) to gate access to my private devices.

I think that one must also trust Tailscale themselves, although I could be wrong about that.

replies(3): >>31260411 #>>31260441 #>>31260476 #
1. lmeyerov ◴[04 May 22 13:52 UTC] No.31260411[source]
Yep we had it rejected w an enterprise we work with as the org needed to own the full control plane so we couldn't bring it in, and not on the schedule for the org's security team for them to bring it in. Making a smarter, easier, and less creepily managed VPN more palatable to enterprises would be awesome, so the marketing value of their fundraise is real.
replies(2): >>31260477 #>>31265111 #
2. RL_Quine ◴[04 May 22 13:57 UTC] No.31260477[source]
There's a kind of WIP control server implementation, it's not production ready in my opinion but it's definitely usable.

https://github.com/juanfont/headscale

replies(1): >>31260763 #
3. lmeyerov ◴[04 May 22 14:17 UTC] No.31260763[source]
Super cool, and a lot of contributors!

Can this work the rest of the wireguard ecosystem (agents, UIs, ...) for a full VPN soln without involving the VC-tied company?

replies(2): >>31261426 #>>31262133 #
4. RL_Quine ◴[04 May 22 15:00 UTC] No.31261426{3}[source]
Yes, it's usable with every tailscale client (except for iOS). You provide an argument to make headscale your controller, and then it works much the same as the hosted Tailscale service, with some only minor differences in configuration.
5. madjam002 ◴[04 May 22 15:48 UTC] No.31262133{3}[source]
Yes it works with all of the Tailscale clients except for iOS. No it does not work with clients from the broader Wireguard ecosystem (e.g the Wireguard iOS app).
6. chipsa ◴[04 May 22 20:02 UTC] No.31265111[source]
I've seen them mention that they're looking at having the coordination server being self-hostable (and is for some client already), so I expect that to be one of the things you can get at the higher price points in the near future.