←back to thread

Tailscale raises $100M

(tailscale.com)
854 points gmemstr | 3 comments | 04 May 22 13:17 UTC | HN request time: 0.638s | source
Show context
arsome ◴[04 May 22 14:39 UTC] No.31261100[source]
I was going to try TailScale but then it seemed the only option to do so as an individual was to login with a 3rd party cloud provider, which I in no way want tied into my networks.

I gave up and just setup wireguard directly instead, I don't trust Tailscale either if that's their attitude towards privacy, it's permanently marred my vision of their product.

replies(10): >>31261128 #>>31261230 #>>31261250 #>>31261558 #>>31261667 #>>31261807 #>>31261815 #>>31261981 #>>31262022 #>>31262899 #
JeremyNT ◴[04 May 22 14:49 UTC] No.31261250[source]
Indeed, this is why I won't use it either. I settled on Slack's Nebula [0] instead of wireguard because it handles direct p2p communication between nodes automatically.

There also exists an open source implementation of the tailscale control server [1] that you could self host.

[0] https://github.com/slackhq/nebula

[1] https://github.com/juanfont/headscale

replies(2): >>31261607 #>>31261688 #
rhuber ◴[04 May 22 15:12 UTC] No.31261607[source]
(Nebula coauthor here)

People sometimes ask me to describe the differences between Nebula and Tailscale. One of the most important relates to performance and scale. Nebula can handle the amount of internal network traffic and scalability of nodes (100k+ nodes, constant churn) required on a large network like Slack's, but Tailscale cannot. Tailscale's performance is fine for many situations, but not suitable for infrastructure. It is just a fundamentally different set of goals.

Nebula was created and open sourced before Tailscale was offering their product, but their architecture is similar to older offerings in the market, and is something we purposely avoided when creating Nebula.

Fwiw, I even recommend Tailscale to friends who want to do things like connect to their Plex server or Synology or [other thing] at home remotely. It simplifies this kind of thing greatly and doesn't require you to set up any infrastructure you control directly, which can be a headache for folks who just want to reach a handful of computers/devices.

replies(6): >>31261776 #>>31261960 #>>31262150 #>>31262492 #>>31263218 #>>31264233 #
stavros ◴[04 May 22 15:22 UTC] No.31261776[source]
Does Nebula have anything like Tailscale's rules engine? I am absolutely in love with being able to configure all my connections by just specifying a JSON file somewhere. No need to have firewalls, the configuration specifies which service or user can talk to which.

That having been said, I also am wary of using Tailscale for the same reasons as above, I have to trust Tailscale and Github? I can maybe justify trusting Tailscale, but trusting GH/Microsoft/other SSO provider is a bridge too far.

replies(1): >>31261821 #
1. rhuber ◴[04 May 22 15:26 UTC] No.31261821[source]
It does! In fact replacing AWS security groups and making them cross region and cross platform was probably the first goal of the project. My coauthor, Nate, wrote Nebula's internal firewall code before we wrote a single line of the actual protocol, because he wanted to ensure it was performant enough for massive scale.
replies(1): >>31262134 #
2. stavros ◴[04 May 22 15:49 UTC] No.31262134[source]
Well that is great, thank you! I will play with it today.
replies(1): >>31264527 #
3. stavros ◴[04 May 22 19:04 UTC] No.31264527[source]
Ah, it looks like the firewall rules need to be copied to each host separately. That's not a dealbreaker, but not as easy to deploy as having them managed centrally (by the lighthouse, I guess?).