←back to thread

Tailscale raises $100M

(tailscale.com)
854 points gmemstr | 2 comments | 04 May 22 13:17 UTC | HN request time: 0.688s | source
Show context
boesboes ◴[04 May 22 13:43 UTC] No.31260274[source]
For anyone else who wonders wtf tailscale is:

> Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. It enables encrypted point-to-point connections using the open source WireGuard protocol, which means only devices on your private network can communicate with each other.

It seems to take care of key distribution, nat-traversal, authentication etc etc

Neat! No sure how that is 'fixing internet' exactly, but really cool anyway

replies(8): >>31260403 #>>31260446 #>>31260650 #>>31260654 #>>31260970 #>>31261908 #>>31268396 #>>31268813 #
yrro ◴[04 May 22 13:55 UTC] No.31260446[source]
Tailscale is one of the ways you can restore the end-to-end connectivity principle that IP introduced and that NAT destroyed.
replies(2): >>31260512 #>>31261439 #
legalcorrection ◴[04 May 22 13:59 UTC] No.31260512[source]
This is kind of overstated. Even if everyone went IPv6 and gave every device a public IP address, pretty much every network would have a firewall that behaved just like NAT.
replies(4): >>31260541 #>>31260693 #>>31260790 #>>31262162 #
throw0101a ◴[04 May 22 14:18 UTC] No.31260790[source]
> Even if everyone went IPv6 and gave every device a public IP address, pretty much every network would have a firewall that behaved just like NAT.

No, they do not behave just like NAT. With NAT you have two problems:

* figuring out your address

* firewall hole punching

With IPv6 you already know your address and just give it to the peer you are communicating with. You then tell your firewall to allow connections from the address(:port) that the peer tells you. No STUN, no TURN, no ICE.

* https://en.wikipedia.org/wiki/Hole_punching_(networking)

* https://en.wikipedia.org/wiki/Port_Control_Protocol

* https://en.wikipedia.org/wiki/Universal_Plug_and_Play

* http://www.upnp.org/resources/documents/AnnexA-IPv6_000.pdf

This helps immensely for residential connections since people (generally) control their gateways, and with more and more higher speed (fibre) connections being done, it could help in more self-hosted and peer-to-peer services.

What one is allowed to do at the office would be dictated by the policy(s) of your employer: they could allow PCP/uPNP opening via authenticated requests for example.

replies(2): >>31261032 #>>31263531 #
1. irq-1 ◴[04 May 22 17:38 UTC] No.31263531[source]
> With IPv6 you already know your address and just give it to the peer you are communicating with. You then tell your firewall to allow connections from the address(:port) that the peer tells you. No STUN, no TURN, no ICE.

What about phone networks? (in the US providers block all incoming traffic.) Or other ISPs that block incoming traffic?

NAT has been used to address a fundamental problem of what traffic can be trusted. That's what Tailscale fixes.

replies(1): >>31264905 #
2. ◴[04 May 22 19:44 UTC] No.31264905[source]