←back to thread

Tailscale raises $100M

(tailscale.com)
854 points gmemstr | 2 comments | 04 May 22 13:17 UTC | HN request time: 0s | source
Show context
boesboes ◴[04 May 22 13:43 UTC] No.31260274[source]
For anyone else who wonders wtf tailscale is:

> Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. It enables encrypted point-to-point connections using the open source WireGuard protocol, which means only devices on your private network can communicate with each other.

It seems to take care of key distribution, nat-traversal, authentication etc etc

Neat! No sure how that is 'fixing internet' exactly, but really cool anyway

replies(8): >>31260403 #>>31260446 #>>31260650 #>>31260654 #>>31260970 #>>31261908 #>>31268396 #>>31268813 #
yrro ◴[04 May 22 13:55 UTC] No.31260446[source]
Tailscale is one of the ways you can restore the end-to-end connectivity principle that IP introduced and that NAT destroyed.
replies(2): >>31260512 #>>31261439 #
legalcorrection ◴[04 May 22 13:59 UTC] No.31260512[source]
This is kind of overstated. Even if everyone went IPv6 and gave every device a public IP address, pretty much every network would have a firewall that behaved just like NAT.
replies(4): >>31260541 #>>31260693 #>>31260790 #>>31262162 #
Spivak ◴[04 May 22 14:01 UTC] No.31260541[source]
Yeah, no one is going to allow unsolicited inbound connections even without NAT so you still have to have something to hook up the two ends in a P2P setting.
replies(1): >>31260919 #
throw0101a ◴[04 May 22 14:26 UTC] No.31260919[source]
> Yeah, no one is going to allow unsolicited inbound connections even without NAT so you still have to have something to hook up the two ends in a P2P setting.

Sure they are. All home routers that I'm aware of allow for port forwarding so folks can self-host a service: perhaps a game server (e.g., Minecraft), web, e-mail, etc.

It's just going forward you can set up a separate subnet to put your gear in (especially if you get multiple /64 subnets from your ISP). You can have a DMZ, and use either the router- and/or host-level firewall to dictate which connections are allowed.

replies(2): >>31261261 #>>31263755 #
1. legalcorrection ◴[04 May 22 17:58 UTC] No.31263755{3}[source]
The point is for the user to not have to go configure their firewall.
replies(1): >>31264872 #
2. throw0101a ◴[04 May 22 19:41 UTC] No.31264872[source]
Which can be done via UPnP and PCP, and without having to maintain TURN/STUN/etc infrastructure. The latter of which can only be done with IPv6, since with IPv4 you're NATing.

So IPv6 makes things easier—which was the point of my post: IPv6 makes things easier.