←back to thread

Tailscale raises $100M

(tailscale.com)
854 points gmemstr | 1 comments | 04 May 22 13:17 UTC | HN request time: 0.267s | source
Show context
boesboes ◴[04 May 22 13:43 UTC] No.31260274[source]
For anyone else who wonders wtf tailscale is:

> Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. It enables encrypted point-to-point connections using the open source WireGuard protocol, which means only devices on your private network can communicate with each other.

It seems to take care of key distribution, nat-traversal, authentication etc etc

Neat! No sure how that is 'fixing internet' exactly, but really cool anyway

replies(8): >>31260403 #>>31260446 #>>31260650 #>>31260654 #>>31260970 #>>31261908 #>>31268396 #>>31268813 #
yrro ◴[04 May 22 13:55 UTC] No.31260446[source]
Tailscale is one of the ways you can restore the end-to-end connectivity principle that IP introduced and that NAT destroyed.
replies(2): >>31260512 #>>31261439 #
legalcorrection ◴[04 May 22 13:59 UTC] No.31260512[source]
This is kind of overstated. Even if everyone went IPv6 and gave every device a public IP address, pretty much every network would have a firewall that behaved just like NAT.
replies(4): >>31260541 #>>31260693 #>>31260790 #>>31262162 #
Spivak ◴[04 May 22 14:01 UTC] No.31260541[source]
Yeah, no one is going to allow unsolicited inbound connections even without NAT so you still have to have something to hook up the two ends in a P2P setting.
replies(1): >>31260919 #
throw0101a ◴[04 May 22 14:26 UTC] No.31260919[source]
> Yeah, no one is going to allow unsolicited inbound connections even without NAT so you still have to have something to hook up the two ends in a P2P setting.

Sure they are. All home routers that I'm aware of allow for port forwarding so folks can self-host a service: perhaps a game server (e.g., Minecraft), web, e-mail, etc.

It's just going forward you can set up a separate subnet to put your gear in (especially if you get multiple /64 subnets from your ISP). You can have a DMZ, and use either the router- and/or host-level firewall to dictate which connections are allowed.

replies(2): >>31261261 #>>31263755 #
zinekeller ◴[04 May 22 14:50 UTC] No.31261261[source]
... if your definition of "home routers" excludes ISP-provided ones, then I'll agree. Unfortunately, I'm pretty sure that either you are on an ISP that actually cared and found a good supplier or didn't check out what are the capabilities of ISP-provided routers.
replies(2): >>31262101 #>>31264973 #
1. throw0101a ◴[04 May 22 19:51 UTC] No.31264973[source]
With IPv4 I have to worry about UPnP/PCP working and TURN/STUN/etc non-sense when it comes to peer-to-peer protocols. With IPv6 I only have to worry about about UPnP/PCP working. In my books that's an improvement.

If I want to self-host something, then with IPv4 I have publish my IP and worry about the CPE supporting port forwarding. With IPv6 I have publish my IP and use UPnP/PCP to allow all connections. Is there any CPE gear that does not support UPnP/PCP?