Tailscale raises $100M

I was going to try TailScale but then it seemed the only option to do so as an individual was to login with a 3rd party cloud provider, which I in no way want tied into my networks.

I gave up and just setup wireguard directly instead, I don't trust Tailscale either if that's their attitude towards privacy, it's permanently marred my vision of their product.

Indeed, this is why I won't use it either. I settled on Slack's Nebula [0] instead of wireguard because it handles direct p2p communication between nodes automatically.

There also exists an open source implementation of the tailscale control server [1] that you could self host.

[0] https://github.com/slackhq/nebula

[1] https://github.com/juanfont/headscale

Absolutely love nebula and really wanted it to win when I did my overlay network shootout (for personal use). But device on-boarding and management was overly complex for a lay person (I have a couple users that would require access).

I settled on ZeroTier for now. Unfortunately, I don't think ZeroTier is my long term solution. Their self-hosted option comes with a plethora of caveats that make it basically unusable. And I'm always scared companies that offer free versions of their paid product will eventually neuter the free tier.

I'll be keeping an eye on headscale. Hopefully they get their mobile client situation in order.

I am curious what you found complex - was it the PKI? I was able to get Nebula up and running WAY faster than any of the others. It's two (well really only one) binaries and a config file - the simplicity is awesome.

I found it too complex for a lay person. On a regular computer or server its not too bad. I can send someone a config file with the certs and keys already built in. That's easy enough. But on mobile it requires a back and forth exchange of keys over a different medium.

Compare that to ZeroTier where I can just tell someone, "install this app and punch in this Network ID". Also, ZT lets me control the entire network firewall from a centralized place. Where Nebula is doing it on a per-client basis and requires new certs if device groups change.

I don't want to talk up ZT too much though. Their self-hosted option is a joke. There is no webui. You have to do everything via the API...including the firewall rules; And you have to write those rules in the non-human readable format that their webui abstracts away. Worse still, their mobile apps won't work with the self-hosted option. I used them to get something up and running quickly, but I'll probably end up on Nebula anyways.

> Their self-hosted option is a joke. There is no webui.

There's a community developed one:

https://github.com/key-networks/ztncui

I had looked at this. It doesn't seem like they've implemented anything to handle firewall rules. They may not even be able to, seeing as how that part of ZT is closed source. Also, this doesn't solve the problem with mobile apps, so the whole thing was a moot point for me.