Tailscale raises $100M

For anyone else who wonders wtf tailscale is:

> Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. It enables encrypted point-to-point connections using the open source WireGuard protocol, which means only devices on your private network can communicate with each other.

It seems to take care of key distribution, nat-traversal, authentication etc etc

Neat! No sure how that is 'fixing internet' exactly, but really cool anyway

Tailscale is one of the ways you can restore the end-to-end connectivity principle that IP introduced and that NAT destroyed.

This is kind of overstated. Even if everyone went IPv6 and gave every device a public IP address, pretty much every network would have a firewall that behaved just like NAT.

> Even if everyone went IPv6 and gave every device a public IP address, pretty much every network would have a firewall that behaved just like NAT.

No, they do not behave just like NAT. With NAT you have two problems:

* figuring out your address

* firewall hole punching

With IPv6 you already know your address and just give it to the peer you are communicating with. You then tell your firewall to allow connections from the address(:port) that the peer tells you. No STUN, no TURN, no ICE.

* https://en.wikipedia.org/wiki/Hole_punching_(networking)

* https://en.wikipedia.org/wiki/Port_Control_Protocol

* https://en.wikipedia.org/wiki/Universal_Plug_and_Play

* http://www.upnp.org/resources/documents/AnnexA-IPv6_000.pdf

This helps immensely for residential connections since people (generally) control their gateways, and with more and more higher speed (fibre) connections being done, it could help in more self-hosted and peer-to-peer services.

What one is allowed to do at the office would be dictated by the policy(s) of your employer: they could allow PCP/uPNP opening via authenticated requests for example.

No, no, no, no. You haven't really experienced the quality of IPv6 routers at home. The only thing that I can (probably) say with confidence is you will not need TURN, and even that assumption can be broken with even more restrictive firewalls that block nearly all UDP traffic or even not know your real public address because IPv6 NAT does exist (https://blogs.infoblox.com/ipv6-coe/you-thought-there-was-no..., https://datatracker.ietf.org/doc/html/rfc6296), but fortunately this is usually found in enterprise stuff. NAT-PMP or router UPnP is probably the wildest: majority don't (remember that I'm focusing on ISP routers since that most people don't bother to switch to actual routers...*), some only on IPv4 (which is even more frustrating), and only few supports it correctly. Worse, those same broken garbage-level routers have NAT-like firewalls: at least you know what address and port you will contact the other computer, but you will still need UDP (TCP handshake will be very problematic) and you will still need keepalives (or otherwise your firewall will just close the port).

* ... and most that do get another router (usually because they have seen that their Wi-Fi on the "modem" is bad) don't turn on** bridge mode which will be a definite headache on both IPv4 (double NAT) and IPv6 (address conflict, especially if you're using an ISP like Comcast that would only allocate a /64 and no more.

** ... because you need to call up the ISP or even outright refused to bridge it (either because they're stupid but you don't have another ISP to switch or the equipment manufacturer of their garbage special router didn't program one).

> No, no, no, no. You haven't really experienced the quality of IPv6 routers at home.

I've been running IPv6 at home >2 years. You're telling me that my own experience is invalid?

No, not necessarily, but if you're using an aftermarket router rather than an ISP-supplied router, then this rather long list is not applicable to you.