Most active commenters

    ←back to thread

    The New Internet

    (tailscale.com)
    517 points ingve | 15 comments | 26 Jul 24 18:29 UTC | HN request time: 0.737s | source | bottom
    Show context
    figassis ◴[26 Jul 24 23:11 UTC] No.41083146[source]
    I love Tailscale, but this post gives me the creeps. The internet succeeded because it was built on standards and was completely free. With Tailscale, I get wireguard is open source and we have things like Headscale. But the whole everyone gets an IP, doesn’t it depend on Tailscale owning a massive ip address space? We can all wait until full ipv6 rollout, or we can depend on centralized ipv4, and servers and proprietary stuff. Maybe a bit hypocritical?
    replies(4): >>41083199 #>>41083232 #>>41084277 #>>41085916 #
    1. jgalt212 ◴[26 Jul 24 23:28 UTC] No.41083232[source]
    If you had to move off of tailscale, what would you move to?
    replies(5): >>41083267 #>>41083346 #>>41084219 #>>41087337 #>>41090485 #
    2. OJFord ◴[26 Jul 24 23:33 UTC] No.41083267[source]
    Zerotier is I think the obvious answer? I haven't used it though; it's more proprietary, not less.
    replies(2): >>41083854 #>>41085084 #
    3. Fnoord ◴[26 Jul 24 23:47 UTC] No.41083346[source]
    I use WireGuard. As you add more keypairs, it becomes a bit of a nightmare to maintain, though Vim with syntax highlighting helps a lot.

    Because of this, I'll be switching to Headscale + Tailscale.

    replies(1): >>41092327 #
    4. ssl-3 ◴[27 Jul 24 01:30 UTC] No.41083854[source]
    AFAIK, Zerotier is about equally proprietary, more-free (as in beer), and has been doing the node-to-node mesh thing instead of spoke-and-hub longer than Tailscale has been in existence.

    And if I remember correctly, ZT was initially created to provide something like this "New Internet" concept that Tailscale has apparently recently discovered, except they called it "Earth" and abandoned it in 2023.

    (Some things don't change, I guess.)

    replies(1): >>41086593 #
    5. yjftsjthsd-h ◴[27 Jul 24 03:16 UTC] No.41084219[source]
    I think nebula is the obvious FOSS competitor? With the unfortunate exception of the Android client being closed source.
    replies(2): >>41085073 #>>41099099 #
    6. sph ◴[27 Jul 24 07:45 UTC] No.41085073[source]
    I use Nebula because its iOS client does not drain my battery. Tailscale has had that known bug for years and they never managed to fix it, which is a major deal breaker.
    replies(1): >>41090285 #
    7. viraptor ◴[27 Jul 24 07:47 UTC] No.41085084[source]
    Kinda? It works great in practice. You can run your own controllers if you want which completely disconnects you from the proprietary service. But the code is BSL.
    replies(1): >>41085605 #
    8. OJFord ◴[27 Jul 24 10:25 UTC] No.41085605{3}[source]
    I didn't mean to suggest it doesn't work well, as I said I've not used it.

    It's still proprietary if you self-host it, I was thinking in particular that tailscale uses Wireguard and Zerotier uses something custom, i.e. proprietary. Note that the context was:

    > The internet succeeded because it was built on standards and was completely free. With Tailscale, I get wireguard is open source and we have things like Headscale. But [...]

    to which the commenter I replied to asked of alternatives. So I wasn't saying tailscale great and open and standards compliant, and Zerotier not; I was saying it's the obvious competitor but if that's your problem with tailscale then it's if anything worse in that regard.

    9. p_l ◴[27 Jul 24 13:50 UTC] No.41086593{3}[source]
    Tailscale does p2p, not hub-spoke, with additional DERP system which combines various NAT bypasses with worst case hair pinning over HTTPS - you can host all components yourself.
    replies(1): >>41092161 #
    10. dandanua ◴[27 Jul 24 15:54 UTC] No.41087337[source]
    I think Nebula is much much closer to the "new internet". Lighthouse nodes can serve as untrusted brokers that help to connect everyone securely. No need in a central authority with God-like importance, as the Tailscale CEO obviously wants to have.
    11. jacooper ◴[28 Jul 24 00:04 UTC] No.41090285{3}[source]
    They have released a slew of updates recently to fix this, and they did a complete rewrite of the Android app
    12. mrbluecoat ◴[28 Jul 24 00:59 UTC] No.41090485[source]
    NetBird is a promising option. OpenZiti is another. ZeroTier hasn't evolved much, IMHO. Would also love to see someone breathe new life into https://github.com/omniedgeio/omniedge
    13. ssl-3 ◴[28 Jul 24 09:31 UTC] No.41092161{4}[source]
    You're absolutely correct.

    I didn't intend to leave to implication the fact that Tailscale is node-to-node, or that it is is not hub-and-spoke.

    (I even had this up in a browser tab when I wrote that previous comment: https://tailscale.com/blog/how-tailscale-works)

    14. chgs ◴[28 Jul 24 10:27 UTC] No.41092327[source]
    It depends on your use case. I use wg back to two geographically independent locations, keys are managed via our ipam.

    I don’t need EW traffic over the VPN, very NS based. Something like Headscale or another SDWan solution (automatically establishing vpn routes) would make sense if I needed to transport a lot of traffic E-W, that’s just not a requirement

    15. PLG88 ◴[29 Jul 24 09:23 UTC] No.41099099[source]
    OpenZiti would be another - https://openziti.io/. I work on the project. 1 issue with Nebula is the provisioning new clients with identities. Its not completely open sourced by the Nebula company.