←back to thread

The New Internet

(tailscale.com)
517 points ingve | 8 comments | 26 Jul 24 18:29 UTC | HN request time: 0.901s | source | bottom
Show context
figassis ◴[26 Jul 24 23:11 UTC] No.41083146[source]
I love Tailscale, but this post gives me the creeps. The internet succeeded because it was built on standards and was completely free. With Tailscale, I get wireguard is open source and we have things like Headscale. But the whole everyone gets an IP, doesn’t it depend on Tailscale owning a massive ip address space? We can all wait until full ipv6 rollout, or we can depend on centralized ipv4, and servers and proprietary stuff. Maybe a bit hypocritical?
replies(4): >>41083199 #>>41083232 #>>41084277 #>>41085916 #
1. jmprspret ◴[27 Jul 24 03:36 UTC] No.41084277[source]
You can self-host a Tailscale control sever with Headscale[1]. It's not quite at feature parity with Tailscale, but it supports most if not all the current feature set and its improving every day. One of the lead devs is even paid by Tailscale to work on it, IIRC.

I run it for my personal self-hosted infra, and it works really well. Setting a custom control server URL is relatively easy (at least on Windows and Android which I use).

I use taildrop, I serve docker containers to the tailnet, etc. headscale works really well and is worth a go.

1: https://github.com/juanfont/headscale

replies(2): >>41084324 #>>41084808 #
2. cpach ◴[27 Jul 24 03:51 UTC] No.41084324[source]
Cool! Any important features you miss when running Headscale?
replies(3): >>41084477 #>>41087097 #>>41090468 #
3. jmprspret ◴[27 Jul 24 04:34 UTC] No.41084477[source]
Nothing that I've noticed. I actually have never run vanilla Tailscale without Headscale so I'm not sure.

I think auto TLS requires some extra config, and DNS rules. I don't use it so I'm not sure.

4. password4321 ◴[27 Jul 24 06:30 UTC] No.41084808[source]
The question is: how long will Headscale be supported in the official clients - how long will the incentives of Tailscale's VC's align with the freeloaders?

The official clients (most valuable: the polished mobile apps easily installed from the default app stores) are one auto-update away from cutting ties when push comes to shove, the same as all commercial VPNs with a free tier.

replies(2): >>41084904 #>>41085293 #
5. figassis ◴[27 Jul 24 06:56 UTC] No.41084904[source]
I think clients are the least to worry about. They can be built by someone else if the need arises.
6. jmprspret ◴[27 Jul 24 08:48 UTC] No.41085293[source]
The clients are the open source part of Tailscale. They can be forked and built by someone else if required.

However I do not think Tailscale is going to remove the custom control URL feature from their mobile clients. For one, I think there are legitimate "Tailscale Enterprise" use-cases for the custom login server.

Additionally, I have heard that Tailscale has been supportive of the Headscale project, providing assistance to the devs.

Further, Tailscale seems fairly committed to keeping their clients open sourced, and engaging in the developer community. Of course as you can say this can change at any time.

7. p_l ◴[27 Jul 24 15:13 UTC] No.41087097[source]
Mostly support for features relevant to multi tenancy - official tailscale stuff does things like separate "tailnets" that belong to different accounts which have different SSO, but you can share access to hosts between tailnets with ACL rules, etc. Also tailscale funnel which uses tailscale-hosted service to provide ingress to host behind VPN.

And of course the API used to manage the official server, so the rare things that depend on it won't work, but it's more a case that the project doesn't have the need to work on it

8. mrbluecoat ◴[28 Jul 24 00:54 UTC] No.41090468[source]
DoH DNS support (beyond the single existing NextDNS option)