←back to thread

An open source, self-hosted implementation of the Tailscale control server

(github.com)
345 points quyleanh | 6 comments | 03 Apr 25 00:23 UTC | HN request time: 0.001s | source | bottom
Show context
pilif ◴[03 Apr 25 03:15 UTC] No.43564293[source]
Keep in mind that for many use cases (mobile access, GUI on macOS), this relies on the official Tailscale clients keeping the ability to set the control server.

The moment the inevitable enshitification will start at Tailscale, this feature will go away.

I’m saying this as a currently super happy Tailscale customer who was burned multiple times in the past by other companies being sold or running out of VC money

replies(3): >>43564474 #>>43569271 #>>43574311 #
sixothree ◴[03 Apr 25 13:25 UTC] No.43569271[source]
Tailscale clients are the thing I am least happy about with Tailscale. Specifically mobile clients and battery usage.

The reason I can't use Tailscale at work is because it routes traffic through servers we can't control.

I would _love_ to use tailscale at work. It would solve so many problems. I am okay with being forced to open ports. But tunneling traffic through them is extremely worrysome.

replies(2): >>43569840 #>>43570062 #
1. pilif ◴[03 Apr 25 14:02 UTC] No.43569840[source]
> Specifically mobile clients and battery usage.

yes. Battery usage is super bad, mainly because of their DNS features which forces every DNS resolution to go through their network extension. At least recent updates have stopped the background power usage when you disconnect from the network in the app.

>But tunneling traffic through them is extremely worrysome.

it only does that in case of super bad NATs that make the usual NAT traversal techniques impossible. And presumably, the traffic is end-to-end-encrypted, so it doesn't matter if they have to be in the loop.

If you don't trust them to properly end-to-end encrypt, then it really doesn't matter whether they are in the loop for forwarding a packet or not because if you don't trust them to encrypt properly, all bets are off to begin with.

If you trust them however, it doesn't matter where the traffic is flowing through because only the intended machine is able to decrypt it.

replies(1): >>43570550 #
2. dcow ◴[03 Apr 25 14:48 UTC] No.43570550[source]
On the battery topic I’m curious if you have anything more than anecdotal evidence. A basic full tunnel wg network extension doesn’t affect battery in a noticeable or unacceptable way, in my experience. Is tailscale’s implementation doing more in a way you can isolate and attribute to poor battery?
replies(2): >>43570955 #>>43578016 #
3. sixothree ◴[03 Apr 25 15:15 UTC] No.43570955[source]
I can see it (tailscale) in my battery usage on multiple devices. 20 hours of background usage per day is a bit much if you ask me.
replies(1): >>43571483 #
4. CharlesW ◴[03 Apr 25 15:51 UTC] No.43571483{3}[source]
FWIW: On iOS 18.4 my Battery report for the last 10 days is ~128h of background activity, using ~2% of my battery life.
5. pilif ◴[04 Apr 25 03:22 UTC] No.43578016[source]
Tailscale on my iPhone is unusable while connected in the background. The battery consumption reporting diagram is all 100% filled light blue bars, all attributed to Tailscale.

I’m using their MagicDNS feature with three domains and I think that’s the reason

replies(1): >>43579326 #
6. pilif ◴[04 Apr 25 07:35 UTC] No.43579326{3}[source]
here's the GitHub issue tracking the problem:

https://github.com/tailscale/tailscale/issues/3363