←back to thread

Tailscale has raised $160M

(tailscale.com)
655 points louis-paul | 6 comments | 08 Apr 25 10:36 UTC | HN request time: 0.001s | source | bottom
Show context
geenat ◴[08 Apr 25 17:36 UTC] No.43624362[source]
IMHO they should be a good steward and toss the Wireguard guy a mil considering Tailscale is pretty much Wireguard with a GUI on top.
replies(5): >>43624486 #>>43624493 #>>43624614 #>>43624907 #>>43626644 #
aborsy ◴[08 Apr 25 17:46 UTC] No.43624493[source]
This is not correct. Wireguard establishes a tunnel between peer A and B, and its simplicity stops there. Tailscale does tons of complex networking, filtering, nat traversal, DNS, file sharing, etc. Wireguard is a small part of the codebase today, which has grown a lot.

It’s a bit like saying Dropbox is just a GUI on top of TLS.

replies(4): >>43624594 #>>43624613 #>>43624623 #>>43624826 #
homebrewer ◴[08 Apr 25 17:55 UTC] No.43624613[source]
Most of this was successfully done 20 years ago by tinc, which is a project written by a couple of European guys in their free time. It even supports routing traffic through other peers and does peer discovery just like BitTorrent (but before BitTorrent even existed) — there is no need for a central server.

What tailscale has over it is hype, lots and lots of hype. Also a much more well thought out, and arguably more secure VPN protocol underneath, which is why GP's comment is on point.

replies(3): >>43624715 #>>43625031 #>>43626239 #
1. tptacek ◴[08 Apr 25 18:32 UTC] No.43625031[source]
If it's hype, it's not hype the way you're thinking. I've shown Tailscale to a lot of people (this is less salient now, when pretty much everybody uses Tailscale) and the most common reaction I've gotten is "holy shit". It is spooky simple to get working, and it's spooky simple to go from a working installation to a VPN configuration that would take many many hours to replicate with pre-existing tools.

There may be VPN nerds out there who think there's nothing special happening with Tailscale, but I submit those nerds haven't spent a lot of time dealing with the median, replacement-level VPN configuration prior to Tailscale. I'm a pentester, and so I have had that pleasure. Tailscale is revolutionary compared to what it replaced.

replies(2): >>43625349 #>>43625937 #
2. formerly_proven ◴[08 Apr 25 19:00 UTC] No.43625349[source]
My only technical complaint with Tailscale is that its hole punching doesn't seem to work with some common CGNATs/double NATs when both endpoints are using them, and then traffic ends up trickling through their public proxy servers, while running your own is kinda annoying and not recommended or documented.
replies(1): >>43626828 #
3. candiddevmike ◴[08 Apr 25 20:07 UTC] No.43625937[source]
Because you're delegating the control plane to Tailscale. Somehow we went decades without this being a thing for security reasons, dealt with the management of VPN appliances, and now suddenly everyone is OK with Tailscale owning the control plane of their VPN for the sake of convenience.
replies(2): >>43626093 #>>43628530 #
4. ◴[08 Apr 25 21:29 UTC] No.43626658{3}[source]
5. password4321 ◴[08 Apr 25 21:51 UTC] No.43626828[source]
> running your own [proxy servers] is kinda annoying and not recommended or documented

?? https://tailscale.com/kb/1118/custom-derp-servers

6. eadmund ◴[09 Apr 25 03:07 UTC] No.43628530[source]
For a company this is probably okay: companies rely on other companies all the time, and can enforce contracts. I would gladly use tailscale at my company.

For an individual, heck no. Fortunately, headscale exists for individuals to use.