←back to thread

Knocker, a knock based access control system for your homelab

(github.com)
67 points xlmnxp | 1 comments | 22 Oct 25 08:37 UTC | HN request time: 0s | source
Show context
eastabrooka ◴[22 Oct 25 09:44 UTC] No.45666781[source]
Its 2025, Just use Tailscale.
replies(1): >>45666830 #
lucideer ◴[22 Oct 25 09:51 UTC] No.45666830[source]
If you're running a homelab, the likelihood that you're interested in removing cloud-dependencies from your stack is above average. If that's the case, Tailscale is out.

Tailscale is just an added unnecessary external dependency layer (& security attack surface) on top of vanilla Wireguard. And in 2025 it's easier to run vanilla Wireguard than it's ever been.

replies(4): >>45666870 #>>45667234 #>>45670582 #>>45672775 #
bakugo ◴[22 Oct 25 15:26 UTC] No.45670582[source]
Normally I'd agree with the philosophy, but I don't really see how you can say this about vanilla Wireguard in particular considering how involved it is, especially if you have more than 2 devices that you want to connect together.

Not only do you need to manually manage the keys for each device and make sure they're present in every other device's configuration, but plain Wireguard also cannot punch through NATs and firewalls without any open ports like Tailscale can, as far as I know.

Combine that with the fact that networking issues can be some of the hardest to diagnose and fix, and something like Tailscale becomes a no-brainer. If you prefer using plain Wireguard instead, that's fine, and I still use it too for some more specific use cases, but trying to argue that Tailscale is entirely unnecessary is just wrong.

replies(2): >>45673797 #>>45679682 #
1. lucideer ◴[22 Oct 25 19:15 UTC] No.45673797[source]
> trying to argue that Tailscale is entirely unnecessary is just wrong

Tailscale is great if it meets your requirements, & it probably does for most - I wasn't arguing that at all. Only that it won't be an option for everyone: in particular a non-tiny subset of home server hosters.