Not sure they are using l2 transit.

They are using BGP and routing nodes (backbones), recreating a mini IP (layer 3) network I think.

I've used raw wireguard in a p2p fashion to interconnect LANs. I run wireguard on each segment directly inside the network routers.

Just make sure all LANs are using a different subnet. A /24 is standard. Then configure all the peers and you get a fully peer to peer network. No relays. You only need one side of every peer "pair" to be reachable from the internet.

I do have a small management script to help peer discovery (dynamic IPs) and key exchange, but it's not strictly required. With a dozen nodes or so, it's maintainable manually. Wireguard supports roaming natively, as long as one peer can reach the other.

Very little overhead. ICMP, TCP and UDP support.

Oh this make sense. For LAN, one definitely want L2. Totally overlooked the objective.

This kind of defeats the purpose of TPL. Part of TPL is setting up your own network segment. There's a dashboard that shows who has what working.

Part of the fun of TPL isn't just that your computer can talk to another computer, it's that you have your own setup configured form the ground up so your /24 can talk to other /24s on TPL. I 100% understand some people will not enjoy that and won't find it fun, and that is ok. Some people do enjoy learning new things about setting up infrastructure, and this scratches some of that itch.

Yeah.

I personally ran into the legacy setup issue for running vanilla Wireguard for my setup before Tailscale is a thing and have to manually manage keys, routing and DNS.

But one thing Tailscale has that annoyed me is that they are using 100.64 CGNAT addresses (which is more RFC-compliant) but conflicts with one of my cloud service provider's pre-configured DNS, NTP and software mirrors setup. Using it became more or less messy for this reason.