Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
plantinthebok 11 hours ago

What's the actual win here? Avoiding relay latency in the rare cases Tailscale can't punch through NAT? If that's it, a $3 VPS running Headscale seems simpler. The complexity feels like you're optimizing for the 5% case while adding permanent vendor lock in. What am I missing?

k_bx 10 hours ago | parent | next [-]

$3 VPS running Headscale is not simpler since you won't be able to run both headscale and tailscale on your end user machines, I don't recommend it.

The solution we've found is running a white IP container (or VPS) which looks like regular Wireguard outside, while inside it "forwards" to your existing tailscale network.

I don't remember if we use https://github.com/gravitl/netmaker or https://github.com/juhovh/tailguard

Also see: https://tailscale.com/blog/peer-relays-beta

zrail 9 hours ago | parent | prev | next [-]

Tailscale has what they call Peer Relays now to help solve this problem:

https://tailscale.com/blog/peer-relays-beta

killingtime74 11 hours ago | parent | prev | next [-]

For many homelabbers, just being cheap and avoiding the $3 VPS, that's it

anon7000 5 hours ago | parent | next [-]

Exactly, just today I set up a cloudflare tunnel to a docker compose service running on my home server. I didn’t want to expose the server directly to the internet, and I want to share this service on a certain domain with broader family.

I have a server at home that works well. I don’t reaaaally want to pay an extra $30-$40/yr and have an extra thing to manage when the CF tunnel works fine for free. I like Tailscale more, but I want to share this with family who won’t install TS and also want to use a specific domain.

comrh 10 hours ago | parent | prev [-]

I dont even pay anything, my tiny homelab is completely covered by the free tier

kohbo 9 hours ago | parent [-]

What provider still has decent free tier?

antonkochubey 9 hours ago | parent [-]

Oracle. 4 vCPU, 24 GB RAM, 200 GB SSD. It’s arm64 but nowadays that doesn’t really matter.

Incipient 7 hours ago | parent | next [-]

That can't possibly be free?

jazzyjackson 4 hours ago | parent | next [-]

https://docs.oracle.com/en-us/iaas/Content/FreeTier/freetier...

Only caveat I see is they reserve the right to delete underutilized/ idling instances

renewiltord 5 hours ago | parent | prev [-]

That’s generous but Oracle is very generous.

gear54rus 8 hours ago | parent | prev [-]

Which region were you able to create this in? They seem to be out of capacity all the time in EU.

throwaway678339 11 hours ago | parent | prev | next [-]

I don't think you are missing anything. They have a bunch of half baked features like this that aren't as robust as real security vendors and lock you in just like you said.

josteink 11 hours ago | parent | prev [-]

Maybe I’m misunderstanding something…

But are you accusing someone of promoting vendor lock-in (cloudflare) while at the same time promoting vendor lock-in (tailscale)?

If you’re ok with vendor lock-in, shouldn’t you in theory be ok with any vendor?

bingo-bongo 10 hours ago | parent | next [-]

Headscale is the not-vendor-login version of Tailscale.

fragmede 10 hours ago | parent | prev [-]

No. Not all vendors are equal. We can treat ProtonMail differently then Gmail, for example. Looking at what's gone down with VMware, definitely don't get in bed with Broadcom.