Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
philips 4 hours ago

I agree! Before Tailscale I was completely skeptical of self hosting.

Now I have tailscale on an old Kindle downloading epubs from a server running Copyparty. Its great!

ryandrake 4 hours ago | parent [-]

Maybe I'm dumb, but I still don't quite understand the value-add of Tailscale over what Wireguard or some other VPN already provides. HN has tried to explain it to me but it just seems like sugar on top of a plain old VPN. Kind of like how "pi-hole" is just sugar on top of dnsmasq, and Plex is just sugar on top of file sharing.

Jtsummers 4 hours ago | parent | next [-]

I think you answered the question. Sugar. It's easier than managing your own Wireguard connections. Adding a device just means logging into the Tailscale client, no need to distribute information to or from other devices. Get a new phone while traveling because yours was stolen? You can set up Tailscale and be back on your private network in a couple minutes.

Why did people use Dropbox instead of setting up their own FTP servers? Because it was easier.

simonw 4 hours ago | parent | prev | next [-]

If you're confident that you know how to securely configure and use Wireguard across multiple devices then great, you probably don't need Tailscale for a home lab.

Tailscale gives me an app I can install on my iPhone and my Mac and a service I can install on pretty much any Linux device imaginable. I sign into each of those apps once and I'm done.

The first time I set it up that took less than five minutes from idea to now-my-devices-are-securely-networked.

Cyph0n 4 hours ago | parent | prev | next [-]

It’s a bit more than sugar.

1. 1-command (or step) to have a new device join your network. Wireguard configs and interfaces managed on your behalf.

2. ACLs that allow you to have fine grained control over connectivity. For example, server A should never be able to talk to server B.

3. NAT is handled completely transparently.

4. SSO and other niceties.

For me, (1) and (2) in particular make it a huge value add over managing Wireguard setup, configs, and firewall rules manually.

SchemaLoad 3 hours ago | parent | prev | next [-]

Tailscale is Wireguard but it automatically sets everything up for you, handles DDNS, can punch through NAT and CGNAT, etc. It's also running a Wireguard server on every device so rather than having a hub server in the LAN, it directly connects to every device. Particularly helpful if it's not just one LAN you are trying to connect to, but you have lots of devices in different areas.

zeroxfe 3 hours ago | parent | prev | next [-]

> Plex is just sugar on top of file sharing.

right, like browsers are just sugar on top of curl

edoceo 3 hours ago | parent [-]

curl is just sugar on sockets ;)

epistasis 2 hours ago | parent [-]

SSH is just sugar on top of telnet and running your own encryption algorithms by hand on paper and typing in the results.

Frotag 4 hours ago | parent | prev | next [-]

I always assumed it was because a lot of ISPs use CGNAT and using tailscale servers for hole punching is (slightly) easier than renting and configuring a VPS.

drnick1 4 hours ago | parent | prev | next [-]

> Kind of like how "pi-hole" is just sugar on top of dnsmasq, and Plex is just sugar on top of file sharing.

Speaking of that, I have always preferred a plain Unbound instance and a Samba server over fancier alternatives. I guess I like my setups extremely barebone.

ryandrake 3 hours ago | parent [-]

Yea, my philosophy for self-hosting is "use the smallest amount of software you can in order to do what you really need." So for me, sugar X on top of fundamental functionality Y is always rejected in favor of just configuring Y."

atmosx 4 hours ago | parent | prev | next [-]

You don’t have to run the control plane and you don’t have to manage DNS & SSL keys for the DNS entries. Additionally the RBAC is pretty easy.

All these are manageable through other tools, but it’s more complicated stack to keep up.

mfcl 4 hours ago | parent | prev | next [-]

It's plug and play.

Forgeties79 3 hours ago | parent [-]

And some people may not value that but a lot of people do. It’s part of why Plex has become so popular and fewer people know about Jellyfin. One is turnkey, the other isn’t.

I could send a one page bullet point list of instructions to people with very modest computer literacy and they would be up and running in under an hour on all of their devices with Plex in and outside of their network. From that point forward it’s basically like having your own Netflix.

Skunkleton 4 hours ago | parent | prev [-]

Yes, that is really all it is.