| ▲ | dimatura 6 hours ago |
| Our company pays for the premium business plan, $18/mo/user. You have to pay for at least the lower tier plan once your team grows beyond a handful of people. And there's several quite useful features (though maybe not essential) on the premium plan like serve/funnel and SSH. On the other hand, I do wonder about zerotier. before tailscale we used zerotier for a few years, and during the first 3-4 years we paid nothing because as far as I can recall there was nothing extra that we needed that paying would've gotten us. Eventually we did upgrade to add more users, and it cost something like $5/mo (total, not per user). |
|
| ▲ | gpm 5 hours ago | parent | next [-] |
| I've used serve/funnel on the tailscale free tier... definitely agree that the team size limit seems like it would move companies to the paid plan though. |
| |
| ▲ | dimatura an hour ago | parent [-] | | I think how it works usually is that they let you use the features from higher tier plans than the one you're on; once you use them enough they send you an email asking to upgrade. That's what happened to us and I've seen other users mention it. Not sure how I felt about it, OTOH maybe it was less friction than explicitly subscribing for some "2 weeks free trial" or whatever but OTOH it did feel weird and unexpected. Anyway, we felt the extra features were worth it so ended up paying. | | |
| ▲ | gpm 43 minutes ago | parent [-] | | Hmm... Ok I checked the pricing page and funnel is available in the free tier (limited to 3 users) but not the $6/user/month tier - which you need for more than 6 users... strange pricing structure but I guess I see the logic. Any chance you were asked to upgrade from $6/user/month to $18/user/month and not free to $18/user/month? https://tailscale.com/pricing#application-networking |
|
|
|
| ▲ | tamimio 5 hours ago | parent | prev | next [-] |
| Zerotier is not the same as tailscale although both can be used to do the same, but under the hood both are fundamentally different, ZT is layer2 like switch, so it’s like an Ethernet meanwhile TS is built on top of wireguard and is layer3. ZT allows broadcast/multicast and has own protocol, TS don’t. I use both among others, and ZT since around 2019, I found it reliable in some cases in IoT world while TS had better throughput in usual applications. |
| |
| ▲ | dimatura an hour ago | parent [-] | | Yeah, they're not direct replacements. I think both models have have their pros and cons. In fact I tried both around when covid shutdowns started (server being in the office, me at home), and liked zerotier better; it was faster, and a more generous free tier. But now tailscale has won out for a couple of reasons; the main one, it's simply less flaky for us on macOS, especially for devs working overseas. No idea why and maybe there's simple fixes (that don't involve repeated connections/disconnections, hopefully). The other, tailscale has a few extra things that are nicer and easy to use like identity-based ACLs, funnel/serve, magicDNS, ssh management, etc. |
|
|
| ▲ | lysace 5 hours ago | parent | prev [-] |
| How do you handle the do-before-thinking devs? Or the kinda low-to-mid performing devs? Most companies has one or a few of those, right? They help the company machine go around by doing the somewhat boring stuff over and over again. Tailscale in a company/developer env seems awesome when you know what you are doing and (potentially) terrifying otherwise. Does someone set up detailed ACLs for what's allowed? How well does that work? |
| |
| ▲ | madeofpalk 5 hours ago | parent [-] | | > How do you handle the do-before-thinking devs? Isn't that exactly what tailscale is built to accommodate - zero trust? You set up ACLs and other permissions to not allow people to do more than the damage you can tolerate. | | |
| ▲ | nickburns 4 hours ago | parent [-] | | Zerconf ≠ zero trust. The difference could not be more material in this context. | | |
| ▲ | tonyplee 3 hours ago | parent [-] | | If both sides of your ssh tunnel (pub,private keys) are under your control, in theory, that's "zero trust". Unless one considers the meta data such as src/dest IP are visible to Tailscale sw. Right? | | |
|
|
|
