Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
mightyham 4 hours ago

Genuinely curious: is Tailscale actually providing any values to this use case beyond what you get from a raw Wiregaurd exit node with port forwarding instead of Tailscale's NAT traversal? I've never used Tailscale, but I have a Wiregaurd setup on my home server for the same purpose as described in the article, and I've never had any issues with it.

Edit: Noticed some sibling comments asking effectively the same thing as me. I've been meaning to write a blog post covering the basic networking knowledge needed to DIY with just Wiregaurd. My impression is that many people don't realize just how easy it is or don't have the requisite background information.

pkulak 4 hours ago | parent | next [-]

If you're just doing hub-and-spoke anyway, yeah, you can do it yourself. I did for years. But holy smokes, is it a PITA to manually copy keys around to devices; especially when they might not even be yours. I have my Tailscale account hooked up to my self-hosted identity server and now it's just a matter of logging in on whatever device I want to be on the network.

Plus, I have the option of spinning up a random EC2 box whenever I want and instantly joining it to the network with basically no fuss.

windexh8er 2 hours ago | parent | next [-]

I feel like articles like this do Tailscale a disservice to a certain degree. Most people know Tailscale helps with managing the mesh of connected devices. And as many people have said here you can do this manually with Wireguard, Netbird, Nebula, ZeroTier and many others. Why Tailscale is so helpful is the ACL system. I have about 40 devices connected to my Tailnet and depending on tags devices can or can't access direct communication and also certain exit node networks. Traditional VPNs generally suck because you dump out of a host and have flat access to everything. Tailscale allows you to segment access without disrupting general Internet access with minimal friction and ACLs allow segmentation to happen at the user / device level. Most people aren't using Tailscale ACLs, in fact I rarely hear it discussed. Also the article fails to mention Tailscale Peer Relays [0] which decreases the dependency on DERP relays significantly and are controlled by, you guessed it, ACLs.

[0] https://tailscale.com/blog/peer-relays-beta

stonecharioteer 33 minutes ago | parent [-]

Hey, OP here. Thanks for the feedback. I will dive deep into this too!

mightyham 4 hours ago | parent | prev [-]

I have a phone and laptop; those are my only two "mobile" devices that I might ever use to access my home network remotely. I set them up once, it took a few minutes, and I won't have to do it again unless I replace one of them.

I can completely understand using Tailscale for enterprise networks, but it seems very overengineered for my personal VPN needs.

ddxv an hour ago | parent [-]

How do you handle home network IP changes?

nighthawk454 4 hours ago | parent | prev | next [-]

It has plenty of useful control plane features out of the box. Nothing much you _couldn’t_ do yourself but you don’t have to. Or with Headscale as the self-hosted open-source version

f33d5173 4 hours ago | parent | prev [-]

Dynamic IP addresses.

ectospheno 4 hours ago | parent [-]

Update your DNS when it changes. Pretty trivial.

f33d5173 4 hours ago | parent [-]

Yeah I tried writing a script for that, but at a certain point using an off the shelf tool that does everything is easier.