Hacker News new | past | comments | ask | show | jobs | submit login

Then why go with tailscale in the first place?

There is slacks nebula and other options that are completely self-hosted from the start.

Feels like such a weird hype around tailscale.




I feel like a lot of hype around Tailscale is because it vastly simplifies VPNs and their associated networking, especially for businesses, startups, or homelabs where the focus might be elsewhere or specific talent is unavailable. The problem arises when folks don't quite understand why specific decisions are being made, or use the product in nonstandard (or even negative) ways. I've seen stories of folks deploying Tailscale on every machine in their LAN, thinking that secures their traffic; using it to cross boundaries in the firewall or router between secure and insecure VLANs; and using it to connect to servers in lieu of a proper router or firewall with appropriate ACLs.

Tailscale is an excellent piece of software, provided it's implemented in a way to emphasize security, and not weaken it. In OPs case, being used as an accessibility aide to a system that couldn't be secured any other way while preserving external access (in their case due to CGNAT) was an excellent use of Tailscale.


Yeah, I mentally sum this up as the "Just Works" factor. As a happy Tailscale user, it's easy to see why it's so popular.

I do think this simplicity is exactly what contributes to those weird and non-standard configurations.


> I do think this simplicity is exactly what contributes to those weird and non-standard configurations.

This is why I am confident I will always have employment in IT. As I make things simpler for others to use, they in turn will find new and innovative ways of making my eyes bleed from cursed workflows that once again require professional intervention for simplicity, efficiency, and security.


> I feel like a lot of hype around Tailscale is because it vastly simplifies VPNs and their associated networking

Tailscale is based on Wire Guard, isn’t it? Now there’s a piece of software that truly made VPNs simple. I have a tunnel back into my LAN by way of an EC2 instance and all it took was two super simple config files on each machine.


Wireguard vastly simplifies the transport level, and attains high performance because it runs in the kernel.

Tailscale simplifies: authentication (including OIDC), authorization (via ACLs), DNS, NAT piercing. All of that is not obvious or easy for someone without deeper expertise.


But you demonstrately did not make it easy or simple.

Of course there are tons of alternatives even if you are behind CGNAT. Nebula is but one.


I self host tailscale with headscale [0].

[0]: https://github.com/juanfont/headscale


They have nice clients (e.g. for MacOS, Tizen). Ofc headscale is a thing, but if you have a company, it's also nice to have someone to yell at if your mission-critical tailnet suddenly b0rks.

Imo they don't charge all that much relative to their value, depending on who you're asking.


have you ever managed a tailnet? it's so easy.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: