It’s a 10 minute read when it should probably be a 2 minute read, likely due to LLMs fluffing it up (I got that vibe from skimming it). But what do you all think, is there anything in here that would compel you to switch from your current VPN solution to this?
There’s nothing I’d like to do more than let the US internet-monopolizing company handle all my vpn traffic /s But without being snarky, for homelabbing purposes just use wireguard directly, it’s fun and not that hard to handle. Automate peer configurations using Ansible or some other automation tool if it gets hard to manage manually.
I’m trying to set up the same at some point. How do you solve the changing IP address problem?
If you’re not dealing with CGNAT, Dynamic DNS (DDNS) is relatively easy to set up, doesn’t require a VPS and is designed specifically for dealing with changing IP address endpoints.
Instead of connecting using your (sometimes changing) IP address, you use a URL that dynamically updates when your IP changes. For instance, with DDNS you would access your home network using mynetwork.ddnsservice.com. The DDNS service returns your current IP and your connection can complete. Most routers have built DDNS clients that update the DDNS service when your home IP changes.
There are various DDNS services out there, but I like DuckDNS. It’s free (or you can choose to donate), easy to set up and has worked flawlessly for me for years.
Yeah, you can’t just use wireguard directly on a home network depending on provider (CGNAT) and you can’t just switch providers as most providers are in a non-compete with other providers. So, Cloudflare Mesh or Tailscale is the best option for those.
See my comment here, https://infosec.pub/comment/21363677
Finally a reasonable person around here.
I always get so close to just setting up wireguard and being done with it. I barely ever change the devices on my tailnet, anyway.
I do have a couple friends on my tailnet to give access to some stuff, so that might be annoying to migrate. That and Tailscale handling all the other networking stuff I might not even know about like cgnat.
Nope. I’m trying to move further away from US proprietary tech, not towards it. I’m currently using Tailscale, but I’m looking at moving to Netbird because it’s open source and European.
Tailscale is Canadian
Tailscale is Canadian
Ah, nice. I actually didn’t realize that. They are also open source friendly https://tailscale.com/opensource I don’t hate Tailscale, btw. They seem nice.
But, I like Netbird lets you self-host the server components. And, an important feature for me, is that Netbird doesn’t require me to create an account with Big Tech to use the service. Right now I created a dummy account with GitHub just to use Tailscale, Netbird just allows me to create a username and password. E-Z P-Z. No extra hoops to jump through.
After switching to Netbird, I’ll be able to get completely off of GitHub.
headscale, an open-source reimplementation of the tailscale control server, exists. I haven’t tried it myself yet, but it claims to be an option for a fully selfhosted tailscale-compatible network.
Yeah, I’m aware of Headscale. I even think it’s cool that Tailscale isn’t trying to kill them: https://tailscale.com/opensource#encouraging-headscale
It’s quite fine, but not as feature complete as the proprietary control plane. My main issue is that it doesn’t support tailnet lock yet, and it’ll take a while before they’ll implement grants instead of the old ACL system
Whoa did not know this, this changes some plans over here.
Hopefully also part of Europe soon. Geologically, our land masses were very closely connected, but it was a few years ago.
As interesting as this is, users are still subject to the whims of a corporation that can completely change their policies each time a new executive is hired.
There’s a graveyard somewhere for apps and services that were free or low cost (and without ads) until the company decided to change their model to restrict or eliminate free usage. Teamviewer, Dropbox, RealVNC, Google Drive, Amazon Prime (ad free) Videos, Duolingo, Youtube, Zoom and Evernote are examples that lots of individuals use.
I’ve personally been bitten by this often enough to avoid any corporation’s “free” service whenever possible.
This could have been you, Mozilla.
sniff
I wanted so much to believe in you
Is it still too late technically? I dont want to quit on Mozilla
TBH I still donate $5/mo to Mozilla. But only because someone has to fund the upstream development of the browser I actually use (and which arguably is the browser Mozilla was supposed to be)
Mozilla really should stop burning money
The only thing I like about this is the pressure it might put on tailscale to make their offering better.
How would you improve Tailscale?
- fix the documentation bug I reported 3 years ago, before it became a problem for stable Linux distributions. Instead of leaving up documentation that literally prevents the client from working and is an even bigger problem for stable distributions now. Yes it’s my pet tiny bug, but how much effort can it really be to rewrite one section with configuration that DOESN’T break the product. I even wrote a suggestion for them.
Off the top of my head:
- Bring your own domain for homelab
- Gateway/httproute support in Kubernetes operator
- allow connecting tailnets to each other
- allow connecting to multiple tailnets simultaneously without ridiculous workarounds
Those last two bullets would be huge. I have a personal tailnet and another for my org. Switching between them is just annoying enough that I might even pay for that feature.
Fuck Cloudflare. Hail Bunny CDN and Netbird.io for private networking instead of Tailscale/Headscale/Pangolin .
I’m switching off cloudflare for my domain/cdn services to Bunny soon :)
Tailscale just works too well for me and I don’t detect too many enshittification markers yet. But I check in on netbird like monthly now lol
Smells like an intelligence agency honeypot.
This likely will have much better performance than tailscale at the cost of being Cloudflare
I wonder if Tailscale has ever really been a performance bottleneck for homelabbers
I’m trying to switch away from Tailscale due to recent changes in management I’ve heard of, but their service is soo easy to use and magicdns is really useful for me
I’ve been using Cloudflare’s Tunnel/Zero Trust for a while now and I find it does the job just jammy. I’m not sure I need Mesh, but I will at least familiarize myself with it.
Dare you to try explaining all this to your elderly relatives.
me: “it makes separate networks seem like they are joined together into a single network”
elderly relative: “like a tv network?”
I dislike tailscale for not having normal authentication.
And then you can’t switch auth provider, I can’t get rid of GitHub account login - it’s honestly infuriating.
