Tailscale… is not that good. The underlying wireguard is robust, but tailscale control plane is completely proprietary, as well as their DERP servers that it too often uses completely needlessly. They can also block you off from downloading it, updating, or logging in, if you happen to be in a wrong country.
I’m myself looking for an alternative to it, but having trouble finding something I could share with non tech savvy friends while not being as complex on my end as, say, open/strongswan ais. Any suggestions welcome.
Have you considered having Headscale on a cheap VPS? We are actually doing that and it is pretty capable. IIRC, you can configure not to use the tailscale servers at all, and use your own public VPS for coordination. Bonus point, tailscale hired the Headscale developer and maintainer, and they are allowed to work on Headscale while on their payroll. The team looks very much into FOSS.
Yep. That’s the number one contender. Well right after overriding default DERP’s with my own VPS machines. I’ll definitely try it out over some weekend.
One of my other concerns with this and other solutions suggested is the reliance on wireguard which can be subject to fingerprinting and censorship. Do you happen to know if it’d be possible to swap out Headscale’s implementation of wireguard to amnezia? I’ll have to do my homework anyway, but who knows, maybe there are some pitfalls to avoid.
Oh, never heard of amnezia. Never needed actually. But it looks like a good improvement on Wireguard. I will need a separate setup to test it out and currently I’m away from home with no clue when I will return. If I happen to find anything, I will definitely ping you.
In the HN page you linked many people mentioned v2ray. Have you tried that? How good is it?
In the HN page you linked many people mentioned v2ray. Have you tried that? How good is it?
Nope, haven’t actually read the comments, just sent the article as reference to the issue. It does indeed sound quite promising. Think it’d be nice to have even if as just a fallback, so I’ll try that too, whenever I get a moment.
What about Tailscale? I know it’s Proprietary software, but still.
Tailscale… is not that good. The underlying wireguard is robust, but tailscale control plane is completely proprietary, as well as their DERP servers that it too often uses completely needlessly. They can also block you off from downloading it, updating, or logging in, if you happen to be in a wrong country.
I’m myself looking for an alternative to it, but having trouble finding something I could share with non tech savvy friends while not being as complex on my end as, say, open/strongswan ais. Any suggestions welcome.
Have you considered having Headscale on a cheap VPS? We are actually doing that and it is pretty capable. IIRC, you can configure not to use the tailscale servers at all, and use your own public VPS for coordination. Bonus point, tailscale hired the Headscale developer and maintainer, and they are allowed to work on Headscale while on their payroll. The team looks very much into FOSS.
Yep. That’s the number one contender. Well right after overriding default DERP’s with my own VPS machines. I’ll definitely try it out over some weekend.
One of my other concerns with this and other solutions suggested is the reliance on wireguard which can be subject to fingerprinting and censorship. Do you happen to know if it’d be possible to swap out Headscale’s implementation of wireguard to amnezia? I’ll have to do my homework anyway, but who knows, maybe there are some pitfalls to avoid.
Oh, never heard of amnezia. Never needed actually. But it looks like a good improvement on Wireguard. I will need a separate setup to test it out and currently I’m away from home with no clue when I will return. If I happen to find anything, I will definitely ping you.
In the HN page you linked many people mentioned v2ray. Have you tried that? How good is it?
Nope, haven’t actually read the comments, just sent the article as reference to the issue. It does indeed sound quite promising. Think it’d be nice to have even if as just a fallback, so I’ll try that too, whenever I get a moment.
I use zerotier personally
https://netbird.io/ maybe?
Headscale worked for me, but I get the non-tech saavy friends part doesn’t quite jive with it as a solution.
Still, anyone wanna ditch Tailscale and only use it for hosting sites across proxies? Headscale is great.
Tailscale is actually a lot more open than you think. The agents are all foss and there is a self hostable version.