Hacker News new | ask | show | jobs
by cassianoleal 1539 days ago
> 2. Open the WireGuard port to the Internet (don't worry, it's invisible)

Not quite the same. Opening a Wireguard port to the Internet doesn't help if the port is unreachable due to weird NATting.

My home ISP puts me on CGNAT so I have no IPv4 access to my network. If I'm out and on a v4-only network, I can't connect to that Wireguard instance without going through other hoops (like a "bastion" Wireguard peer on a dual-stack host, for instance). With Tailscale, it Just Works.
1 comments
adamcstephens 1539 days ago
You're likely going through a Tailscale relay when you're out of your house too. It's still an extra hop through their servers, but yes it "just works".
link
cassianoleal 1539 days ago
According to them, not necessarily [0]. They do have relay servers (they call them DERPs) [1] but they're only used in rare situations where UDP is blocked entirely.

I admit I wasn't able to understand most of those explanations so I could be wrong. :)

[0] https://tailscale.com/blog/how-nat-traversal-works/

[1] https://tailscale.com/blog/how-tailscale-works/#encrypted-re... under "Encrypted TCP relays (DERP)"

link