[alex_dev]

I've been having trouble adopting Tailscale. As so many others say, relying on another identity provider is unfortunate - I, too, worry what happens when Google decides to lock me out because some algorithm decided my account is fishy.

The biggest blocker has been the issues with the Android client. I'm either hitting https://github.com/tailscale/tailscale/issues/915 or https://github.com/tailscale/tailscale/issues/4611, but neither issue appears to have a fix coming soon. Whenever I am on my carrier's network, my phone's internet stops until I disable Tailscale - that's just a show stopper from using TailScale.

So instead of developing this SSH feature, I would have preferred to seen them work on their bug backlog.

In the meantime, I'm experimenting with ZeroTier. While it doesn't have the ease and cool magicDNS+LetsEncrypt feature, I think I'll survive with something more reliable.

[viraptor]

Are you after the LE part specifically? If not, I'm quite happy with mdns and the seems to be a unicast version available too:

https://www.zerotier.com/2021/05/06/zeronsd-unicast-dns-reso...

For public domains, I've got a quick script which mirrors what appears in avahi to route53, so that's one way to deal with certs.

[alex_dev]

I appreciate that Tailscale runs the DNS server so it's one less thing for me to manage. Similarly, the built-in LE is just icing on the cake as it's one less thing to think about. Once https://github.com/hassio-addons/addon-tailscale/pull/89 is merged, running Home Assistant on a VPN with a LE certificate, would be such a quick setup for anyone.

Indeed, you can do all that yourself as you point out. Just last night I manually created a public domain to point to a ZeroTier address and ran the Lets Encrypt addon in Home Assistant to generate a certificate via the DNS challenge. Didn't take long, but there were many steps involved (creating a Google Cloud service account and configuring everything).