[stdgy]

I'm afraid I don't have a lot to add to this conversation but I have to say I just love Tailscale. I don't often run across software that feels so right and when I do it's a great surprise. Every time I see a new feature they're releasing I'm always impressed at how adept they are at targeting modern pain points.

I grew up and got into software by messing around with self-hosting web servers and game communities as a kid. As time has gone on I felt like we had lost some of the magic of easily sharing your machines and your creations with other people. We have a ton of services where you can now deploy and share your creations, but we've moved further and further away from direct sharing. There were plenty of good reasons why this has happened, with security being the most obvious factor, but it still makes me a little sad. I want my things to be able to talk to each other no matter where I am. I want to be able to invite my friends in and have access to my stuff.

Tailscale makes all of that quick, easy and awesome. I think it's really neat, makes me feel like a little nerdy kid again.

[b7r6]

> I'm afraid I don't have a lot to add to this conversation but I have to say I just love Tailscale.

Strongly seconded. In my last company we used TailScale in some medium-advanced configurations, and from the dead-simple basic stuff up though some of the trickier stuff it's just a joy to use.. It's making much better networking practices highly-accessible and I'd bet ends up making the Internet a more secure, better organized system as a whole.

They run an amazingly transparent engineering process, for example their issue page (https://github.com/tailscale/tailscale/issues) is a model of transparent, responsive, involved open development. They embrace cool, modern, quirky stuff like NixOS (https://tailscale.com/blog/nixos-minecraft/). It's just generally really high-quality software developed with a very cool "hacker" philosophy.

TailScale is IMHO the coolest place to work right now, and something that almost any software company should look at if they do any networking.

If there's anything not to love, I can't see it. :)

[mikae1]

Tailscale is cool, but if we focus on the product that this post discusses, Funnel won't give you the ability to use your own domain name. Cloudflare Tunnels will do that though. I will continue to use Tunnels.

[teekert]

I feel the same! Absolutely love Tailscale. I really hope they don’t change, I also love their philosophy.

Only thing atm I don’t like it the battery use on my iPhone. But it’s well worth it.

[bradfitz]

> Only thing atm I don’t like it the battery use on my iPhone. But it’s well worth it.

FWIW, that's a very high priority currently by a number of people at Tailscale. We're working on it.

[teekert]

That’s great to hear! I’ve been turning TS off and on when accessing services to make it through the day, but as soon as the battery use goes down (to plain wireguard app levels) I’ll be using it for DNS as well. Then it will truly be TS all the things for me.

[neilalexander]

Is this due to keepalives or is there something else going on?

[bradfitz]

There's a number of things. (at least four kinda five things you might mean by "keepalives", and the answer is all of them, so yes, and then others.) The same code that runs on iOS and Android also runs on Linux servers (where it was originally developed) where battery or perfect network efficiency wasn't really a top concern. When that code was moved to mobile, a few efforts were made to improve behavior on phones but not enough.

We're also working on measurements to make sure we objectively fix things and don't regress later in the future once it's fixed.

[neilalexander]

Looking forward to progress in this area, thanks for your efforts!

[herpderperator]

> As time has gone on I felt like we had lost some of the magic of easily sharing your machines and your creations with other people.

> I want my things to be able to talk to each other no matter where I am.

What isn't easy about forwarding packets destined for port 80/443 of your public IP to the local service in question and being a part of the public Internet like things were from the start?

Using Tailscale is the opposite of self-hosting, you're bringing someone else's third party service in, and adding more complexity and another point of failure.

[modernpacifist]

> What isn't easy about forwarding packets destined for port 80/443 of your public IP to the local service in question and being a part of the public Internet like things were from the start?

- Not every home internet service gets a publicly routable IPv4 address anymore (e.g. CGNAT)

- Not every home internet service gets a static IPv4 address so folks have to handle DynDNS

- Not everyone is comfortable exposing their home network IP address in DNS (Tailscale only shares the endpoint IP once the endpoint is auth'd onto the network)

- Not everyone is comfortable configuring heavy auth/fail2ban/app layer safeties (Tailscale makes the services uncontactable unless you are auth'd into the Tailscale network)

- Not everyone is comfortable/can be bothered configuring Wireguard in highly dynamic environments

> Using Tailscale is the opposite of self-hosting, you're bringing someone else's third party service in, and adding more complexity and another point of failure.

Self-hosting need not be a zealot position - rather one can pick and choose what makes sense for them. Tailscale allows you to build your own network where all the nodes are auth'd (and tailscale lock means you don't even need to trust their keys by default) and non-public internet routable but still globally reachable from known safe devices. This can actually make folks more comfortable with self-hosting their own stuff since it removes so many other considerations. There is also headscale if folks want to self-host the coordination server.

Some argue that a third party service adds complexity and a point of failure. I'll point out that configuring a self-hosted publicly exposed thing from scratch for the first time has a rabbit hole of unknown complexity to the uninitiated. A tool like Tailscale can remove some of those complexities allowing focus on others.

[Arnavion]

>- Not every home internet service gets a static IPv4 address so folks have to handle DynDNS

For anyone who has only this specific problem out of your list, one solution is to get an HE tunnel. It's what I do.

If my ISP ever gets off its ass and implements IPv6 like it promised three years ago, I'll consider using that directly, though its current indication is that the IPv6 addresses will be dynamic for non-business customers which defeats the purpose.

[xena]

I have gigabit fiber and it's IPv4 only. My ISP blocks incoming ICMP messages so I can't set up a HE tunnel. I used to use Route48, but they shuttered due to abuse, so I don't know what to do anymore.

[Arnavion]

A non-free solution would be to have a VPS or a cloud VM act as the public endpoint + wireguard server.

[aborsy]

Wireguard config is few lines (interface addresses, keys, AllowedIPs, post up and down). Simpler than SSH. You can run it on a cloud instance close to users.

Tailscale is still simpler and provides additional features. A small team or startup will appreciate Tailscale’s access controls.

[modernpacifist]

For a pure client/server VPN between two devices sure, but I think that’s where the equivalence between Tailscale and “some lines of config” end.

[klabb3]

> What isn't easy about forwarding packets destined for port 80/443 of your public IP to the local service in question and being a part of the public Internet like things were from the start?

Most of the evil in the world currently can be traced back to NATs and dynamic IPs.

In a more general sense, I think these compromises were made available because of a consumerist attitude towards the internet. Yes, we had a real issue with ipv4 exhaustion, but it if it affected businesses who couldn’t even host a website anymore, would this really have been an issue still? More likely people said that these things were an ok workaround because consumers don’t need X anyway. Sometimes these smart hacks engineers are so good at coming up with invalidate crucial invariants about the systems we love.

[ehPReth]

If only IPv6 became a thing....

Now we have "IPv4 scarcity" and CGNAT bullshit :/

[throwaway689236]

Why is it not becoming a thing though? Are ISPs just lazy and IPv4 is good enough for most people?

[spmurrayzzz]

> As time has gone on I felt like we had lost some of the magic of easily sharing your machines and your creations with other people. We have a ton of services where you can now deploy and share your creations, but we've moved further and further away from direct sharing.

This is interesting, as it hasn't been my experience on the hobbyist side (game servers, personal projects, etc). ngrok, localtunnel, tunnelmole, rathole, tunnelto, zrok, et al. If the use case is just sharing something you built thats behind NAT / on a private subnet, there is no shortage of solutions.

[qwertox]

I constantly read good things about Tailscale, as well as to a lesser degree Cloudflare, that I think I'm missing out.

But I've experienced so many times that companies change things and this can mess up the workflow or infrastructure really bad, adding days of work to implement an alternative.

With your hype, how much do you trust that you can rely on Tailscale? Should I feel safe when giving them control?

[b7r6]

Any company can take a turn for the worse, and any time you've got SaaS deep in your stack there's risk there.

I can only say that I worry about TailScale growing up to be evil the least of basically every SaaS company I've ever used. They seem extremely serious about making the interaction a "win/win" and keeping it that way as they grow.

[lxe]

Just want to ad to this statement. Highest quality piece of software I've used in a while.