We use it at work. All our services run on private IPs on our own vnets, and we access them with Tailscale. We don't need to run a VPN tunnel, or manage public IPs and firewall rules.
Technically maintaining your Tailscale ACLs is the same as maintaining “firewall rules”. If you’re allowing any-any on your tailnet you are in a world of hurt if any endpoint gets compromised by e.g. ransomware.
We use Tailscale at $dayjob and the fact that we can ensure that marketing machines can’t access any engineering resources is the big win. And it “just works” through NAT.
We use Tailscale at $dayjob and the fact that we can ensure that marketing machines can’t access any engineering resources is the big win. And it “just works” through NAT.