Hacker News new | ask | show | jobs
by tonyarkles 929 days ago
Yeah, I think "Just" is doing a lot of heavy lifting in that question :)

I've never configured Wireguard from scratch but I have managed an OpenVPN deployment in the past. One of the most fabulous aspects of Tailscale is that it's very self-served; we configured our Tailscale account to allow email addresses from our main domain name with O365 integration. When someone wants to bring a new node online, they log in with their O365 credentials and magically new keys are assigned to the node and associated with the user who created them. In the past with the OpenVPN deployment, it would usually take me 15-30 minutes to get a new node online (generating keys, getting them handed off to the user, helping them debug, etc); now it takes me 0 minutes because the user can just generate their own keys and I can be completely hands off, while still having a nice view that I can use to revoke keys if needed.
1 comments
belval 929 days ago
To be fair, Wireguard is incredibly easier to setup and maintain than OpenVPN, pretty much not comparable. I don't know how easy it is with Tailscale though so I can't comment as to how much harder Wireguard is compared to it.
link
tonyarkles 929 days ago
I haven't tried setting up Wireguard manually but just had a scroll through this page: https://www.wireguard.com/quickstart/

In comparison here's the Tailscale setup instructions: https://tailscale.com/download/linux. If you're into running shell scripts that you pull with curl, you can set up Tailscale on a new node with:

    curl -fsSL https://tailscale.com/install.sh | sh
    sudo tailscale up
This will present you with a login link that you can open with a browser on another machine (I frequently install Tailscale on embedded systems), log in with your company SSO, and the node magically comes up. No server access required, no public/private keys need to get copied anywhere, it Just Works.

I will probably try playing with naked Wireguard at some point for my own home network (since the Tailscale client doesn't seem to handle two orgs at the same time very well).

link