|
|
|
|
|
|
by hnarn
765 days ago
|
|
|
This sounds very similar to Head- or Tailscale, nice to see some alternatives to managing wireguard networks. Is there a comparison anywhere to understand what functionality overlaps, what is added, what differs and what will perhaps never be implemented? |
|
|
But I'll try and give a basic run down on the differences/similarities.
Wag is good for hub and spoke design where you want to have a hard boundary, rather than a tailscale-esque mesh where everything touches everything and then the rules define the overlay.
Both wag and tailscale add SSO integrations and effectively 2FA for securing your users.
And both of us have a way to enroll and a web UI to manage things, although I'm sure TailScale is much more polished considering I'm one guy who doesnt like web development.
As for things Im definitely not going to implement, probably interception or a TLS proxy to redirect users once their session logs out. Primarily just because doing that in eBPF is a little bit beyond me right at this second, and I dont feel like writing the DNAT/SNAT components I'd probably have to in order to get it working