[nativeit]

> Headscale seems to have nailed down the part of bypassing the firewall and doing fancy NAT-traversal

Did they really roll-their-own for those functions? I thought this was just a control layer on top of Tailscale’s stock services on the backend, are they facilitating connections with novel methods? Apologies if I’m asking obvious questions, I use ZeroTier pretty regularly, but I am not too familiar with Tailscale.

[bingo-bongo]

They have a really great in-depth blog post describing how they do it: https://tailscale.com/blog/how-nat-traversal-works

[jacobtomlinson]

This is a fascinating read!

[throawayonthe]

i think they mean headscale's implementation specifics

[xrd]

Can you share why you use ZeroTier over Tailscale? I run several headscale control planes and it really is nice to self-host. But, I'm curious about other options.

[password4321]

Not OP but I'm on ZeroTier because it was one of the best free tiers available before Tailscale could run as a Windows service.

Also I believe it implements a lower layer of the network stack so more options are supported, though I haven't needed to investigate in detail.

[password4321]

More ZeroTier 3 years ago: https://news.ycombinator.com/item?id=30283987#30284754