|
|
|
|
|
|
by k8sToGo
132 days ago
|
|
|
First of all, if you have a mesh you don't have to connect to home server to talk to other devices in the same network. They connect to each other. Second it's super easy to add a new device. Managing wireguard keys is annoying. Third I don't have to open the port, worry about ddns etc. Finally, for me it allows me to manage my DNS easily and I can leave tailscale running at all times. Also good luck implementing ACL on your own. I don't see an issue with them logging when I connect to my stuff. The convenience for me is worth it more than the risk. |
|
|
Devices in home LAN all talk to each other, so you have a mesh network.
You need keys for your laptop, phone and remote devices only. Most nodes are in LAN and don’t need to even run VPN.
With plain Wireguard, you open a single port in a single device. With mesh VPNs you open tons of ports: several ports in coordination, STUN and relay servers, also every device runs a vpn server listening to a port.
You VPN to home and use your home DNS. Your enter ACL rules and DNS server in your router.
I use a mesh VPN but I’m thinking of switching back to Wireguard, my older setup.