Comment on Friendly reminder that Tailscale is VC-funded and driving towards IPO
Wahots@pawb.social 9 months ago
Are there better alternatives? I was planning on using tailscale until now. :P
I use Nebula. It’s lightweight, well-engineered and fully under your control. But you do need a computer with a fixed IP and accessible port. (E.g. a cheap VPS)
You can also use “managed nebula” if you want to enjoy the same risk of the control point of your network depending on a new business ;-)
A bunch really, Headscale with Tailscale client, Nebula VPN, Netmaker, Zerotier.
ive been eyeing up netbird but havnt got around to trying it yet. its fully open source at least, and theyre based in germany is anyone cares about that
i used netbird heavily at my last job and i use it for a few things at home. it works pretty well.
Just looked at NetBird, it looks suspiciously similar to Tailscale in what it does except they also got an open-source control server. They have self-hosting doc right in their web site. Looks interesting. Can’t find much about the company other than it’s based in Berlin and it’s currently private - Wiretrustee UG.
What’s the difference with their open-source control server, from headscale? That it’s officially published by the company?
Wireguard.
Many various ways to manage it, and it's built in to most routers already.
I decided to experiment a bit with Headscale when the wg-easy v15 update broke my chained VPN setup. Got it all set up with Headplane for a UI, worked amazingly, until I learned I was supposed to set it all up on a VPS instead and couldn’t actually access it if I wasn’t initially on my home network, oops.
I might play around with it again down the road with a cheap VPS, didn’t take long to get it going, but realistically my setup’s access is 95% me and 5% my wife so Wireguard works fine (reverted back to wg-easy v14 until v15 allows disabling ipv6 though, since that seemed to be what was causing the issues I’ve been seeing).
Why does it need to be on a VPS? It seems to work on a home network when I played around with it.
Well a VPS or an exposed service, but I feel like the latter ends up somewhat defeating the purpose anyway.
When running locally (not exposed), it worked great until I tried to make the initial connection from mobile data - can’t establish a connection to headscale if it can’t reach it in the first place. Unless I’m mistaken, the headscale service needs to be publicly accessible in some way.
Pivpn is really easy, and since pivpn is just scripts, it always installs current wireguard even if they lax on updating pivpn that often.
I use the built in wireguard VPN in my router. If you just need local network access elsewhere it’s usually really easy to setup if your router provides it. I would look into it!
For me personally, the next step is using Headscale - a FOSS replacement of the Tailscale control server. The Tailscale clients are already open source and can be used with Headscale.
Someone else could give other suggestions.
I’ve been meaning to switch from Tailscale to Headscale but I have been to busy. Do you have any instructions, write-ups/walk-thrus you could recommend to set this up? I have three sites with 1GB internet I can use. One has a whole house UPS but dynamic IP, another has a static IP but no UPS, and the third is Google fiber with no UPS, but I can use the app to get the current IP anytime. I also own a number of domain names I could use.
No writeups. I tried following the Headscale doc. Set it up on the smallest DigitalOcean VM. Worked fine. Didn’t use an UI, had to add new clients via CLI on the server. When I set it up for real, I’d likely setup a UI as well and put it in a cloud outside of the US. It would work at home too but any other connection would die if my home internet dies or the power does. E.g. accessing one laptop from another, or accessing the off-site backup location.
lone_faerie@lemmy.blahaj.zone 9 months ago
Depends on your use case. If you’re just looking to expose services and are ok having them publicly accessible, there’s Cloudflare Tunnel, or you can run WireGuard on a cheap VPS