As OP said, it’s fine if you still use some corporate services, I think this one should be in the bottom of the list
Wireguard can easily replace simple Tailscale usages, like if you only have 2 nodes to connect and have a static IP address. One thing Tailscale is good at is creating a mesh network, where if you have more than 2 nodes, you only need to configure each one to connect to the central server which will allow the nodes to connect to each other (internally it uses a wireguard connection). With plain wireguard if you have 4 nodes, you need to configure on each one the configuration to the 3 other. Another thing Tailscale is good at is Nat hole punching, if your ISP provider doesn’t give you a static IP address or if you don’t want to open a port in the firewall of your home router, Tailscale will allow you to access services hosted on your local network (another commercial solution for this is cloudflare tunnel), wireguard doesn’t provide this
When you’re using tailscale, they get a lot of metadata about your hosts, but the data transfered between your nodes is encrypted (by wireguard)
By replacing the tailscale servers which are ran by the tailscale company with headscale which is the self hostable open source solution, tailscale won’t be able to get the metadata of your nodes. Tailscale clients are oss and compatible with headscale, but headscale is not on par for features (like tailscale serve or funnel).
For headscale to really make sense it usually needs to run on a pubicly accessible host like a vps, and not in your home network. Another selfhosted alternative to tailscale, which have totally different approach, is pangolin
Hope this helps
7U5K3N@lemmy.dbzer0.com 4 days ago
Wireguard is stupid easy.
I run a docker container using docker compose. Put in my bits of info on the compose file…
Launch the container and scan a QR code with my phone app.
Done.
Openvpn was out to door when I saw how easy wireguard is