I went with GitHub. In the end it’s just an OAuth service, to provide identity. It’s not used to gather data on you (just the same we already share by visiting regular websites).
I’m still gonna lookup Headscale and Wireguard because It’s been on my radar.
Problem with plain Wireguard is if you can’t open ports on some devices to get a direct connection. It should be just fine with hub and spoke model, but NAT Traversal of Tailscale makes a huge difference. I can get a direct connection between 2 devices connected to mobile data and behind CG-NAT.
And also the config management if you have too many devices.
Hub and spoke, you just add new devices to Wireguard on the main device, and the new peer. Full mesh, oof.
But as far as configuring Wireguard goes, that’s pretty simple. And then there’s the weird stuff with MTU and fragmentation… but that’s not something Wireguard-specific.
I avoided tailscale for so long because I was already using wireguard and I didn’t know you could self-host with headscale. But once I started using it with headscale the mesh design really is a big improvement to usability. I don’t miss having to carefully manage my config files and ip route rules.
I need to get setup with app connectors and then I think it’ll finally be a high enough wife-usability factor for me to remove some things I still have exposed over the internet.
nfms@lemmy.ml 3 weeks ago
I went with GitHub. In the end it’s just an OAuth service, to provide identity. It’s not used to gather data on you (just the same we already share by visiting regular websites).
I’m still gonna lookup Headscale and Wireguard because It’s been on my radar.
user224@lemmy.sdf.org 3 weeks ago
Problem with plain Wireguard is if you can’t open ports on some devices to get a direct connection. It should be just fine with hub and spoke model, but NAT Traversal of Tailscale makes a huge difference. I can get a direct connection between 2 devices connected to mobile data and behind CG-NAT.
And also the config management if you have too many devices.
Hub and spoke, you just add new devices to Wireguard on the main device, and the new peer. Full mesh, oof.
But as far as configuring Wireguard goes, that’s pretty simple. And then there’s the weird stuff with MTU and fragmentation… but that’s not something Wireguard-specific.
Toribor@corndog.social 3 weeks ago
I avoided tailscale for so long because I was already using wireguard and I didn’t know you could self-host with headscale. But once I started using it with headscale the mesh design really is a big improvement to usability. I don’t miss having to carefully manage my config files and ip route rules.
I need to get setup with app connectors and then I think it’ll finally be a high enough wife-usability factor for me to remove some things I still have exposed over the internet.