Comment on Current Best Remote Access Method?
Atemu@lemmy.ml 7 months agoTailscale’s official clients are FOSS on free platforms and there is an officially endorsed FOSS back-end (headscale) if you wanted to self-host a fully FOSS environment.
Of course, hosting headscale requires a public server which you may not want or have the ability to host and in those cases, using their proprietary back-end as a service is absolutely fine in my books.
As a company, Tailscale has generally struck me as quite the opposite of “garbage”.
dan@upvote.au 7 months ago
Their proprietary server doesn’t really do a lot, and most of the logic is in the clients. The server mostly handles configuration (both setting things up and distributing the configs to the clients), public key exchange, and various auxiliary features.
Your VPN nodes will almost always communicate directly with each other, either by connecting directly, or by UDP hole punching. Tailscale has relay servers that help nodes connect when both are behind restrictive firewalls or NAT, and this is open-source.
Atemu@lemmy.ml 7 months ago
Hmm, their BE still does a bit as it facilitates the connection of two devices with another. The clients are independently connected to it and if two want to talk with another, they first talk to the BE to coordinate the firewall piercing on both ends.
Still, given that an OSS re-implementation exists and is in no danger of being canned (TS went ahead and hired the person who made it lol), it being proprietary isn’t a big deal.
dan@upvote.au 7 months ago
This is the NAT hole punching I mentioned in my post, which as far as I know uses the relay servers (which are open-source) and not their proprietary server. Sometimes systems can reach each other directly (for example, if you forward port 41641) in which case they can directly connect and you don’t need a relay at all.