[HN Gopher] Tailscale free for open source projects ___________________________________________________________________ Tailscale free for open source projects Author : tosh Score : 86 points Date : 2021-09-17 20:18 UTC (2 hours ago) (HTM) web link (tailscale.com) (TXT) w3m dump (tailscale.com) | adammenges wrote: | Just set this up on my NAS, it's so helpful. Really hope their | business tier proves profitable, these free/easy features for | personal account are great. | lostlogin wrote: | It's also ludicrous how easy it is to setup. The website claims | it takes minutes. It took minutes, but only because I sat there | _with it working_ trying to work out how I finished the config. | After cursing the brevity of the documents I realised that they | were complete and it was actually running. Total setup was less | than 10 minutes, maybe even 5 minutes. | | The steps are basically: | | "Step 1: Sign up for an account | | Step 2: Add a machine to your network | | Step 3: Add another machine to your network" | | https://tailscale.com/kb/1017/install/ | prox wrote: | How does it pass your firewall? Is it through the client for | each machine? | dave_universetf wrote: | Tailscale adds a layer of NAT traversal logic on top of | regular WireGuard, so in most cases you end up with p2p | WireGuard tunnels between your devices, as if the NAT | wasn't there. https://tailscale.com/blog/how-nat-traversal- | works/ has the gory details, it's less easy than I just | made it sound :) | prox wrote: | Haha, thank you. Going to read that. | wp381640 wrote: | the setup is such a pleasure to use - they've really nailed | the onboarding and are a great example for other startups | probotect0r wrote: | I'm currently looking into implementing a VPN setup on AWS to | allow my team to access services in private subnets. Tailscale | seems great but too pricey for our small company. I'm playing | with Pritunl now, but looking for other suggestions. Ideally I | want to have some SSO functionality so we don't have to manage | users and the team can log in with their company Google account. | Any suggestions for this type of setup? | alephu5 wrote: | Wireguard isn't so good for mesh networks because every new | node requires reconfiguring all the others. Even with | management utilities this is a pain, so instead I recommend | something like nebula https://github.com/slackhq/nebula | 3np wrote: | Not necessarily. You can have one or several (potentially | load-balances) "gateways" which act as entrypoints into | subnets. | | At some point you'll probably want to integrate with some | identity management , but dozens of users and hundreds of | servers are totally fine to manage as yaml in ansible IME. | [deleted] | whalesalad wrote: | WireGuard. Run it on a bastion box. There isn't a batteries | included tool I know that's good at this. The WireGuard | ecosystem means you gotta glue a lot of OSS stuff together. | | tldr make sure the bastion box can reach the stuff you need it | to reach as far as subnets and security groups go, ensure | kernel will fwd traffic from WireGuard clients, run WireGuard | daemon, and expose it to the outside world via eip. I'm | oversimplifying (dns, sec groups, routing client traffic to | other subnets) - but hopefully that explains the gist. | | I have a small Python script that takes a XLSX file as input | and populates a dir with config files and QR code images for | each user. | | Or you can check out some of the OSS ways to do self-service | vpn mgmt with a web UI that authenticates against Google auth. | I haven't deployed this yet but it looks cool | https://github.com/subspacecloud/subspace | | If you know this sort of tech well it is not hard to deploy and | manage yourself. But tailscale has a really killer clientside | experience and "just works" so honestly it might be worth the | $$$ | brunoqc wrote: | I wish there was something like tailscale but without a central | server. | josephcsible wrote: | Isn't that just vanilla WireGuard then? | bradfitz wrote: | Tailscale without a central server is raw Wireguard, basically. | You can do that but then you lose Tailscale's automatic NAT | traversal and packet relay fallbacks for when UDP is blocked or | NAT traversal fails. | | Or you can self-host Tailscale with | https://github.com/juanfont/headscale if you want. | ignoramous wrote: | tailscale _is_ p2p. IIRC, centralization is mostly for the | control-plane (dns configuration, network configuration, flow | logs, authn) and to route around unyielding NATs (without | compromising on WireGuard 's _crypto-key_ routing). | api wrote: | You can self-host ZeroTier controllers. Also gives you | unlimited devices that way. | 1MachineElf wrote: | You might want to consider innernet. It's still got a central | server, but it's self-hosted and similarly easy to deploy. | Check it out here: https://github.com/tonarino/innernet | sockaddr wrote: | As others have noted, just self-host a Zerotier controller. | It's what I do. | razemio wrote: | Can someone explain to me why I would use this instead of | zerotier? Are there benefits I haven't seen? | | EDIT: https://tailscale.com/kb/1139/tailscale-vs-zerotier/ | | That is a very fair writeup for a competing product. Nice! | collegeburner wrote: | I wonder, does either have "magic DNS" where I can access | machines by their hostname or hostname.local or | hostname.intra.mydomain? Last I checked zerotier had added a | push dns feature but not on linux which is a deal breaker. | api wrote: | mDNS/Bonjour will work on small-medium sized networks since | multicast works. | lacrosse_tannin wrote: | https://github.com/zerotier/zerotier-systemd-manager | collegeburner wrote: | That's lit, thanks for sharing. So nice to see thats | working and I can start using zerotier for real! I think | this is an underappreciated convenience for people running | smaller networks. | tomjakubowski wrote: | Tailscale offers exactly that, and even calls it "MagicDNS"! | https://tailscale.com/kb/1081/magicdns/ | joshxyz wrote: | Up for this. Zerotier is very easy to set up too and quite | stable in our experience. | nomdep wrote: | Could anyone please tell me what is Tailscale for? It allows you | to connect to other computers in your home? For doing what? | kevinsundar wrote: | Been using tailscale for over a year and a half to get access to | HomeAssistant running on a box at home from my iPhone wherever I | am. Works great, have never had any issues. The iPhone app | connects quickly. | hikerclimber1 wrote: | everything is subjective. especially laws. ___________________________________________________________________ (page generated 2021-09-17 23:01 UTC)