[HN Gopher] Tailscale free for open source projects
___________________________________________________________________
Tailscale free for open source projects
Author : tosh
Score : 86 points
Date : 2021-09-17 20:18 UTC (2 hours ago)
(HTM) web link (tailscale.com)
(TXT) w3m dump (tailscale.com)
| adammenges wrote:
| Just set this up on my NAS, it's so helpful. Really hope their
| business tier proves profitable, these free/easy features for
| personal account are great.
| lostlogin wrote:
| It's also ludicrous how easy it is to setup. The website claims
| it takes minutes. It took minutes, but only because I sat there
| _with it working_ trying to work out how I finished the config.
| After cursing the brevity of the documents I realised that they
| were complete and it was actually running. Total setup was less
| than 10 minutes, maybe even 5 minutes.
|
| The steps are basically:
|
| "Step 1: Sign up for an account
|
| Step 2: Add a machine to your network
|
| Step 3: Add another machine to your network"
|
| https://tailscale.com/kb/1017/install/
| prox wrote:
| How does it pass your firewall? Is it through the client for
| each machine?
| dave_universetf wrote:
| Tailscale adds a layer of NAT traversal logic on top of
| regular WireGuard, so in most cases you end up with p2p
| WireGuard tunnels between your devices, as if the NAT
| wasn't there. https://tailscale.com/blog/how-nat-traversal-
| works/ has the gory details, it's less easy than I just
| made it sound :)
| prox wrote:
| Haha, thank you. Going to read that.
| wp381640 wrote:
| the setup is such a pleasure to use - they've really nailed
| the onboarding and are a great example for other startups
| probotect0r wrote:
| I'm currently looking into implementing a VPN setup on AWS to
| allow my team to access services in private subnets. Tailscale
| seems great but too pricey for our small company. I'm playing
| with Pritunl now, but looking for other suggestions. Ideally I
| want to have some SSO functionality so we don't have to manage
| users and the team can log in with their company Google account.
| Any suggestions for this type of setup?
| alephu5 wrote:
| Wireguard isn't so good for mesh networks because every new
| node requires reconfiguring all the others. Even with
| management utilities this is a pain, so instead I recommend
| something like nebula https://github.com/slackhq/nebula
| 3np wrote:
| Not necessarily. You can have one or several (potentially
| load-balances) "gateways" which act as entrypoints into
| subnets.
|
| At some point you'll probably want to integrate with some
| identity management , but dozens of users and hundreds of
| servers are totally fine to manage as yaml in ansible IME.
| [deleted]
| whalesalad wrote:
| WireGuard. Run it on a bastion box. There isn't a batteries
| included tool I know that's good at this. The WireGuard
| ecosystem means you gotta glue a lot of OSS stuff together.
|
| tldr make sure the bastion box can reach the stuff you need it
| to reach as far as subnets and security groups go, ensure
| kernel will fwd traffic from WireGuard clients, run WireGuard
| daemon, and expose it to the outside world via eip. I'm
| oversimplifying (dns, sec groups, routing client traffic to
| other subnets) - but hopefully that explains the gist.
|
| I have a small Python script that takes a XLSX file as input
| and populates a dir with config files and QR code images for
| each user.
|
| Or you can check out some of the OSS ways to do self-service
| vpn mgmt with a web UI that authenticates against Google auth.
| I haven't deployed this yet but it looks cool
| https://github.com/subspacecloud/subspace
|
| If you know this sort of tech well it is not hard to deploy and
| manage yourself. But tailscale has a really killer clientside
| experience and "just works" so honestly it might be worth the
| $$$
| brunoqc wrote:
| I wish there was something like tailscale but without a central
| server.
| josephcsible wrote:
| Isn't that just vanilla WireGuard then?
| bradfitz wrote:
| Tailscale without a central server is raw Wireguard, basically.
| You can do that but then you lose Tailscale's automatic NAT
| traversal and packet relay fallbacks for when UDP is blocked or
| NAT traversal fails.
|
| Or you can self-host Tailscale with
| https://github.com/juanfont/headscale if you want.
| ignoramous wrote:
| tailscale _is_ p2p. IIRC, centralization is mostly for the
| control-plane (dns configuration, network configuration, flow
| logs, authn) and to route around unyielding NATs (without
| compromising on WireGuard 's _crypto-key_ routing).
| api wrote:
| You can self-host ZeroTier controllers. Also gives you
| unlimited devices that way.
| 1MachineElf wrote:
| You might want to consider innernet. It's still got a central
| server, but it's self-hosted and similarly easy to deploy.
| Check it out here: https://github.com/tonarino/innernet
| sockaddr wrote:
| As others have noted, just self-host a Zerotier controller.
| It's what I do.
| razemio wrote:
| Can someone explain to me why I would use this instead of
| zerotier? Are there benefits I haven't seen?
|
| EDIT: https://tailscale.com/kb/1139/tailscale-vs-zerotier/
|
| That is a very fair writeup for a competing product. Nice!
| collegeburner wrote:
| I wonder, does either have "magic DNS" where I can access
| machines by their hostname or hostname.local or
| hostname.intra.mydomain? Last I checked zerotier had added a
| push dns feature but not on linux which is a deal breaker.
| api wrote:
| mDNS/Bonjour will work on small-medium sized networks since
| multicast works.
| lacrosse_tannin wrote:
| https://github.com/zerotier/zerotier-systemd-manager
| collegeburner wrote:
| That's lit, thanks for sharing. So nice to see thats
| working and I can start using zerotier for real! I think
| this is an underappreciated convenience for people running
| smaller networks.
| tomjakubowski wrote:
| Tailscale offers exactly that, and even calls it "MagicDNS"!
| https://tailscale.com/kb/1081/magicdns/
| joshxyz wrote:
| Up for this. Zerotier is very easy to set up too and quite
| stable in our experience.
| nomdep wrote:
| Could anyone please tell me what is Tailscale for? It allows you
| to connect to other computers in your home? For doing what?
| kevinsundar wrote:
| Been using tailscale for over a year and a half to get access to
| HomeAssistant running on a box at home from my iPhone wherever I
| am. Works great, have never had any issues. The iPhone app
| connects quickly.
| hikerclimber1 wrote:
| everything is subjective. especially laws.
___________________________________________________________________
(page generated 2021-09-17 23:01 UTC)