← Back to context

Comment by nine_k

15 hours ago

What makes Tailscale more secure, or more reliable, than just a direct Wireguard tunnel?

Tailscale's complexity and features make sense when you have 200 nodes, or maybe 20 nodes at least. When you have 3-5 nodes, I think it's overkill, and a bunch of extra dependencies which may fail, and lock you out of your private nodes when you need it most.

7 comments

nine_k

Reply
supermatt  12 hours ago

The benefit of Tailscale is that it gives you “lots” of wireguard tunnels that work through NAT with near zero configuration and a central admin interface.

I use a personal plan and have multiple nodes. Desktop, laptop, tablet, phones, docker containers just for me and a couple of raspberry Pis on my families home networks.

Only once have I been “locked out” of a node and that was due to an expired key.

Sure, for just connecting one node to another with a known IP and accessible port it’s overkill, but for anything more complex it an awful lot of awesome for very little effort.

pcpuser  14 hours ago

NAT busting, and no key management. What extra dependencies does Tailscale have?

  • akerl_  12 hours ago

    Well, the dependency on Tailscale's servers, for one. You're getting that NAT-busting because Tailscale is running servers to handle that for you, and you're getting around key management by having them manage your keys and overlay their own auth layer for you.

    • theshrike79  11 hours ago

      You can always run Headscale: https://tailscale.com/opensource#encouraging-headscale

      > Headscale is a re-implemented version of the Tailscale coordination server, developed independently and completely separate from Tailscale. Headscale is a project that complements Tailscale — with its own independent community of users and developers. Tailscale does not set Headscale’s product direction or manage the community, and neither prohibits nor requires employees from contributing to Headscale.

    • sampullman  10 hours ago

      I had a Headscale server running for a few years with no hiccups. Setup was easy, it's not too resource intensive, and you can use the normal Tailscale client.