Well, the dependency on Tailscale's servers, for one. You're getting that NAT-busting because Tailscale is running servers to handle that for you, and you're getting around key management by having them manage your keys and overlay their own auth layer for you.
> Headscale is a re-implemented version of the Tailscale coordination server, developed independently and completely separate from Tailscale.
Headscale is a project that complements Tailscale — with its own independent community of users and developers. Tailscale does not set Headscale’s product direction or manage the community, and neither prohibits nor requires employees from contributing to Headscale.
I had a Headscale server running for a few years with no hiccups. Setup was easy, it's not too resource intensive, and you can use the normal Tailscale client.
Well, the dependency on Tailscale's servers, for one. You're getting that NAT-busting because Tailscale is running servers to handle that for you, and you're getting around key management by having them manage your keys and overlay their own auth layer for you.
So Tailscale has "extra dependencies" on Tailscale. Gotcha.
You can always run Headscale: https://tailscale.com/opensource#encouraging-headscale
> Headscale is a re-implemented version of the Tailscale coordination server, developed independently and completely separate from Tailscale. Headscale is a project that complements Tailscale — with its own independent community of users and developers. Tailscale does not set Headscale’s product direction or manage the community, and neither prohibits nor requires employees from contributing to Headscale.
I had a Headscale server running for a few years with no hiccups. Setup was easy, it's not too resource intensive, and you can use the normal Tailscale client.
How do you identify yourself to Tailscale?
Google auth but you can run your OIDC provider if you're into that: https://tailscale.com/kb/1240/sso-custom-oidc.
My nodes identify themselves with keys signed by the other nodes as per tailnet lock: https://tailscale.com/kb/1226/tailnet-lock