Comment by akerl_
19 hours ago
Well, the dependency on Tailscale's servers, for one. You're getting that NAT-busting because Tailscale is running servers to handle that for you, and you're getting around key management by having them manage your keys and overlay their own auth layer for you.
You can always run Headscale: https://tailscale.com/opensource#encouraging-headscale
> Headscale is a re-implemented version of the Tailscale coordination server, developed independently and completely separate from Tailscale. Headscale is a project that complements Tailscale — with its own independent community of users and developers. Tailscale does not set Headscale’s product direction or manage the community, and neither prohibits nor requires employees from contributing to Headscale.
So Tailscale has "extra dependencies" on Tailscale. Gotcha.
Tailscale is an extra dependency vs using WireGuard directly, which is what was being discussed.
I had a Headscale server running for a few years with no hiccups. Setup was easy, it's not too resource intensive, and you can use the normal Tailscale client.