Comment by jasonkester
5 hours ago
I’m seeing a lot of this same comment here, so I went to check out this tailscale thing, which clearly I must need.
Can anybody explain what Tailscale is, does, or why everybody seems to have it?
Looking at their website, it’s just a huge wall of business jargon. Really! Read it. It’s nothing but a list of enterprise terminology. There’s a “how it works “ page full of more (different) jargon, acronyms and buzzwords, but no simple explanation of why everybody on this thread seems to be paying money for this thing?
Any help? Should I just pay them my $6/month and hope I figure it out at some point?
Basically it is managed Wireguard. Tailscale does say it, but it is buried under marketing speak.
It's also P2P mesh rather than hub and spoke which is quite important
This. People are doing the same thing that OP mentioned in this thread.
Sign up for free using Google Sign In.
Install the tailscale client on each of your devices.
Each device will get an IP address from Tailscale. Think about that like a new LAN address.
When you're away from home, you can access your home devices using the Tailscale IP addresses.
They still tie you to Google?
Microsoft, Github, and Apple login are the other options if you don't want to use Google.
4 replies →
I don't think you need to pay $6 a month to try it out.
Install it on all the machines you want. When you are running it on the machine, it is networked to the other machines that are running it. Now make an 'exit node' on one of those machines by selecting it in the UI, and all your gear can access the internet via that exit node. Your phone can run it. Your apple tv can run it. You can have multiple exit nodes. So you can have a worldwide network and not once did you have to open ports in firewalls etc.
How does it compare to Zerotier? The way I understand it it's kind of overlapping functionality but not necessarily everything. What I want from Zerotier is basically what you described about Tailscale.
The two problems I have with zerotier are:
1) It's supposed to let a mobile device like an Android tablet route its traffic through zerotier (functioning as a VPN to my home site, in this case). However, I've never got that to work. It's running, but doesn't affect anything network-wise for the other applications (unlike running e.g. openvpn on it)
2) On a couple of computers with specific routing set up to various destinations, when Zerotier runs it simply blocks all of that and there's no way for me to continue accessing anything else than the Zerotier network. No fiddling with routing tables etc. changes any of that. On other computers, also some running OpenVPN, Zerotier does not interfere. I've never figured out what causes this.
So, in short, I'm pondering if I should ditch Zerotier and try Tailscale instead. If it does the same - I simply want a way to connect my devices, but I also don't want to lose total control over routing. For mobile devices I would want full VPN, for computers I don't. Edit. So, I'm both after connecting my multiple networks, as well as VPN'ing certain things or devices through another location.
Thanks for any input on this.
So, somewhere on that website, there’s a free version that can be downloaded onto a desktop and run without signing up for their service?
I think I understand what it does now. So, basically you leave a computer running at home, and this thing lets you pretend to be running your internet stuff through it while you’re on the road?
You can run it on a capable router or on a RPi, or on your NAS. It's especially useful if you want to self-host (e.g. Immich). You can use it to authenticate for ssh if you like, or simply give you an IP you can ssh to.
It's especially handy if you want a secondary way in, in case you have problems connecting using wireguard, since it supports using a relay if you're stuck in a hotel with a heavily restricted connection.
If you run DNS at home, you can even configure it to use your home DNS and route to your home subnet(s).
> So, somewhere on that website, there’s a free version that can be downloaded onto a desktop and run without signing up for their service?
If you go to https://tailscale.com/pricing?plan=personal
The first plan on the left called 'Personal' is free.
It uses a central orchestrator which is what requires you to sign up. If you prefer to self host your orchestrator you can look into Headscale, an alternative that seeks to be compatible with the clients.
> So, basically you leave a computer running at home, and this thing lets you pretend to be running your internet stuff through it while you’re on the road?
That's one thing you can do with it, yes. You can also run custom DNS entries across it, ACLs, it is very flexible.
1 reply →
The service is free up to certain amount of connected people and devices. You most likely don't need to pay for it. I am pretty heavy user and don't. It is virtual private network orchestrator. It allows you to connect to other devices that you add to your network as long as they are connected to the internet. So your office computer, home server or NAS. If you have some home automation like home assistant you can connect to it from anywhere. That kind of stuff.
Basic version is it's a sort of developer focused zero trust network service.
Encrypted overlay network based on wireguard tunnels, with network ACLs based around identity, and with lots of nice quality-of-life features, like DNS that just works and a bunch of other stuff.
(Other stuff = internet egress from your tailscale network ('tailnet') through any chosen node, or feeding inbound traffic from a public IP to a chosen node, SSH tied into the network authentication.
There is also https://github.com/juanfont/headscale - which is a open source implementation of some of tailscale's server side stuff, compatible with the normal tailscale clients.
(And there are clients for a very wide range of stuff).
I can’t tell if you’re trying to help, or just getting into the spirit of the website’s “how it works (using ten pages of terminology and acronyms we just made up)” page.
None of the terminology or acronyms that user used were made up or unique to this. I think you are blaming other people for your unfamiliarity with this kind of tech.
It is simply a managed service that lets you hook devices up to an overlay network, in which they can communicate easily with each other just as though they were on a LAN even if they are far apart.
For example, if you have a server you'd like to be able to SSH into on your home network, but you don't want to expose it to the internet, you can add both it and your laptop to a Tailscale network and then your laptop can connect directly to it over the Tailscale network no different than if you were at home.
2 replies →
Your ignorance of the topic is no excuse to be rude to someone who's trying to help you.
That's just networking jargon
Extending the question:
In my mind Tailscale was primarily to expose local services but answers here sound a bit as if people used it as a VpN replacement.
If I do not want to expose local services but only protect me and hide from untrusted WiFi, would I better use a traditional VPN or Tailscale?
My thinking is that Tailscale could be the better VPN because they have a clean business model while pure VPN companies are all shady.
Tailscale can tunnel all your traffic through a chosen exit node so you browse the web and whatnot as if you were at home (or wherever the exit node is), so in this way it's a bit like a VPN from a VPN company, but it doesn't give you a list of countries to select from.
VPN companies aren't really in the business of selling VPNs. They sell proxies, especially proxies that let you appear to come from some country, and you typically connect to the proxy using the VPN functionality (particularly if you're using a consumer device instead of a laptop), but often you can use SOCKS5 instead.
Tailscale isn't in the business of selling proxies.
Tailscale is an enterprise vpn, connecting multiple of your networks, where as consumer vpns just make your network traffic exit from their network.
I run a tailscale exit node on an anonymous vps provider to give me a similar experience to a consumer vpn.
A system by wich you can expose things on your private network (e.g. your home lan) so you can selectively and securely make them accesible from other places (e.g. over the Internet). You can do all this without tailscale by just configuring secure encrypted tunnels (wireshark, traefic, ...) yourself, but services like tailscale provide you with easy gui configuration for that.
I personally use Pangolin, which is similar https://github.com/fosrl/pangolin
It's a virtual network switch/router with DHCP, DNS, and lots more enterprisey features on top. You 'plug' devices into it using a VPN connection.
It's a cryptographic key exchange system that allows nodes to open Wireguard tunnels between each other. They have a nice product, but I don't like how it spies on your “private” network by default: https://tailscale.com/kb/1011/log-mesh-traffic
If you want to self-host, use NetBird instead.
You don't need to get too far down the page to see "VPN", which is what it is. But on top of that primitive, it's also a bunch of software and networking niceties.
they have an excellent set of short intro videos [0] on youtube, that's what I used to get an overview and get set up.
[0] https://youtu.be/sPdvyR7bLqI?si=2kIpHtNuJ52jEdmm
It just virtual private network.
It’s a point to point vpn that works between devices even without a direct network connection.
Their personal free plan is more than enough.