Comment by konradb

8 hours ago

I don't think you need to pay $6 a month to try it out.

Install it on all the machines you want. When you are running it on the machine, it is networked to the other machines that are running it. Now make an 'exit node' on one of those machines by selecting it in the UI, and all your gear can access the internet via that exit node. Your phone can run it. Your apple tv can run it. You can have multiple exit nodes. So you can have a worldwide network and not once did you have to open ports in firewalls etc.

9 comments

konradb

Reply
Tor3  4 hours ago

How does it compare to Zerotier? The way I understand it it's kind of overlapping functionality but not necessarily everything. What I want from Zerotier is basically what you described about Tailscale.

The two problems I have with zerotier are:

1) It's supposed to let a mobile device like an Android tablet route its traffic through zerotier (functioning as a VPN to my home site, in this case). However, I've never got that to work. It's running, but doesn't affect anything network-wise for the other applications (unlike running e.g. openvpn on it)

2) On a couple of computers with specific routing set up to various destinations, when Zerotier runs it simply blocks all of that and there's no way for me to continue accessing anything else than the Zerotier network. No fiddling with routing tables etc. changes any of that. On other computers, also some running OpenVPN, Zerotier does not interfere. I've never figured out what causes this.

So, in short, I'm pondering if I should ditch Zerotier and try Tailscale instead. If it does the same - I simply want a way to connect my devices, but I also don't want to lose total control over routing. For mobile devices I would want full VPN, for computers I don't. Edit: So, I'm both after connecting my multiple networks, as well as VPN'ing certain things or devices through another location.

Thanks for any input on this.

  • rainsford  2 hours ago

    Having tried both Zerotier and Tailscale, I found Tailscale to be a significant improvement. Tailscale uses Wireguard as the base encrypted protocol instead of a semi-homebrew protocol Zerotier came up with that notably lacks things like ephemeral keys/perfect forward secrecy. Tailscale also has a faster pace of improvement and is responsive to customer asks, regularly rolling out new features, improving performance, or fixing bugs. Zerotier by contrast seems to move slower, regularly promising improvements for years that never materialize (e.g. fixing the lack of PFS).

    My last gripe is more niche, but I found Zerotier's single threaded performance to be abysmal, making it basically unusable for small single core VMs. My searching at the time suggested this was a known bug, but not one that was fixed before I switched to Tailscale. Not impossible to work around, but also the kind of issue that didn't endear the product to me or inspire confidence.

jasonkester  8 hours ago

So, somewhere on that website, there’s a free version that can be downloaded onto a desktop and run without signing up for their service?

I think I understand what it does now. So, basically you leave a computer running at home, and this thing lets you pretend to be running your internet stuff through it while you’re on the road?

  • konradb  7 hours ago

    > So, somewhere on that website, there’s a free version that can be downloaded onto a desktop and run without signing up for their service?

    If you go to https://tailscale.com/pricing?plan=personal

    The first plan on the left called 'Personal' is free.

    It uses a central orchestrator which is what requires you to sign up. If you prefer to self host your orchestrator you can look into Headscale, an alternative that seeks to be compatible with the clients.

    > So, basically you leave a computer running at home, and this thing lets you pretend to be running your internet stuff through it while you’re on the road?

    That's one thing you can do with it, yes. You can also run custom DNS entries across it, ACLs, it is very flexible.

    • jasonkester  6 hours ago

      Ugh. On mobile, the first plan on the pricing page is “ starter” for $6. The plan to the right is partly visible, indicating that you can scroll that way. There’s nothing to indicate that you can scroll left.

      A less hostile website design would have (again) saved me a question.

      2 replies →

  • omnimus  7 hours ago

    The service is free up to certain amount of connected people and devices. You most likely don't need to pay for it. I am pretty heavy user and don't. It is virtual private network orchestrator. It allows you to connect to other devices that you add to your network as long as they are connected to the internet. So your office computer, home server or NAS. If you have some home automation like home assistant you can connect to it from anywhere. That kind of stuff.

  • barrkel  4 hours ago

    You can run it on a capable router or on a RPi, or on your NAS. It's especially useful if you want to self-host (e.g. Immich). You can use it to authenticate for ssh if you like, or simply give you an IP you can ssh to.

    It's especially handy if you want a secondary way in, in case you have problems connecting using wireguard, since it supports using a relay if you're stuck in a hotel with a heavily restricted connection.

    If you run DNS at home, you can even configure it to use your home DNS and route to your home subnet(s).