Comment by bogwog
4 hours ago
So basically wireguard, but you have to pay for it, and you have create an account through Google/Apple/Microsoft/whatever.
Wireguard is not that hard to set up manually. If you've added SSH keys to your Github account, it's pretty much the same thing. Find a youtube video or something, and you're good. You might not even need to install a wireguard server yourself, as some routers have that built in (like my Ubiquity EdgeRouter)
It's not really "basically wireguard" and you don't have to pay for it for personal use. Wireguard is indeed pretty easy to set up, but basic Wireguard doesn't get you the two most significant features of Tailscale, mesh connections and access controls.
Tailscale does use Wireguard, but it establishes connections between each of your devices, in many cases these will be direct connections even if the devices in question are behind NAT or firewalls. Not every use-case benefits from this over a more traditional hub and spoke VPN model, but for those that do, it would be much more complicated to roll your own version of this. The built-in access controls are also something you could roll your own version of on top of Wireguard, but certainly not as easily as Tailscale makes it.
There's also a third major "feature" that is really just an amalgamation of everything Tailscale builds in and how it's intended to be used, which is that your network works and looks the same even as devices move around if you fully set up your environment to be Tailscale based. Again not everyone needs this, but it can be useful for those that do, and it's not something you get from vanilla Wireguard without additional effort.
I guess I'm still not following. Is there an example thing that you can do with Tailscale that you can't do with Wireguard? "Establishes connections between each of your devices" is pretty vague. The Internet can already do that.
You can run two nodes both behind restrictive full cone NATs and have them establish an encrypted connection between each other. You can configure your devices to act as exit nodes, allowing other devices on your "tailnet" to use them to reach the internet. You can set up ACLs and share access to specific devices and ports with other users. If you pay a bit more, you can also use any Mullvad VPN node as an exit point.
Tailscale is "just" managed Wireguard, with some very smart network people doing everything they can to make it go point-to-point even with bad NATs, and offering a free fallback trustless relay layer (called DERP) that will act as a transit provider of last resort.
Tailscale is free for pretty much everything you'd want to do as a home user.
It also doesn't constantly try and ram any paid offerings down your throat.
I was originally put off by how much Tailscale is evangelised here, but after trying it, I can see why it's so popular.
I have my Ubuntu server acting as a Tailscale exit node.
I can route any of my devices through it when I'm away from home (e.g. phone, tablet, laptop).
It works like a VPN in that regard.
Last year, I was on a plane and happened to sit next to an employee of Tailscale.
I told him that I thought his product was cool (and had used it throughout the flight to route my in-flight Wi-fi traffic back to the UK) but that I had no need to pay for it!