Comment by 3abiton
This looks interesting! What's the added value over wireguard + openwrt setup?
This looks interesting! What's the added value over wireguard + openwrt setup?
It's a mesh VPN, so peers communicate directly without additional delay.
I opted for Netbird myself because Headscale's UI felt too basic for me back then. Has that improved over the years probably?
They are both based on WireGuard (kernel-space and user-space `wireguard-go`), so I guess there's no significant difference in performance for typical usage.
In terms of stability, Netbird has been pretty good for me. I've been using Netbird as the backhaul network for my laptop, phone and inter-site k3s cluster for several years without major issues.
One major downside of Netbird is that its Android client can be quite a battery drainer [1]. (It keeps your fingers warm during winter, though!) As for Tailscale, it offers some neat features like Funnel, which is missing in Netbird, but in my case, covered by DNS and k8s Ingress.
Netbird seems (or perhaps is?) newer. It didn't have some basic features baked in when I last looked into it, e.g. you couldn't switch accounts on the client https://github.com/netbirdio/netbird/issues/3273 and if I had an account associated with a single team, then that account couldn't be invited to or be associated with additional teams.
Tailscale's value prop is "Wireguard that the merely somewhat-technically-inclined can set up and manage unassisted". Across tons and tons of clients (my AppleTVs connect to my Tailscale network, this took maybe a minute to configure—and they can act as gateways)
Some do not want/have a fixed IP address or anything listening on their home network.
Tailscale or having Headscale hosted somewhere else allows you to do that.
Your devices will connect to each other peer-to-peer (even behind complex NATs) with no manual configuration, subject to ACLs you centrally manage. It just works.
People sometimes dismiss Tailscale as "just" a WireGuard orchestrator, but it's actually much more than that - From a product perspective, WireGuard is just an implementation detail.