Comment by jasonkester

Comment by jasonkester 5 hours ago

34 replies

View on Hacker News

I’m seeing a lot of this same comment here, so I went to check out this tailscale thing, which clearly I must need.

Can anybody explain what Tailscale is, does, or why everybody seems to have it?

Looking at their website, it’s just a huge wall of business jargon. Really! Read it. It’s nothing but a list of enterprise terminology. There’s a “how it works “ page full of more (different) jargon, acronyms and buzzwords, but no simple explanation of why everybody on this thread seems to be paying money for this thing?

Any help? Should I just pay them my $6/month and hope I figure it out at some point?

KnuthIsGod 5 hours ago

Basically it is managed Wireguard. Tailscale does say it, but it is buried under marketing speak.

Reply View 2 replies
  • walthamstow 2 hours ago

    It's also P2P mesh rather than hub and spoke which is quite important

    Reply View 0 replies
  • quaintdev 4 hours ago

    This. People are doing the same thing that OP mentioned in this thread.

    Reply View 0 replies
rahimnathwani 2 hours ago

Sign up for free using Google Sign In.

Install the tailscale client on each of your devices.

Each device will get an IP address from Tailscale. Think about that like a new LAN address.

When you're away from home, you can access your home devices using the Tailscale IP addresses.

Reply View 6 replies
  • nottorp 2 hours ago

    They still tie you to Google?

    Reply View 5 replies
    • fragmede 2 hours ago

      Microsoft, Github, and Apple login are the other options if you don't want to use Google.

      Reply View 4 replies
      • nottorp 2 hours ago

        So zero options that will not tie their service to some other service still.

        So much for resilience.

        Reply View 3 replies
konradb 5 hours ago

I don't think you need to pay $6 a month to try it out.

Install it on all the machines you want. When you are running it on the machine, it is networked to the other machines that are running it. Now make an 'exit node' on one of those machines by selecting it in the UI, and all your gear can access the internet via that exit node. Your phone can run it. Your apple tv can run it. You can have multiple exit nodes. So you can have a worldwide network and not once did you have to open ports in firewalls etc.

Reply View 6 replies
  • Tor3 an hour ago

    How does it compare to Zerotier? The way I understand it it's kind of overlapping functionality but not necessarily everything. What I want from Zerotier is basically what you described about Tailscale.

    The two problems I have with zerotier are:

    1) It's supposed to let a mobile device like an Android tablet route its traffic through zerotier (functioning as a VPN to my home site, in this case). However, I've never got that to work. It's running, but doesn't affect anything network-wise for the other applications (unlike running e.g. openvpn on it)

    2) On a couple of computers with specific routing set up to various destinations, when Zerotier runs it simply blocks all of that and there's no way for me to continue accessing anything else than the Zerotier network. No fiddling with routing tables etc. changes any of that. On other computers, also some running OpenVPN, Zerotier does not interfere. I've never figured out what causes this.

    So, in short, I'm pondering if I should ditch Zerotier and try Tailscale instead. If it does the same - I simply want a way to connect my devices, but I also don't want to lose total control over routing. For mobile devices I would want full VPN, for computers I don't. Edit. So, I'm both after connecting my multiple networks, as well as VPN'ing certain things or devices through another location.

    Thanks for any input on this.

    Reply View 0 replies
  • jasonkester 4 hours ago

    So, somewhere on that website, there’s a free version that can be downloaded onto a desktop and run without signing up for their service?

    I think I understand what it does now. So, basically you leave a computer running at home, and this thing lets you pretend to be running your internet stuff through it while you’re on the road?

    Reply View 4 replies
    • barrkel 26 minutes ago

      You can run it on a capable router or on a RPi, or on your NAS. It's especially useful if you want to self-host (e.g. Immich). You can use it to authenticate for ssh if you like, or simply give you an IP you can ssh to.

      It's especially handy if you want a secondary way in, in case you have problems connecting using wireguard, since it supports using a relay if you're stuck in a hotel with a heavily restricted connection.

      If you run DNS at home, you can even configure it to use your home DNS and route to your home subnet(s).

      Reply View 0 replies
    • konradb 3 hours ago

      > So, somewhere on that website, there’s a free version that can be downloaded onto a desktop and run without signing up for their service?

      If you go to https://tailscale.com/pricing?plan=personal

      The first plan on the left called 'Personal' is free.

      It uses a central orchestrator which is what requires you to sign up. If you prefer to self host your orchestrator you can look into Headscale, an alternative that seeks to be compatible with the clients.

      > So, basically you leave a computer running at home, and this thing lets you pretend to be running your internet stuff through it while you’re on the road?

      That's one thing you can do with it, yes. You can also run custom DNS entries across it, ACLs, it is very flexible.

      Reply View 1 reply
      • jasonkester 3 hours ago

        Ugh. On mobile, the first plan on the pricing page is “ starter” for $6. The plan to the right is partly visible, indicating that you can scroll that way. There’s nothing to indicate that you can scroll left.

        A less hostile website design would have (again) saved me a question.

        Reply View 0 replies
    • omnimus 4 hours ago

      The service is free up to certain amount of connected people and devices. You most likely don't need to pay for it. I am pretty heavy user and don't. It is virtual private network orchestrator. It allows you to connect to other devices that you add to your network as long as they are connected to the internet. So your office computer, home server or NAS. If you have some home automation like home assistant you can connect to it from anywhere. That kind of stuff.

      Reply View 0 replies
gertrunde 4 hours ago

Basic version is it's a sort of developer focused zero trust network service.

Encrypted overlay network based on wireguard tunnels, with network ACLs based around identity, and with lots of nice quality-of-life features, like DNS that just works and a bunch of other stuff.

(Other stuff = internet egress from your tailscale network ('tailnet') through any chosen node, or feeding inbound traffic from a public IP to a chosen node, SSH tied into the network authentication.

There is also https://github.com/juanfont/headscale - which is a open source implementation of some of tailscale's server side stuff, compatible with the normal tailscale clients.

(And there are clients for a very wide range of stuff).

Reply View 6 replies
  • jasonkester 4 hours ago

    I can’t tell if you’re trying to help, or just getting into the spirit of the website’s “how it works (using ten pages of terminology and acronyms we just made up)” page.

    Reply View 5 replies
    • viccis 4 hours ago

      None of the terminology or acronyms that user used were made up or unique to this. I think you are blaming other people for your unfamiliarity with this kind of tech.

      It is simply a managed service that lets you hook devices up to an overlay network, in which they can communicate easily with each other just as though they were on a LAN even if they are far apart.

      For example, if you have a server you'd like to be able to SSH into on your home network, but you don't want to expose it to the internet, you can add both it and your laptop to a Tailscale network and then your laptop can connect directly to it over the Tailscale network no different than if you were at home.

      Reply View 2 replies
      • jasonkester 4 hours ago

        Sorry if I appeared rude. That was very much tongue in cheek.

        But notice how you just did a much better job of explaining what this thing does without using any jargon at all. The jargon helps if everyone already knows what you’re talking about. It hurts if anyone doesn’t.

        That’s what I’m poking fun at. There’s a trait in lots of engineers I’ve worked with over the years to be almost afraid to talk about tech stuff in layman terms. Like they’re worried that someone will think less of them because they used words instead of an acronym. Like they won’t get credit for knowing what a zero trust network is if they describe the concept in a way that regular people might understand.

        One of those guys was certainly in charge of this company’s website copy.

        Reply View 1 reply
        • aembleton 3 hours ago

          > But notice how you just did a much better job of explaining what this thing does without using any jargon at all.

          There was plenty of jargon and acronyms like LAN and SSH. You're just used to those ones.

          Reply View 0 replies
    • arcanemachiner 4 hours ago

      Your ignorance of the topic is no excuse to be rude to someone who's trying to help you.

      Reply View 0 replies
    • jaapz 4 hours ago

      That's just networking jargon

      Reply View 0 replies
weinzierl 3 hours ago

Extending the question:

In my mind Tailscale was primarily to expose local services but answers here sound a bit as if people used it as a VpN replacement.

If I do not want to expose local services but only protect me and hide from untrusted WiFi, would I better use a traditional VPN or Tailscale?

My thinking is that Tailscale could be the better VPN because they have a clean business model while pure VPN companies are all shady.

Reply View 2 replies
  • barrkel 21 minutes ago

    Tailscale can tunnel all your traffic through a chosen exit node so you browse the web and whatnot as if you were at home (or wherever the exit node is), so in this way it's a bit like a VPN from a VPN company, but it doesn't give you a list of countries to select from.

    VPN companies aren't really in the business of selling VPNs. They sell proxies, especially proxies that let you appear to come from some country, and you typically connect to the proxy using the VPN functionality (particularly if you're using a consumer device instead of a laptop), but often you can use SOCKS5 instead.

    Tailscale isn't in the business of selling proxies.

    Reply View 0 replies
  • hhh 3 hours ago

    Tailscale is an enterprise vpn, connecting multiple of your networks, where as consumer vpns just make your network traffic exit from their network.

    I run a tailscale exit node on an anonymous vps provider to give me a similar experience to a consumer vpn.

    Reply View 0 replies
PeterStuer 4 hours ago

A system by wich you can expose things on your private network (e.g. your home lan) so you can selectively and securely make them accesible from other places (e.g. over the Internet). You can do all this without tailscale by just configuring secure encrypted tunnels (wireshark, traefic, ...) yourself, but services like tailscale provide you with easy gui configuration for that.

I personally use Pangolin, which is similar https://github.com/fosrl/pangolin

Reply View 0 replies
remco_sch 4 hours ago

It's a virtual network switch/router with DHCP, DNS, and lots more enterprisey features on top. You 'plug' devices into it using a VPN connection.

Reply View 0 replies
Lammy 4 hours ago

It's a cryptographic key exchange system that allows nodes to open Wireguard tunnels between each other. They have a nice product, but I don't like how it spies on your “private” network by default: https://tailscale.com/kb/1011/log-mesh-traffic

If you want to self-host, use NetBird instead.

Reply View 0 replies
frio 5 hours ago

You don't need to get too far down the page to see "VPN", which is what it is. But on top of that primitive, it's also a bunch of software and networking niceties.

Reply View 0 replies
tomjen3 3 hours ago

It’s a point to point vpn that works between devices even without a direct network connection.

Their personal free plan is more than enough.

Reply View 0 replies