alt Hacker NewsI’m seeing a lot of this same comment here, so I went to check out this tailscale thing, which clearly I must need.
Can anybody explain what Tailscale is, does, or why everybody seems to have it?
Looking at their website, it’s just a huge wall of business jargon. Really! Read it. It’s nothing but a list of enterprise terminology. There’s a “how it works “ page full of more (different) jargon, acronyms and buzzwords, but no simple explanation of why everybody on this thread seems to be paying money for this thing?
Any help? Should I just pay them my $6/month and hope I figure it out at some point?
Replies
Not sure if anybody gives you the answer to "what is tailscale?". So, this is my answer (hopefully it's correct and simple enough to understand).
Tailscale allows devices that can access the Internet (no matter how they access the Internet) to see each other.
To do that, you create a tailscale network for yourself, then connect your devices to that network, then your devices can see each other. Other devices that are connecting to the Internet but not to our tailscale network won't see your devices.
AI might explain it better :-) Don't know why I wanted to explain it.
Basically it is managed Wireguard. Tailscale does say it, but it is buried under marketing speak.
Sign up for free using Google Sign In.
Install the tailscale client on each of your devices.
Each device will get an IP address from Tailscale. Think about that like a new LAN address.
When you're away from home, you can access your home devices using the Tailscale IP addresses.
Basic version is it's a sort of developer focused zero trust network service.
Encrypted overlay network based on wireguard tunnels, with network ACLs based around identity, and with lots of nice quality-of-life features, like DNS that just works and a bunch of other stuff.
(Other stuff = internet egress from your tailscale network ('tailnet') through any chosen node, or feeding inbound traffic from a public IP to a chosen node, SSH tied into the network authentication.
There is also https://github.com/juanfont/headscale - which is a open source implementation of some of tailscale's server side stuff, compatible with the normal tailscale clients.
(And there are clients for a very wide range of stuff).
I don't think you need to pay $6 a month to try it out.
Install it on all the machines you want. When you are running it on the machine, it is networked to the other machines that are running it. Now make an 'exit node' on one of those machines by selecting it in the UI, and all your gear can access the internet via that exit node. Your phone can run it. Your apple tv can run it. You can have multiple exit nodes. So you can have a worldwide network and not once did you have to open ports in firewalls etc.
Also the free tier is sufficient for basically anything non power-user or enterprice.
A system by wich you can expose things on your private network (e.g. your home lan) so you can selectively and securely make them accesible from other places (e.g. over the Internet). You can do all this without tailscale by just configuring secure encrypted tunnels (wireshark, traefic, ...) yourself, but services like tailscale provide you with easy gui configuration for that.
I personally use Pangolin, which is similar https://github.com/fosrl/pangolin
Extending the question:
In my mind Tailscale was primarily to expose local services but answers here sound a bit as if people used it as a VpN replacement.
If I do not want to expose local services but only protect me and hide from untrusted WiFi, would I better use a traditional VPN or Tailscale?
My thinking is that Tailscale could be the better VPN because they have a clean business model while pure VPN companies are all shady.
It's a virtual network switch/router with DHCP, DNS, and lots more enterprisey features on top. You 'plug' devices into it using a VPN connection.
It's a cryptographic key exchange system that allows nodes to open Wireguard tunnels between each other. They have a nice product, but I don't like how it spies on your “private” network by default: https://tailscale.com/kb/1011/log-mesh-traffic
If you want to self-host, use NetBird instead.
they have an excellent set of short intro videos [0] on youtube, that's what I used to get an overview and get set up.
You don't need to get too far down the page to see "VPN", which is what it is. But on top of that primitive, it's also a bunch of software and networking niceties.
It just virtual private network.
It’s a point to point vpn that works between devices even without a direct network connection.
Their personal free plan is more than enough.
It's a wrapper around Wireguard that lets you use common SSO providers (Apple ID, Google, etc) to manage access.
It also handles looking up the IP address of your "nodes" through their servers, so you don't need to host a domain/dns to find the WAN IP of your home network when you're external to it (this is assuming you don't pay for a fixed IP).
Most people put an instance of it on a home server or NAS, and then they can use the very well designed and easy to use iOS/mac/etc client to access their home network when away.
You can route all traffic through it, so basically your device operates as if you're on your home network.
You can accomplish all of this stuff (setting up a VPN to your home network, DNS lookup to your home network) without Tailscale, but it makes it so much easier.