This is my question too... It's concerning to me that everyone one seems to be using tailscale (and maybe cloudflare access) and that I don't see mention of open source alternatives. I'm sure for some network experts the alternatives are obvious? Setup a server somewhere publically available that runs ??? and have it be your auth/rendezvous server.

people complain about github being proprietary but I haven't seen much complaint about tailscale being proprietary.

I assume I'm just being overly paranoid? It's certainly convenient to just sign up and have things just work.

You can also build a mesh network using standard wireguard. While manual configuration requires exchanging keys and settings between devices, many ansible playbooks can automate this process with minimal effort.

Tailscale is not different. It simply makes managing WG configuration easier, and adds some useful value-added features on top.

But, as you know, you can also manage this configuration yourself, either via traditional config mgmt tools, helpers like wg-meshconf, or even plain shell scripts, if you like. I'm aware this is a very HN-Dropboxy comment, but it's really not that complex[1], and is easily manageable for a small deployment.

Another VPN tool I used before WG gained momentum was tinc, which supports mesh networking out of the box. It's even easier to configure and maintain, and supports all platforms. It does run in userspace, which should make it slower than WG, but I found the performance acceptable for my modest use cases. Highly recommended.

[1]: https://www.procustodibus.com/blog/2020/11/wireguard-point-t... (this blog is a great WG resource!)