alt Hacker NewsThis is my question too... It's concerning to me that everyone one seems to be using tailscale (and maybe cloudflare access) and that I don't see mention of open source alternatives. I'm sure for some network experts the alternatives are obvious? Setup a server somewhere publically available that runs ??? and have it be your auth/rendezvous server.
people complain about github being proprietary but I haven't seen much complaint about tailscale being proprietary.
I assume I'm just being overly paranoid? It's certainly convenient to just sign up and have things just work.
Replies
> I don't see mention of open source alternatives
Check out Nebula (created by Slack) - https://github.com/slackhq/nebula
Fundamentally very similar to Tailscale. I've been using it for years and it has been flawless. It doesn't have as many bells and whistles as Tailscale but it does what it does very well.
The Tailscale client (non-GUI) is open source: https://github.com/tailscale/tailscale
And they collaborate with Headscale to provide an open-source coordination server (with, unsurprisingly, a more limited featureset, but it works fine with their closed-source GUI client): https://tailscale.com/opensource#encouraging-headscale
I use the combination myself and it works quite well, but of course is less convenient than using their product (which I also do in a different context). Overall I'm pretty happy with their open-source stance.
Whether or not you're being overly paranoid depends on your needs.
As I said on another comment, my use can be tracked by volume and timing, but since I'm only connecting to my house or my in-laws', and using an exit node on one of them, I'm not doing anything with it that I wouldn't do openly from my house. If I were hosting Anna's Archive, it would not do.
As noted by others, Headscale works if you want fully self-hosted. The features it doesn't have aren't important to the typical home user. The free tier of Tailscale is really, really easy to set up and a very non-technical user can just use it if someone with even modest skills, like me, sets it up. That's why I use it. I can talk my wife through how to use Tailscale over the phone. I can set up OpenVPN or Wireguard (I set up an OpenBSD firewall and NAT system in the mid-late 1990s for an office and used it with SSH tunnels and VNC to do some remote troubleshooting), but I can't troubleshoot it remotely with a nontechnical user.
There is a well documented opensource alternative to Tailscale - Headscale. The tailscale client is already opensource, Headscale is opensource drop in replacement for the control server which isn't, and fully compatible with Tailscale clients:
https://github.com/juanfont/headscale
If you can be bothered running the headscale container, you generally don't need to pay for tailscale. It's been pretty well supported and widely used for a number of years at this point. Tailscale even permit their own engineers to contribute to headscale, as the company sees it as complimentary to the commercial offering.