Any sufficiently advanced technology is indistinguishable from magic.
I used this because Tailscale is the first VPN provider that I used that really embodies that statement, mainly because it just works.
Before Tailscale, I ran my own stitched together Wireguard network thak mostly served my purpose. And before that, I ran iterations of IPsec, OpenVPN and a variety of ssh based tunnel software. While I had fun and learned several things playing around with all this technology, it always had it’s problems. The central server got borked, the network didn’t allow certain ports or methods, NAT failues, … the batlle was endless. Even with the Wireguard setup, which massively simplified exchanging keys and where I used multiple lightweight tunnels to connect things, these issues still occured.
Even other VPN providers that were based on these technologies had issues. Mullvad worked relatively well, but then at the time lacked some features I needed.
Meanwhile, from day 1, Tailscale just worked. Go the site, create an account, install the programs and follow the quick start. That’s all, I could immediately connect to all my devices that I connect with Tailscale.
And connecting those devices was very easy. If it could be done interactively,
tailscale up on the device, it prompts a login URL. You then simply
go the the URL, sign in with your account and seconds later the device is online
and shows up in the web interface.
If you then type
tailscale status, you get an overview of the devices.
Aside from connecting devices together in your own little private network (or tailnet), Tailscale can DO a lot more these days.
Connecting these devices together is backed by an incredibly powerful ACL structure where you have full control of who can access what. Not only can you create [hosts]() and [groups](), but you can also write [tests]() for this logic. I can definitely see a use case for this in businesses where multiple people might modify the ACL or on my own, to ensure that I don’t accidently share my highly sensitive server with my friend!
“Share server with your friend?” you ask. YES, with Tailscale you can share servers accross account/Tailnets! This makes it easy to share your FTP or minecraft server with friends and family without ever having to expose those servers to the Internet.
Personally I use Nixos, so I took some time recently to update and create a small Nixos module that can be used to setup and run Tailscale. It’s largely inspired by this blogpost and offers me some flexibility to what I can configure on hosts. So I can easily expose a certain subnet over Tailscale or enable the Tailscale SSH functionality.
Tags: #vpn #tailscale #wireguard #nixos