Use Tailscale for my home server, no ports to open, no complex configuration. Just fire it up and log in and it works, for free! Outstanding piece of software
Speaking as a network engineer who’s been in the industry for over a decade the “How NAT traversal works” article is genuinely one of the best pieces of technical writing I have ever read
Great interview, I think I have been using Tailscale about as long as Wendell has and I have referenced that "How NAT traversal works" many times as a great way to better understand the complexity behind making Tailscale seem like "magic"
I recently set up Tailscale for my friend's home network. We installed it, clicked a few buttons on the admin page, and then were confused what to do next. Tried connecting to the network out of curiosity and it just worked. We both stood up in shock literally gasping at the magic.
Have been avoiding Tailscale for a while since I thought it sounded too good to be true. I finally caved in early this year and tried it… and yes it just works. Love it.
I was avoiding it for a bit as well, since it sounded more complicated than I probably want to manage so I was using zerotier for a while. I have both where I can now, and I'm starting to slowly switch over since I find that tailscale actually functions more predictably for me and the coordination of the configuration works well. Also, Zerotier has been pushing for heavier monetization now... so I'm moving stuff off it to reduce the node count.
I just added a Tailscale exit node to my homelab yesterday, and it has become hands down my most useful tool of all my systems. Great tool, can never go back!
I enabled my Unraid server as an Exit Node yesterday, changed the Tailscale DNS to my Adguard port, and now I have adblocking even when im not at home!
there is probably no open source software worse than nextcloud. It is easily one of if not the most janky and worst softwares I've seen in 30 years of open source. I'm glad louis rossmanns new 13 hour video goes over how bad it is and sets up actual good software to replace all of what nextcloud does badly (everything)
Same here. I hadn't been able to get my head around Tailscale before but this video made everything click. I'm just a personal user so they won't make much money from me right now, but at least I can be an evangelist now. 😀
@@xxxxxx-wq2rd None of your traffic goes through their servers, they basically just work as a sign-post so your devices know where to find each other. They can block your login but none of your data should be compromised.
@@xxxxxx-wq2rd if you aren’t a political enemy, explain it to them. With luck your problem will be resolved. If you are a political enemy, you should have been using headscale, the open source version that you can self host.
This is some insane timing, I've been spending all day reading the TailScale documentation! Then I open UA-cam and this is the very first thing I see! I think the universe is telling me something.
@chaemelion I thought so at first, but I was on a work PC reading the docs completely detached from my phone with UA-cam, from a different IP, location, and account. If it was the algorithm, they're doing some damn clever data association.
@@zeppelins4ever I don't doubt they do exactly that. I've had some very similar experiences. I wouldn't put it past Google to analyze visits to a website associated with an advertisement client of theirs, and bump that content suggestion a few points for related public IPs by common current or historical clients, by location (again, by IP or otherwise), etc..
I'm halfway into this video and I've been able to set up Tailscale on my laptop, PC, and UnRAID server. This is frickin' WILD. Enumerating services across my network and make the Tailscale plugin on UnRAID a one-stop-shop from anywhere in the world? Holy crap! Thank you.
Tailscale has been great for years - set it up on my dad's machine as an exit node and my homelab also as an exit node. If I need to change something on his network (e.g. change his inverter parameters), I just activate his machine as a exit node and do what I need to. Easily run nightly backups of all his most important files e.g. .docx, .pptx, .xlsx, .pdf etc. on his machine to my homelab. I wish the ACLS were more easily editable by non-technical people through the web GUI but maybe one day that'll be added. Think if the video streaming platforms get more aggressive in enforcing family accounts must all live together, tailscale would be my go-to solution for that too.
I literally downloaded and set up tailscale on my Linux and Android device while I was watching this video. Amazing ! will be definitely sharing this video.
I've actually used Tailscale before! Tailscale is awesome if you just want to connect computers. But it's kind of sad that we need something like Tailscale to replace IPv4 instead of having just IPv6 and E2E encryption by default everywhere.
Even if we had the IPv6/E2EE world, managing those connections would need something simple that would be adequate for most users, because most users don't want to create ACLs for all the devices in their lives and maintain them. Tailscale basically is that solution, but for the world we actually live in.
Genuinely one of the most game-changing pieces of software I've come across in a long time. I travel a lot and need to access resources that have IP allowlists. Now I can just Tailscale into a connection that's already whitelisted with zero drama. Love it - just set it up to access home assistant away from home too!
Avery looks like he's out of central casting for a "computer nerd" right down to the eyeglasses, the bed that is, well, just a bed (who needs sheets, pillows, blankets?), the tee shirt, and the hair that is perfect for the part, EXCEPT he's the real deal. Brilliant, informative, likable, personable, and everything you would want in a technology disrupter. Thank you, Avery for what you envisioned and created.
Been using it for a while and found out my company uses it internally on some teams too. Really nice way of providing a lot of customisability while having the kind of UX where it’s easy to use for personal use.
I've only been using tailscale for a few months and it's awesome. No matter what I tried, I could never get wireguard to work and it was the only thing that got past the double nat and my ISPs cg-nat. Exit node for me is my pfsense router so I can see my server, cameras - everything on my home network. Yes, it just works and yes, just 5 minutes to set up.
Great interview. I installed Tailscale on a Truenas server and on our desktops, laptops and use it everyday including when traveling. We also use the exit node when needed while traveling, makes life easier.
Awesome, thanks Wendell for sharing I will look into it always wanted to have access to my media library when I'm on the road but I didn't want to open a big hole in my firewall, the fact that I will be able have and give access and or backup files and pictures securely without uploading it to the cloud is a huge plus!
I use SyncThing for sharing data directly between my phone, laptop, and SO's laptop. It's amazing and I love it, and I feel cheated that so few things can _just work_ like it does. Tailscale promises to make it happen, for everything, and I'm super excited!
Wendel, please add a video on using an exit node with Ring cameras! The statement that everyone can see my footage freaked me out more than a little bit!! 😮
I am from a remote area where the ISP uses private address for connectivity and Static IP cost money In a situation where I can't use DDNS or static IP Tailscale is a saviour for me Now I can do literally anything that requires me to be in person or static IP or DDNS There are no port forwarding no firewall and stuff Just install it and login in It takes about 5 mins to set it up It's really magical
It'd be cool if you could interview the ZeroTier guys, they did most of this stuff before wireguard was a thing. The result is more of an integrated whole rather than a control layer on top of wireguard. Besides that their all-in-one binary hosts all functionality (controller, root servers and end nodes) besides the web portal. The "controller" or "control server" in tailscale is closed source, so if it wasn't for the headscale project we'd be stuck with tailscale as the single provider and authority over what and who enters the network.
👍Emphasizing, "It'd be cool if you could interview the ZeroTier guys, they did most of this stuff before wireguard was a thing. The result is more of an integrated whole rather than a control layer on top of wireguard. Besides that their all-in-one binary hosts all functionality (controller, root servers and end nodes) besides the web portal."
👍Emphasizing, "The "controller" or "control server" in tailscale is closed source, so if it wasn't for the headscale project we'd be stuck with tailscale as the single provider and authority over what and who enters the network."
Before I even heard the phrase “it just works”, it’s exactly how I described it to a friend. It really is an elegant solution to a lot of problems. If it isn’t magic, it’s surely sorcery.
So do almost every cloud service... I take a picture on one phone (iPhone), and by the time walk across the house to pick up the other phone, it'll also have that picture.
I’ve replaced all our VPN infrastructure with Tailscale at work. It just works so seamless and the enduser doesn’t have to worry about manually connecting when needing a connection to local infrastructure
We have some Tailscale nodes setup for one of my clients in place of a formal IPSec configuration, we've had ISPs change static IP addresses not configure the Router correctly and in some cases took days or weeks to notice because of how it routes traffic and just kept working. We've also have it running as a backup interface for some of our backup solutions for our clients so we can remotely access them without the need for more hardware. That said it does introduced some latency (only about 15-20ms though) and at least in some of the cases we have it running it will randomly inject its own DNS entries into the Domain Controller and cause other routing issues although that admittedly could just be a misconfiguration on our part. Its a slick piece of software, honestly for home labs it would be without question the best way to access your own personal enviroment.
I use and enjoy Tailscale but I would like to see a bit of discussion of alternatives, Netbird, Nebula, ZeroTier etc. It just kind of bothers me that using Tailscale means either trusting their infrastructure for key exchange, or running Headscale, the latter of which doesn't seem to really be considered stable and has unclear security properties (whereas at least Netbird and Nebula let you host the direct enterprise code to run your own backend rather than a reverse engineered host, even if Headscale is written with Tailscale's blessing it's still reverse engineered)
I tried Netbird first but I couldn't get it to work, switched to tailscale so easy. I'm using it with the unraid plugin. So even if my server reboots for whatever reason, I do not need to hope my docker container starts up correctly.
One of the devs putting in a bunch of work on headscale, is employed by tailscale. They've got a nice article on why it didn't make sense to just release the headend source as-is.
The notion of wireless being faster than wired seems alien to me. Hooking up a 25ft patch cable to an ethernet over power adapter is leagues better than trying to use wifi through three walls.
I think it's a reference to USB and how slowly all phone manufacturers are updating to the latest standards. You can't easily connect a patch cable to a phone..
I don't think it's an accurate statement, given that the technology used to improve wireless transmission speeds can be analogously applied to wired copper connections that have significantly less signal to noise.
Wired technology will ALWAYS be faster than wireless. At any given point in time, any random collection of hardware could have faster and slower bits. eg. my laptop has USB3, 1G ethernet, and 11n wireless. a current generation iPhone has 11ac/ax wifi. That fancy new $$$$ Wifi 6E/7 router/accesspoint has 10G wired ports.
@@lordsamnon a Lightning to Ethernet adapter has been around for years. Got one in my troubleshooting bag. Equivalent USB C to Ethernet adapters are available from Amazon and other places. I think he was making a direct reference to the fact that even with their transition from Lightning to USB C, Apple is still introducing new models that only support USB 2. Only the “Pro” model phones support USB 3.
I use a different mesh network and it’s one of the best, most game changing pieces of tech in my network. It’s almost like having a static ip for all your devices but it ignores things like DHCP and dynamic WAN addresses just by being smarter about how it connects.
Tailscale is extremely friendly towards small businesses. Like they can’t fully replace having static IPv4 addresses but they not only come very close they do so without any of the security issues surrounding static IPv4.
Great idea, nice interview! Path Dependency is an important concept to learn - I first heard of it watching Political Science lectures. One example is the difference between streaming music and video: why can't every video streaming service stream everything like it happens with music? Because of legal decisions and legislation from a long time ago ...
Yes it's called policy. It is also policy which decides that most devices on the Internet cannot connect everywhere. It's for security policy reasons to stop everyone from being hacked all the time.
I'm using Tailscale. I've set up multiple tailnets for other people. I'm also expecting a rug-pull at some point and try not to set up stuff in a way that can't be done without tailscale, even if it requires a bit more elbow grease.
I use Tailscale to access my Home Assistant, Jellyfin and TrueNAS instance from outside my home. Additionally, I can also access other devices via subnet routing. This is useful when I need to access my router configuration or build server.
Been using Tailscale for years now; I have VPN internet gateways in GCP and AWS, and use Tailscale to choose which one I wish to access the internet from on all my devices. An example; I have my web server hosting the Ollama UI in GCP. The computer running the model is in my house. I can run the model using the UI, on my phone. Anywhere in the world. It’s absolutely rad. On top of that any device on the tailnet is served DNS from a pihole I have running in docker
I have a laptop 'server' running a large number of services using proxmox with tailscale for networking. Besides having to have a VPN connection and remembering to shut it down while i'm on the same LAN back home to reduce latency and bottlenecks (which already barely exist) it works as if everything is just a public website instead of * my own jerryrigged laptop masquarading as a server, behind a flimsy 1gbit router *
So, how do the first network negotiation work? Who enables the connection before handing it over? Can I setup my own "handshake server"? or did i miss something. Edit, so Tailscale cooridnation server, can we roll our own?
This sounds good, but then you make yourself dependent on some cloud service for the key exchange part. Which I don't like. If since learned about headscale which enables that part as self-hosted. So that's even nicer.
Ok this all sounds good... BUT... why do I need a google, microsoft or apple account to use tailscale? I thought the purpose was to being able to avoid these companies! I have recently put an effort of de-googleing my digital life and thinking Tailscale would be a nice addition, was I wrong?
How is this not just another VPN? Genuine question. The word "VPN" is not mentioned even once in the interview but their site's title is "Best VPN Service for Secure Networks"
@Level1Techs would it be possible to use IPSec to encrypt connections at the internet level instead of using TLS on the transport level like HTTPS does so that P2P encryption is not reliant on the transfer protocol.
@@Loanshark753thats how IPsec VPN works for 99% conpanies today. Issues not Limited to: needs static IP’s, crypto is expensive after crossing 1Gb speeds, fiddly to configure, requires always open ports on firewalls (means vulnerabilities bound to happen) and does not handle NAT nicely.
For many of us the identity provider is a boon, not a downside. Specifically on the corporate end. So many use Microsoft 365 - just log in and you're done. You might be interested in looking into Headscale, that's an open sourced and only does a single Tailnet - plenty for home users - version of the Tailscale back end.
I think you might have things the wrong way round? The zero trust model assumes that you can't trust any device or any user without some kind of authentication. So the public internet/WAN is (and always has been) a ZeroTrust environment...BUT...the ZeroTrust model is actually trying to tackle the old school idea of zones that are trusted and untrusted, such as a a local LAN behind a firewall/NAT. ZeroTrust says that even a LAN should not be inherently trusted. So if you were thinking that tailscale somehow can move you from a ZeroTrust envrionment to a Trust environment then you're setting yourself up for a wide open attack vector, where one compromised machine on the "Trusted" network can wreak havoc - as it's just blindly trusted and given access to potentially jump across to other machines via file shares or through an unpatched exploit as the computers local firewalls are often disabled due to them being on a 'trusted' network. Long story short, trust no user or device anywhere ever. How practical this is to implement and manage is another story for sure...security and convenience/usability are always a point of tension and a juggling act
Luckily my ISP gives a public IP on my connection so I can just open ports for things when needed. That said my only ISP option here is centurylink and their DSL is quite slow even if we’re talking internet speeds 10 years ago. I could go and get myself Starlink but their monthly pricing is still a tough sell. Still it’s nice to know that if I go Starlink or another new ISP arrives and goes CGNAT I can use this to run NAS and servers.
I hope you will be including private DNS servers with your Tailscale tutorials. I have a public DNS name that resolves to a public IP address when on the Internet and to a non routable IP address when on my home network. I want to use my DNS servers and the non routable IPs when connected to my home network using Tailscale.
So this guy is basically doing a "do not cite the deep magic to me, witch. I was there when it was written" to the big tech companies when it comes to basic networking and FTP.
He might've been there when it was created, but he's certainly painting with a giant FUD brush to justify his narrative. FTP works just as well today as it did decades ago. ('tho you'll have to install client and server software yourself; no OS installs that stuff out-of-the-box anymore, and most browsers no longer support ftp urls.) "File Server" is also just as cumbersome as it has always been. Tailscale is just one more bit of application "Magic" to install, and figure out how to configure.
So if the "firewall" is distributed among the nodes, and nodes can be scattered globally, then wouldn't bandwidth-intensive operations be unnecessarily slowed to a crawl as a simple large file transfer between two geographically close clients would be distributed across (potentially) the whole globe, inducing large amounts of latency in the process?
This seems like an awesome idea, but how do we run it locally? relying on tailscale's admin interface and key exchange is just yet one more cloud provider. is this FOSS? can we spin it up on our own servers?
Airdrop might not work if there are multiple APs or devices connected to different frequencies (2.4, 5, 6Ghz), or if one devices is wireless and the other is wired. Due to TTL=1, if there is no client-to-client multicast forwarding turned on (which is off by default on many devices, including Mikrotik)
Download here! tailscale.com/download
Read our article summary here: forum.level1techs.com/t/tailscale-interviewing-the-ceo-and-co-creator-avery-pennarun/220053
Thanks for watching! ~ Amber
have you heard of nostr
Use Tailscale for my home server, no ports to open, no complex configuration. Just fire it up and log in and it works, for free! Outstanding piece of software
Speaking as a network engineer who’s been in the industry for over a decade the “How NAT traversal works” article is genuinely one of the best pieces of technical writing I have ever read
Great interview, I think I have been using Tailscale about as long as Wendell has and I have referenced that "How NAT traversal works" many times as a great way to better understand the complexity behind making Tailscale seem like "magic"
I recently set up Tailscale for my friend's home network. We installed it, clicked a few buttons on the admin page, and then were confused what to do next. Tried connecting to the network out of curiosity and it just worked. We both stood up in shock literally gasping at the magic.
I am exploring it now too with the few NaS systems I have. I am thoroughly intrigued and a bit perplexed.
"Every time you're going to the cloud, you're paying rent to somebody."
Perfect expression of how I've felt about cloud services for so long.
Or you and your data are the product.
Have been avoiding Tailscale for a while since I thought it sounded too good to be true. I finally caved in early this year and tried it… and yes it just works. Love it.
headscale.
I was avoiding it for a bit as well, since it sounded more complicated than I probably want to manage so I was using zerotier for a while. I have both where I can now, and I'm starting to slowly switch over since I find that tailscale actually functions more predictably for me and the coordination of the configuration works well. Also, Zerotier has been pushing for heavier monetization now... so I'm moving stuff off it to reduce the node count.
@@manitoba-op4jx sure, but you are giving up a lot of what makes tailscale just work tho
@@manitoba-op4jx yep way better, thanks. I'll still gladly avoid tailscale now
I just added a Tailscale exit node to my homelab yesterday, and it has become hands down my most useful tool of all my systems. Great tool, can never go back!
I enabled my Unraid server as an Exit Node yesterday, changed the Tailscale DNS to my Adguard port, and now I have adblocking even when im not at home!
Tailscale + Nextcloud is an actual lifechanging combination. You will feel like a wizard.
there is probably no open source software worse than nextcloud. It is easily one of if not the most janky and worst softwares I've seen in 30 years of open source. I'm glad louis rossmanns new 13 hour video goes over how bad it is and sets up actual good software to replace all of what nextcloud does badly (everything)
Ok, I didn't understand tailscale before this, but now I'm sold.
Same here. I hadn't been able to get my head around Tailscale before but this video made everything click. I'm just a personal user so they won't make much money from me right now, but at least I can be an evangelist now. 😀
but what if the tailscale company decides you are a political enemy or something like that?
@@xxxxxx-wq2rd None of your traffic goes through their servers, they basically just work as a sign-post so your devices know where to find each other. They can block your login but none of your data should be compromised.
@@xxxxxx-wq2rd if you aren’t a political enemy, explain it to them. With luck your problem will be resolved.
If you are a political enemy, you should have been using headscale, the open source version that you can self host.
This is some insane timing, I've been spending all day reading the TailScale documentation! Then I open UA-cam and this is the very first thing I see! I think the universe is telling me something.
Or the algorithm is. 😉
@chaemelion I thought so at first, but I was on a work PC reading the docs completely detached from my phone with UA-cam, from a different IP, location, and account. If it was the algorithm, they're doing some damn clever data association.
@@zeppelins4ever I don't doubt they do exactly that. I've had some very similar experiences. I wouldn't put it past Google to analyze visits to a website associated with an advertisement client of theirs, and bump that content suggestion a few points for related public IPs by common current or historical clients, by location (again, by IP or otherwise), etc..
Yes to pay 10 dollars per month to them.
@@MelroyvandenBerg Or, now hear me out, I use the free version.
Love this! Tailscale is so amazing! It’s made my life so much easier as an amateur homelabber and a person with an interest in networking.
I'm halfway into this video and I've been able to set up Tailscale on my laptop, PC, and UnRAID server. This is frickin' WILD. Enumerating services across my network and make the Tailscale plugin on UnRAID a one-stop-shop from anywhere in the world? Holy crap!
Thank you.
Tailscale has been great for years - set it up on my dad's machine as an exit node and my homelab also as an exit node. If I need to change something on his network (e.g. change his inverter parameters), I just activate his machine as a exit node and do what I need to. Easily run nightly backups of all his most important files e.g. .docx, .pptx, .xlsx, .pdf etc. on his machine to my homelab. I wish the ACLS were more easily editable by non-technical people through the web GUI but maybe one day that'll be added. Think if the video streaming platforms get more aggressive in enforcing family accounts must all live together, tailscale would be my go-to solution for that too.
I literally downloaded and set up tailscale on my Linux and Android device while I was watching this video. Amazing ! will be definitely sharing this video.
I've actually used Tailscale before! Tailscale is awesome if you just want to connect computers.
But it's kind of sad that we need something like Tailscale to replace IPv4 instead of having just IPv6 and E2E encryption by default everywhere.
Even if we had the IPv6/E2EE world, managing those connections would need something simple that would be adequate for most users, because most users don't want to create ACLs for all the devices in their lives and maintain them. Tailscale basically is that solution, but for the world we actually live in.
I love Tailscale! Never having to open ports and expose my home network to the internet is super handy.
Genuinely one of the most game-changing pieces of software I've come across in a long time. I travel a lot and need to access resources that have IP allowlists. Now I can just Tailscale into a connection that's already whitelisted with zero drama. Love it - just set it up to access home assistant away from home too!
Tailscale user here. I love it. Great Work.
Used tailscale for a couple of years and it just works. What a wonderful product!
Avery looks like he's out of central casting for a "computer nerd" right down to the eyeglasses, the bed that is, well, just a bed (who needs sheets, pillows, blankets?), the tee shirt, and the hair that is perfect for the part, EXCEPT he's the real deal. Brilliant, informative, likable, personable, and everything you would want in a technology disrupter.
Thank you, Avery for what you envisioned and created.
Fellow Canadian 👋🏼 🇨🇦 thanks for the great chat and amazing software!
Looking forward to more Tailscale tutorials, thanks for the great work you do!
Been using it for a while and found out my company uses it internally on some teams too. Really nice way of providing a lot of customisability while having the kind of UX where it’s easy to use for personal use.
I've loved using Tailscale for years and am thrilled to have recently started working at a company that uses it for corporate VPN.
I've only been using tailscale for a few months and it's awesome. No matter what I tried, I could never get wireguard to work and it was the only thing that got past the double nat and my ISPs cg-nat. Exit node for me is my pfsense router so I can see my server, cameras - everything on my home network. Yes, it just works and yes, just 5 minutes to set up.
Damn, that intro statement was on point!
Great interview. I installed Tailscale on a Truenas server and on our desktops, laptops and use it everyday including when traveling. We also use the exit node when needed while traveling, makes life easier.
Tailscale is an awesome product that has already revolutionized networking everywhere I know, simply because it's so simple to use.
Awesome, thanks Wendell for sharing I will look into it always wanted to have access to my media library when I'm on the road but I didn't want to open a big hole in my firewall, the fact that I will be able have and give access and or backup files and pictures securely without uploading it to the cloud is a huge plus!
Tailscale is such a fantastic piece of software. I cannot imagine my life without it anymore. Shout out to the Tailscale team!
arguably the best piece of software in my network
Great video! Thank you, Wendell, I had no idea this existed, but it looks really useful!
It's an incredible application, love using it
I use SyncThing for sharing data directly between my phone, laptop, and SO's laptop. It's amazing and I love it, and I feel cheated that so few things can _just work_ like it does. Tailscale promises to make it happen, for everything, and I'm super excited!
Alright, convinced me to setup Tailscale within my network infrastructure. I have been putting it off for so long . I will be installing next week.
Tailscale makes homelabbing simple for the normal person. Thanks Avery.
Wendel, please add a video on using an exit node with Ring cameras! The statement that everyone can see my footage freaked me out more than a little bit!! 😮
De-Ring yourself for ultimate security
@@zaneandre6387In time I will but for now I would love to know what Wendell meant!
I am from a remote area where the ISP uses private address for connectivity and Static IP cost money
In a situation where I can't use DDNS or static IP
Tailscale is a saviour for me
Now I can do literally anything that requires me to be in person or static IP or DDNS
There are no port forwarding no firewall and stuff
Just install it and login in
It takes about 5 mins to set it up
It's really magical
It'd be cool if you could interview the ZeroTier guys, they did most of this stuff before wireguard was a thing. The result is more of an integrated whole rather than a control layer on top of wireguard. Besides that their all-in-one binary hosts all functionality (controller, root servers and end nodes) besides the web portal. The "controller" or "control server" in tailscale is closed source, so if it wasn't for the headscale project we'd be stuck with tailscale as the single provider and authority over what and who enters the network.
👍Emphasizing, "It'd be cool if you could interview the ZeroTier guys, they did most of this stuff before wireguard was a thing. The result is more of an integrated whole rather than a control layer on top of wireguard. Besides that their all-in-one binary hosts all functionality (controller, root servers and end nodes) besides the web portal."
👍Emphasizing, "The "controller" or "control server" in tailscale is closed source, so if it wasn't for the headscale project we'd be stuck with tailscale as the single provider and authority over what and who enters the network."
I love it. Been using it for years. OMG note you are talking about it. So awesome
This sounds absolutely incredible, I hate how most home labers have to rely so heavily on cloud flare. I cant wait to download and play around!
Wow!! That's awesome!!!! I can think of so many ways to use that! I have actually been wanting something just like this!
Before I even heard the phrase “it just works”, it’s exactly how I described it to a friend. It really is an elegant solution to a lot of problems. If it isn’t magic, it’s surely sorcery.
So do almost every cloud service... I take a picture on one phone (iPhone), and by the time walk across the house to pick up the other phone, it'll also have that picture.
Tailscale really is magical stuff. This guy is brilliant for real.
I’ve replaced all our VPN infrastructure with Tailscale at work. It just works so seamless and the enduser doesn’t have to worry about manually connecting when needing a connection to local infrastructure
We have some Tailscale nodes setup for one of my clients in place of a formal IPSec configuration, we've had ISPs change static IP addresses not configure the Router correctly and in some cases took days or weeks to notice because of how it routes traffic and just kept working. We've also have it running as a backup interface for some of our backup solutions for our clients so we can remotely access them without the need for more hardware.
That said it does introduced some latency (only about 15-20ms though) and at least in some of the cases we have it running it will randomly inject its own DNS entries into the Domain Controller and cause other routing issues although that admittedly could just be a misconfiguration on our part.
Its a slick piece of software, honestly for home labs it would be without question the best way to access your own personal enviroment.
Hey Wendell, great guest!
I hope this interview was conducted via p2p connection.
I use and enjoy Tailscale but I would like to see a bit of discussion of alternatives, Netbird, Nebula, ZeroTier etc. It just kind of bothers me that using Tailscale means either trusting their infrastructure for key exchange, or running Headscale, the latter of which doesn't seem to really be considered stable and has unclear security properties (whereas at least Netbird and Nebula let you host the direct enterprise code to run your own backend rather than a reverse engineered host, even if Headscale is written with Tailscale's blessing it's still reverse engineered)
I'm currently exploring Headscale vs Nebula myself. Oh and now Netmaker, that one looks interesting.
I tried Netbird first but I couldn't get it to work, switched to tailscale so easy. I'm using it with the unraid plugin. So even if my server reboots for whatever reason, I do not need to hope my docker container starts up correctly.
One of the devs putting in a bunch of work on headscale, is employed by tailscale.
They've got a nice article on why it didn't make sense to just release the headend source as-is.
Add twingate to the list 😊
@@peegee101 Twingate is closed source and not self-hostable right? Only known because of paid sponsorships to a bunch of UA-camrs.
Great opening!
Great interview! I would be super interested in hearing about the camera setup.
This randomly appeared in my feed and wow it is like magic. Minutes to access my truenas scale server at work from home
Been using tailscale since the early days, its great!
I wanted to setup wireguard btn my home pc n laptop. But port forwarding was an issue. Will try it today💯
The notion of wireless being faster than wired seems alien to me. Hooking up a 25ft patch cable to an ethernet over power adapter is leagues better than trying to use wifi through three walls.
I think it's a reference to USB and how slowly all phone manufacturers are updating to the latest standards.
You can't easily connect a patch cable to a phone..
I don't think it's an accurate statement, given that the technology used to improve wireless transmission speeds can be analogously applied to wired copper connections that have significantly less signal to noise.
Wired technology will ALWAYS be faster than wireless. At any given point in time, any random collection of hardware could have faster and slower bits. eg. my laptop has USB3, 1G ethernet, and 11n wireless. a current generation iPhone has 11ac/ax wifi. That fancy new $$$$ Wifi 6E/7 router/accesspoint has 10G wired ports.
@@lordsamnon a Lightning to Ethernet adapter has been around for years. Got one in my troubleshooting bag. Equivalent USB C to Ethernet adapters are available from Amazon and other places.
I think he was making a direct reference to the fact that even with their transition from Lightning to USB C, Apple is still introducing new models that only support USB 2. Only the “Pro” model phones support USB 3.
You’re all wrong.
thank you for the video! very educational.
Definitely going to have to check this out for my new network overhaul.
This was a very helpful explanation of Tailscale.
Currently using it on my Synology!
I use a different mesh network and it’s one of the best, most game changing pieces of tech in my network. It’s almost like having a static ip for all your devices but it ignores things like DHCP and dynamic WAN addresses just by being smarter about how it connects.
Tailscale is extremely friendly towards small businesses. Like they can’t fully replace having static IPv4 addresses but they not only come very close they do so without any of the security issues surrounding static IPv4.
Great interview
I have not even watched the video yet. I just have to say that I love and use WireGuard, and I LOVE!!! Tailscale.
looking very promising. im in.
I love that WebVM integrated Tailscale to allow an in-browser Linux to be part of your own network as a full host 🤯
Great idea, nice interview! Path Dependency is an important concept to learn - I first heard of it watching Political Science lectures. One example is the difference between streaming music and video: why can't every video streaming service stream everything like it happens with music? Because of legal decisions and legislation from a long time ago ...
Yes it's called policy. It is also policy which decides that most devices on the Internet cannot connect everywhere. It's for security policy reasons to stop everyone from being hacked all the time.
This is like a breath of fresh air, thanks so much for making this and sharing. Kudos o7
Great ad. Just installed on my android. Thanks.
I'm using Tailscale. I've set up multiple tailnets for other people. I'm also expecting a rug-pull at some point and try not to set up stuff in a way that can't be done without tailscale, even if it requires a bit more elbow grease.
YESSSSS I HAVEN'T EVEN LISTENED TO IT YET BUT I LOVE TAILSCALE
I use Tailscale to access my Home Assistant, Jellyfin and TrueNAS instance from outside my home. Additionally, I can also access other devices via subnet routing. This is useful when I need to access my router configuration or build server.
Thank you Tailscale!
I use Tailscale every day - greatest thing ever!
Been using Tailscale for years now; I have VPN internet gateways in GCP and AWS, and use Tailscale to choose which one I wish to access the internet from on all my devices. An example; I have my web server hosting the Ollama UI in GCP. The computer running the model is in my house. I can run the model using the UI, on my phone. Anywhere in the world. It’s absolutely rad. On top of that any device on the tailnet is served DNS from a pihole I have running in docker
I have a laptop 'server' running a large number of services using proxmox with tailscale for networking. Besides having to have a VPN connection and remembering to shut it down while i'm on the same LAN back home to reduce latency and bottlenecks (which already barely exist) it works as if everything is just a public website instead of * my own jerryrigged laptop masquarading as a server, behind a flimsy 1gbit router *
So how does the user count work? What does a user mean in this licensing model? Do you have to log in somewhere for it to work?
Always wanted something like this, will have to give it a go.
Wow, this sounds amazing. Thanks.
brilliant content
So, how do the first network negotiation work? Who enables the connection before handing it over? Can I setup my own "handshake server"? or did i miss something.
Edit, so Tailscale cooridnation server, can we roll our own?
Feels like Distracted Boyfriend meme. Holding Wireguard's hand while looking at Tailscale.
Tailscale uses wireguard internally. Wireguard is the core building block, Tailscale is a full-featured service.
Thank you ALL!!
This sounds good, but then you make yourself dependent on some cloud service for the key exchange part. Which I don't like. If since learned about headscale which enables that part as self-hosted. So that's even nicer.
Ok this all sounds good... BUT... why do I need a google, microsoft or apple account to use tailscale? I thought the purpose was to being able to avoid these companies!
I have recently put an effort of de-googleing my digital life and thinking Tailscale would be a nice addition, was I wrong?
I may be wrong but I think headscale is what you’re after.
yeah i did a U-turn as soon as i saw that lol
just use wireguard frfr
This is amazing technology making our life easy. ❤
Finally someone whos speaking my language!
How is this not just another VPN? Genuine question. The word "VPN" is not mentioned even once in the interview but their site's title is "Best VPN Service for Secure Networks"
full mesh. it's like a VPN but each point tries to talk directly to each other point unlike a VPN where all points connect centrally
@Level1Techs would it be possible to use IPSec to encrypt connections at the internet level instead of using TLS on the transport level like HTTPS does so that P2P encryption is not reliant on the transfer protocol.
@@Loanshark753 it would probably be better to check the official site instead of youtube comments
@Level1Techs sorry but you can also setup a VPN as a full mesh.
@@Loanshark753thats how IPsec VPN works for 99% conpanies today. Issues not Limited to: needs static IP’s, crypto is expensive after crossing 1Gb speeds, fiddly to configure, requires always open ports on firewalls (means vulnerabilities bound to happen) and does not handle NAT nicely.
The fact that I have to use an identity provider or figure out OIDC is a non-starter for me sadly.
For many of us the identity provider is a boon, not a downside. Specifically on the corporate end. So many use Microsoft 365 - just log in and you're done. You might be interested in looking into Headscale, that's an open sourced and only does a single Tailnet - plenty for home users - version of the Tailscale back end.
TailScale can be used on every server and/or VM to create a ZeroTrust environment.
I think you might have things the wrong way round? The zero trust model assumes that you can't trust any device or any user without some kind of authentication. So the public internet/WAN is (and always has been) a ZeroTrust environment...BUT...the ZeroTrust model is actually trying to tackle the old school idea of zones that are trusted and untrusted, such as a a local LAN behind a firewall/NAT. ZeroTrust says that even a LAN should not be inherently trusted. So if you were thinking that tailscale somehow can move you from a ZeroTrust envrionment to a Trust environment then you're setting yourself up for a wide open attack vector, where one compromised machine on the "Trusted" network can wreak havoc - as it's just blindly trusted and given access to potentially jump across to other machines via file shares or through an unpatched exploit as the computers local firewalls are often disabled due to them being on a 'trusted' network. Long story short, trust no user or device anywhere ever. How practical this is to implement and manage is another story for sure...security and convenience/usability are always a point of tension and a juggling act
I just installed it. I need friends now to share stuff with...
i just setup up tailscale on my truenas last month and i wish i would have done it sooner.
The amount of automation i have been able to leverage with Tailscale being the highway is the best. Also SSH keys handling is a breeze
Luckily my ISP gives a public IP on my connection so I can just open ports for things when needed. That said my only ISP option here is centurylink and their DSL is quite slow even if we’re talking internet speeds 10 years ago. I could go and get myself Starlink but their monthly pricing is still a tough sell. Still it’s nice to know that if I go Starlink or another new ISP arrives and goes CGNAT I can use this to run NAS and servers.
I hope you will be including private DNS servers with your Tailscale tutorials. I have a public DNS name that resolves to a public IP address when on the Internet and to a non routable IP address when on my home network. I want to use my DNS servers and the non routable IPs when connected to my home network using Tailscale.
So this guy is basically doing a "do not cite the deep magic to me, witch. I was there when it was written" to the big tech companies when it comes to basic networking and FTP.
Reminds me of Hamachi about 15 years ago
He might've been there when it was created, but he's certainly painting with a giant FUD brush to justify his narrative. FTP works just as well today as it did decades ago. ('tho you'll have to install client and server software yourself; no OS installs that stuff out-of-the-box anymore, and most browsers no longer support ftp urls.) "File Server" is also just as cumbersome as it has always been. Tailscale is just one more bit of application "Magic" to install, and figure out how to configure.
So if the "firewall" is distributed among the nodes, and nodes can be scattered globally, then wouldn't bandwidth-intensive operations be unnecessarily slowed to a crawl as a simple large file transfer between two geographically close clients would be distributed across (potentially) the whole globe, inducing large amounts of latency in the process?
This seems like an awesome idea, but how do we run it locally? relying on tailscale's admin interface and key exchange is just yet one more cloud provider. is this FOSS? can we spin it up on our own servers?
think you can self host it via: headscale
Airdrop might not work if there are multiple APs or devices connected to different frequencies (2.4, 5, 6Ghz), or if one devices is wireless and the other is wired. Due to TTL=1, if there is no client-to-client multicast forwarding turned on (which is off by default on many devices, including Mikrotik)
Great! Now we know some of the reasons it just doesn't work. Helpful. Looks like there might be a solution to this fail with Tailscale.
sounds like consul/envoy/istio wrapped together. love it
😮 just installed this two days ago. This looks like foreshadowing 😆