Tailscale

tl;dr: Tailscale is awesome, give it a try if you use WireGuard® often!

WireGuard® was something that I have been using a lot from the time it was yet to merge in linux kernel, and it was great, had a lot of improvements over my old OpenVPN Setup.

WireGuard® is great and I have never been thrilled with the quick and easy setup with few configurations here and there, but when the number of servers/peers are increasing it is harder to manage.

Enter Tailscale!

I was watching this service for a while and it was a great concept, plus coming from the people I follow, @bradfitz and @davidcrawshaw.

The major takeaway is the automation and simplicity. Before using WireGuard® in production I tried it for a year and when I was confident enough I rolled it out to the users, and I am hoping to do the same with Tailscale once I see if it’s feasible to replace our current VPN workflow.

Advantages

I remember that previously it took me a couple of days to setup an exit-node on WireGuard® work properly and in Tailscale it took me about half-hour.

My bad

Despite of all the advantages I ran into few problems when trying out the tunnels on various devices.

I connected 4 devices, and all of them are running without errors but when I tried to create a configuration for exit nodes and using one of them somewhere else, it created and issue.

Though it was my mistake that I created a Subnet and exit-node on the same device that could have led to that issue.

Works perfectly

I didn’t mention this previously but my laptop already had WireGuard® up and running with three peers across three different data centers, and I was running Tailscale without any problems. I had different routes for both so it worked.

The DNS was something I had to struggle with as I have a custom DNS setup in my local and had to use tailscale up --accept-dns=false to avoid breaking my configuration.