tl;dr: Tailscale is awesome, give it a try if you use WireGuard® often!
WireGuard® was something that I have been using a lot from the time it was yet to merge in linux kernel, and it was great, had a lot of improvements over my old OpenVPN Setup.
WireGuard® is great and I have never been thrilled with the quick and easy setup with few configurations here and there, but when the number of servers/peers are increasing it is harder to manage.
I was watching this service for a while and it was a great concept, plus coming from the people I follow, @bradfitz and @davidcrawshaw.
The major takeaway is the automation and simplicity. Before using WireGuard® in production I tried it for a year and when I was confident enough I rolled it out to the users, and I am hoping to do the same with Tailscale once I see if it’s feasible to replace our current VPN workflow.
- Quick sign-up and getting started doc
- Easy to use command-line utility
- Packages are available for most of the distributions and platforms
- Raspberry Pi plus Arch Linux.
- Feature Rich (and they are configurable!)
- ACL (not tried though…)
- VPN (ofcourse…)
- and so on…
- Nice Explanation.
I remember that previously it took me a couple of days to setup an exit-node on WireGuard® work properly and in Tailscale it took me about half-hour.
Despite of all the advantages I ran into few problems when trying out the tunnels on various devices.
I connected 4 devices, and all of them are running without errors but when I tried to create a configuration for exit nodes and using one of them somewhere else, it created and issue.
Though it was my mistake that I created a Subnet and exit-node on the same device that could have led to that issue.
I didn’t mention this previously but my laptop already had WireGuard® up and running with three peers across three different data centers, and I was running Tailscale without any problems. I had different routes for both so it worked.
The DNS was something I had to struggle with as I have a custom DNS setup in my local and had to use
tailscale up --accept-dns=false to avoid breaking my configuration.
- WireGuard is a registered trademark of Jason A. Donenfeld.
- More about Tailscale at https://tailscale.com