First Impressions of Tailscale
Author | Max Niederman |
---|---|
Published | 2022-12-29 |
Tags | |
Description |
My first impressions using Tailscale for my self-hosted services. |
Until recently, I’ve used ZeroTier to remotely access the services I selfhost on my private home network without any port-forwarding. This is convenient and more secure than exposing services to the Internet, since I don’t need to worry about application-level authentication for anything.
ZeroTier is a pretty simple service; you run a daemon on every node you want to connect to the VPN, and each one gets a network interface with an IP address to communicate with other nodes. Although, one interesting thing that sets it apart from more typical VPN software like Wireguard is that it provides a virtual Ethernet network rather than a virtual IP network.
ZeroTier worked pretty well for me, but there were some features it misses:
- Every node has to be manually set up with the random network ID and then authorized in the admin panel.
- I wasn’t able to get my custom DNS server working, although I think it should be possible.
- There is support for tunneling all Internet traffic through a ZeroTier network, but it’s difficult to set up.
Thankfully, I’d heard about Tailscale, a WireGuard-based solution which appeared to solve all of those problems. I also saw it had SSH support which would eliminate the need for me to ever manually copy a key pair again.
Setting Tailscale up was pretty easy, even with my somewhat unusual homelab. Tailscale already had a guide for NixOS, so I was able to copy and paste some configuration and got it running in no time. Installing on my personal computers was similarly easy.
I installed Tailscale on my Pi-Hole DNS server, which was as simple as running a bash one-liner from their documentation. Then, in the dashboard’s “DNS” tab, I added its VPN address as a nameserver with “Override local DNS” enabled. That was enough to get custom DNS working, and with MagicDNS, I also have hostname resolution.
ZeroTier’s Android app wasn’t very good and I had some issues with some of its features, so Tailscale’s Android app was also a pleasant surprise. It has all of the features I care about and was super easy to set up.
“Exit nodes,” which tunnel all Internet traffic over the VPN were also fairly easy to set up. I just had to add some flags to the tailscale
invocation. I haven’t tested it thoroughly yet, but it seems to be working.
My one gripe is that the free tier only allows one user per year, and I can’t really afford to pay for the team plan just to share my Jellyfin instance with my friends. Unfortunately, that’s pretty important to me so I might have to use something else.
I highly recommend giving Tailscale a try if you need a simple way to securely connect devices across the Internet, but keep the vendor lock-in in mind.