> Your plan is unaffected and you can continue to use the Personal Pro plan as you normally do. However, Tailscale's new Free plan includes nearly everything that Tailscale has to offer for up to 3 users on a custom domain and 100 devices. This plan may be more aligned with how you use Tailscale. Go to the Billing page in the admin console to review your options.
So I’ve been paying them for a while now but now they’re telling me I could just get the same functionality with the free plan. I really like what this company is doing! Thank you Tailscale, I’ll just keep paying to show my appreciation!
I agree, this is a good way to treat customers (even small ones) and seems to be a rare occurrence!
So if you didn't need those, you save money now, but if you do, you have to pay up to get the same features (going from $50/year up to $200+/year if you are just using it alone). So it's not all pure altruism.
But I'm not a Tailscale user, this is just from what I see looking from outside.
> we’ll bill you retrospectively each month for the number of users who actively used Tailscale [...] More importantly, it aligns our incentives. [..] With this change, we don’t get paid for a user in your tailnet until that user is getting value from Tailscale. That means it’s not just our job to sell seats, but to help you succeed.
Trust is one of the most valuable things in a brand seeking long-term relationships. But so many brands optimize for short-term metrics in ways that damage trust. E.g., places that make it much harder to close an account than open one. (NYT, GFY.) One I really dislike is subscription-based businesses that care more about getting signups than delivering value. It has made me deeply suspicious of joining anything with a subscription model. [1]
So I'm very glad to see Tailscale, whose product is great, taking such a thoughtful approach here. I think it's especially important for them, as trust is deeply necessary for them to succeed. I hope some other people learn lessons! E.g., I'd sign up for more streaming subscriptions if I were sure they'd not bill me a month where I didn't watch anything.
[1] And I'm apparently not the only one: https://www.wsj.com/articles/people-are-sick-and-tired-of-al...
Looking at https://tailscale.com/pricing/ one of the other major changes that has been made, is the free plan now provides access to almost every feature. Going up to the $6/mo/use "Starter" plan actually loses you some features. So if you've had a taste of the good life, and want to keep it, but have more than three users… You are going to need to go to the premium or enterprise plans. Probably makes their sales process, super easy, since they don't need to give out trials to companies anymore, "free plan for a few users and try it out".
…and do the marketing for you. (Every other sysadmin is probably a hobbyist.)
The use case I can see is streaming from my personal Plex server from anywhere outside my home, but maybe I'm not thinking big enough.
- Access my services/servers at home from anywhere in the world. Friendly mobile apps as well that allow the same.
- In cloud environments (for work and fun), don't even bother provisioning public IPs and having to deal with those firewall rules, just use Tailscale
- https://tailscale.com/blog/tailscale-auth-nginx/ describes how you can integrate nginx proxying with Tailscale auth to both leverage SSO and the authenticated endpoint
- I have a bootmod3 WiFi adapter plugged into my street/track car with a combo 5G/Linux unit in the car connected to my Tailscale that streams continuous telemetry about the car whenever its turned on. I could in theory re-flash the ECU via this.
- Using https://tailscale.com/kb/ondemand-access/ alongside node/subnet grouping to create a very neat first step towards auditing access to sensitive production services/environments.
- I use server-based dev environments to keep my portable laptop as clean as possible with no source code on it. VS Code remote + Coder server are fantastic over Tailscale.
+ others. Tailscale I think solves the problem of node-to-node-to-subnet connectivity at a convenient and flexible layer.
Do you have a writeup or more details you can share around this? This sounds interesting.
Can you elaborate? What do your parents need tailscale for? I mean my parents have internet purely by the telco dropping a router at their place and it just works, what is my family missing?
I also run some internal services over Tailscale, a lot of my personal projects have tsnet embedded into them so that my Prometheus machine can scrape and monitor them. My husband also uses one of those services daily to monitor some information that I publish there.
I also run the development instance of my blog over Tailscale and use Funnel to share it with people to review my writing before it goes live.
At work we use it a lot to let people poke around with changes to development instances of websites (like https://tailscale.dev) without having to push them to the cloud and wait for preview deploys. It is _stupidly convenient_.
Turns out you can do a lot of things with networks when you don't have firewalls making everything complicated.
My hypervisors are also subnet routers so my VMs can connect to eachother like they're on the same network. All the fun of static routing without any of the "fun" of static routing!
There is so much more you can use it for though: - https://tailscale.dev/blog/funnel-101 - https://tailscale.com/blog/tsnet-virtual-private-services/ - https://tailscale.com/kb/1137/minecraft/
The cloud's the limit!
1) When traveling, you can use one of your home computers as an "exit node" so you can watch Netflix, etc. abroad very easily. Much more reliable than using VPNs which can be blocked.
2) Accessing your internal network from wherever you are for Plex, Homebridge, IP cameras, or whatever.
Personally: - I have a few raspberry Pis and PCs around the house. This lets me SSH into them for maintenance/etc. It’s also good for projects and stuff to use their DNS. Eg I can use “http://nas/photos” to get to my photo library instead of an IP address. No TLD is kinda cool (it’s just a net search group afaik so reproducible without them) but very memorable for the family. I’ve also gone as far as to embed their library in a go project I made - it means the same IP address and host name regardless of where the binary is running which is cool. This also means the binary knows who is who when accessing the website it hosts. The ease of doing this makes me feel like projects like OpenZiti bay be the future of zero trust and networking - embed the security into the code via a library and get all the global routing you need for free.
Work: I work at a tiny company (5 of us). We do IOT stuff, and we have a lab with a bunch of equipment, mostly controlled by Raspberry Pis or similar. We’re small so we work in a private room in a coworking space. We use tailscale to manage the RPIs and keep consistent IP addresses when we don’t have control over the overall network. We also run some internal stuff in AWS over tailscale (eg our staging servers etc). It’s hands down the easiest option to onboard people too. It lets us access equipment from home if needed, and it’s super lightweight compared to other VPNs I’ve used.
I have my first year Pi running Diet Pi with Adguard Home and was just happy that I found a use for such an old machine that I was considering throwing.
The speed test in Diet Pi said that the latest Pis can complete them in a few seconds versus the minutes it took mine to setup, so figured it would be useless but had been working flawlessly as a dns at home and blocking all ads on all devices.
Adding Tailscale took it to the next level and now all my devices have ad blocking on LTE, public wifi, friends houses, everywhere.
When travelling internationally, I use the exit node functionality to optionally switch on and off sending all my traffic back home to either work around geo-blocks for my home streaming services or as a pseudo-vpn replacement for particularly dodgy networks.
After I install the tailscale client on the server and do some very simple configuration on the tailscale web app to identify the new node I know I'll be able to access it no matter of any firewalls the node may be behind!
The most specific use aside from "it's my network, wherever" I've got is setting it up with NextDNS for adblocking no matter where I am in the world and regardless of what network I'm on https://tailscale.com/kb/1218/nextdns/
It took minutes to set up - dead easy.
And I use it for screen sharing my mac computers over the internet while traveling.
We use Tailscale at $dayjob and the fact that we can ensure that marketing machines can’t access any engineering resources is the big win. And it “just works” through NAT.
Alternatively we'd pay $36 for (3 free, 2 * $18) for Premium, which doesn't sound too bad. But the cost for each new user would be three times higher than it currently is (and Tailscale our most expensive SAAS product per person).
Or we stick to legacy pricing for now, and live with things like the Subnet Router limit which makes e.g. connecting home VoIP phones to the Tailnet price prohibitive.
Previously almost all features were available [0] on all plans, though with certain restrictions that made sense (and some that didn't). I was hitting those limits and wanted to get approval for us to purchase the Team plan.
But now I see that features have been stripped out of the "new" Team plan — and was also frustrated that I couldn't find any information on this. I guess overall the pricing structure makes sense for them, but it's frustrating to not have this clearer in their article.
I suppose I can live without things like Funnel and SSH, and don't need Okta etc., but paying the new ACL tax for Starter to Premium (a $12 jump per user) is more painful.
Overall a positive, but with rough edges which unfortunately hurt me. But perhaps there'll be some tweaks in future, and perhaps again the opportunity to pay for individual feature upgrades.
[0]: https://web.archive.org/web/20230417141600/https://tailscale...
It feels a little odd that the Free tier lets you use Premium features indefinitely, but as soon as you get more colleagues onboard, you lose those features.
Unless you're looking carefully at the pricing page, you'd miss that Starter has many fewer features compared to Free.
I can understand that things like SSH and Funnel cost more, since they actually interact with their server infrastructure… but the removal of features and ACLs from Starter wasn't well communicated.
It doesn't even make any sense, if it is available on the Free plan, why not give it to the Starter plan too?
Also, I may be misunderstanding the billing page, but it looks like Tailscale removed soft limits? On my billing page, it shows "Your tailnet has 3 more users than you are paying for. That’s fine, we have soft limits. Play around and upgrade your plan before April 30th 2024."
If anyone from Tailscale is around, would you consider a family or advanced personal tier for primarily non-commercial use, perhaps a moderate user limit, but more advanced features and lower pricing than Starter?
For example, Twingate allows 5 free users and supports more complex use case without requiring a subnet router. They generally have stronger enterprise features as well.
1. docker run tailscale/tailscale 2. Use the link provided to login and link my server 3. Download the Tailscale app 4. Login
And if you're using a server OS like Unraid, you don't even need to do the first step; just install it through the GUI. It's widely available and accessible.
Most organisations though are looking at the NetSkope/ZScaler/Perimeter81s of the world and that's where Twingate seems to be picking up the business. It goes beyond the connectivity and has things like non-intrusive device controls which are essential for a lot of places that are in fin tech or have to do SOC2, etc.
Darn. Looks like I may have to create another tailscale account!
I do wonder whether this restriction will severely limit the number of 3-person free accounts that are created though - I have my own domain, but that probably puts me in a small minority of people, even the kind of nerds who are willing to try out tailscale in their own time? Which in turn might put something of a crimp on the hoped for flow of viral “my friend put me on their tailnet & I discovered how easy it was” signups.
I have been recommending tailscale to absolutely everyone though, so I guess free services work as a marketing tool!?
- Free plan (previously called personal) now let’s you have up to 3 team members
- 100 devices
- Monthly paid plan also now includes 3 free users
- Additional users are PAYG
Very refreshing to see a company give more free stuff after adjusting their plans. Usually you see the opposite.
It’s a pretty common play for a smaller startup. They just broke the 1B valuation last year. Could be the board pushing the executive team to grow the number of users because happy free tier customers tend to convert to paygo at some non 0% just as paygo customers convert to ENT contracts at some non 0% as personal projects grow into businesses and smaller businesses grow into large ones.
- Always lock your node list, whether you use Tailscale or Headscale.
- If you use Headscale, run the coordination server entirely separately from your Tailnet.
?
[0]: https://forum.tailscale.com/t/tailscale-security-what-if-the... )
You love Headscale for personal use? What would you say to someone looking at Headscale for their business over Tailscale?
They were in fact doing the opposite.
Everyone will end up using it personally and it’ll be natural to deploy it for business as well.
However, if you did have 3 Gmail users, it’s possible to share Tailscale access across multiple accounts. So in a small setup you could create an account for each user and then effectively connect their Tailscale networks together (I’m not sure if you can route between Tailscale accounts directly but you can at least share hosts on your account with users on another account, which is how I do it).
I do this with a personal and work account to share some limited access between them.
1. It doesn't have accounts so you have to use gmail or Microsoft sso and risk being fucked that way.
The list of identity providers is just ginormous companies that are likely to automatically ban accounts.
