undefined | Better HN

0 pointsCyph0n1y ago0 comments

A VPS that proxies traffic over Tailscale is another neat option. I use this approach to serve self-hosted services that I want to be accessible over the internet.

0 comments

bauruine1y ago

Why use Tailscale if you can just setup a WireGuard tunnel?

freedomben1y ago

Tailscale is far, far less work to set up and maintain. Not to use a cliche, but it reminds me of Dropbox vs. rsync.

If you know Wireguard well enough to set up your own and you're willing, you'll have a lot more control and less dependency, which is a win IMHO. But if you are limited by time and/or knowledge, Tailscale is great

darkwater1y ago

Aren't we talking about self-hosting, tinkering with your software for fun and hobby instead of going the SaaS way? Arguing about WG instead of TS in this context is perfectly fine

3 more replies

pxc1y ago

Wireguard is very easy to set up imo.

Tailscale adds a lot of conveniences on top of Wireguard, though. I don't think most of their value comes from just eliminating the key management stuff from Wireguard setup.

homebrewer1y ago

Because they have good PR. Mesh networks are a dime a dozen, some of them have existed for decades and do not even rely on a central server (see tinc for an example).

There are more lightweight projects that rely on native kernel mode wireguard (thus giving fantastic performance) and only simplify key setup, without the need for persistent daemons that have had their own high severity CVEs. If you're asking this question, you might be better served by something like innernet (again, there are tons of alternatives).

There are more alternatives that are fully open and self hostable (including all server components), have support for the native kernel module, while having the same feature set as Tailscale (like netbird, but it's not the only one).

But TS is an HN darling because their devs have a presence here, some of them very well known and highly visible, and the company places lost of advertisements in podcasts and such.

BrandoElFollito1y ago

I work in IT for 30 years, wrote a tiny bit of the Linux kernel, self host plenty of things yada yada yada.

When I discovered tailscale it was a godsend - all the annoying, boring, moving parts are gone. Thus is a fantastic product that just works.

I have a backup WG link to my main servers just in case but this is that: a backup.

Saris1y ago

Just ease of use mostly, Tailscale works even behind CGNAT and automatically manages things for you.

apitman1y ago

I think you're unlikely to have a very good experience with Tailscale behind CGNAT if you're doing anything high bandwidth like video streaming from a Plex/Jellyfin server.

AFAIK Tailscale only supports 2 modes of connection: direct connect or relayed over WebSockets with their DERP protocol. CGNAT is going to limit you to DERP, which is not designed for transmitting a lot of data. For one thing, that could get rather expensive for Tailscale.

1 more reply

icedchai1y ago

I have a VPS configured for BGP peering, using my own ASN, tunneling an IPv4 block and a couple of IPv6 blocks back to my home network over a wireguard tunnel. These wind up on their own VLANs, exposing a few VMs directly to the Internet.

It took a bit of time to set this up (and I fortunately had the V4 block already registered from back in the 90's.) I also had experience with BGP from previous jobs at early ISPs, which helped. Proxying is easier.

ang_cire1y ago

In my case I am just interested in the software I'm running behind the proxy. I use CF tunnels to expose my internal services, and spend my tinkering time on the actual services, rather than (to me) wasting the time to bother with worrying about updating IPs or setting up custom auth schemes (I keep a lot of my services locked down entirely behind github SSO, so you can't even reach my e.g. Jellyfin login page without first being auth'd to github as me, which basically prevents all brute-force attempts on my services).

j / k navigate · click thread line to collapse