Tailscale (and similar services) is an abstraction on top of Wireguard. This gives you a few benefits:
1. You get a mesh network out of the box without having to keep track of Wireguard peers. It saves a bunch of work once you’re beyond the ~5 node range.
2. You can quickly share access to your network with others - think family & friends.
3. You have the ability to easily define fine grained connectivity policies. For example, machines in the “untrusted” group cannot reach machines in the “trusted” group.
4. It “just works”. No need to worry about NAT or port forwarding, especially when dealing with devices in your home network.
Also it has a very rich ACL system. The Immich node can be locked out from accessing any other node in the network, but other nodes can be allowed to access it.
Tailscale uses wireguard, which is better in a lot of ways compared to OpenVPN. It's far more flexible, secure, configurable and efficient. That said, you probably won't notice a significant difference
OpenVPN is far from "no fuss", especially when compared to Tailscale.
I like to self host things so I also self host Headscale (private tailnet) and private derp proxy nodes (it is like TURN). Since derp uses https and can run on 443 using SNI I get access to my network also at hotels and other shady places where most of the UDP and TCP traffic is blocked.
Tailscale ACL is also great and requires more work to achieve the same result using OpenVPN.
And Tailscale creates a wireguard mesh which is great since not everything goes through the central server.
Wireguard is great, I have personally donated to it and have used Wireguard for years before it became stable. And I still use it on devices (routers) where Tailscale is not supported. But as Jason stated - it is quite basic and is supposed to be used in other tools and this is what we are seeing with solutions like Tailscale.
Tailscale makes it simple for the user - no need to set up and maintain complex configurations, just install it, sign in with your SSO and it does everything for you. Amazing!
That's pretty cool, thanks for the info! I've been looking into Tailscale the past few days since it actually seems pretty convenient.
I've seen they offer to use Mullvad as an exit node for devices which is very cool. Sadly it seems like for this to work, you have to have them manage your Mullvad keys, which to me kind of defeats the purpose of Mullvad in some ways. But I can see how it makes sense to them from a business-perspective.
So, I wanted to use tailscale for a few local services in my home, but I run a few of them on the same device, and have a simple reverse proxy that switches based on hostname.
Afaict I can't use a tailnet address to talk to that (or is it magic dns I'm thinking about? it was a while since I dug in). I suppose I could have a different device be an exit node on my internal network, but at that point I figure I may as well just keep using my wireguard vpn into my home network. I'm not sure if tailscale wins me anything.
Do other people have a solution for this? (I definitely don't want to use tailscale funnel or anything. I still want all this traffic to be restricted like a vpn.)
Not GP. My guess is that they’re self hosting this at home (not on a server that’s on the internet), and Tailscale easily and securely allows them to access this when they’re elsewhere.
Even if you are self hosting in the cloud or on a rented box, Tailscale is still really nice from a security perspective. No need to expose anything to the internet, and you can easily mix and match remotely hosted and home servers since they all are on the same Tailnet.
I host at home and can access the things at home just fine by having the server as DMZ in the router, or whatever it is called these days. This doesn't really answer what Tailscale does more than port forwarding. If it punches NAT, that sounds like it actually makes you rely on a third party to host your STUN, i.e. you're not self hosting the Tailscale server?
Yes, it does NAT traversal. If you don’t trust Tailscale servers, you can host the open source equivalent, Headscale (headscale.net) and use the open source Tailscale clients.
In my words, I use Tailscale at home but not for this (yet). Tailscale is a simple mesh network that joins my home computers and phones while on separate networks. Like a VPN, but only the phone to PC traffic flows on that virtual private network.
Tailscale routes my mobile device dns through my pile back at the home. I have nginx setup with easy to remember domains (photos.my domain.com) that work when i’m away as well without exposing anything to the open internet.
Why not call it VPN if that's what it is? In your case, it sounds like configuring your "pile" (is that a DNS server, short for pihole maybe?) on your phone would do the same thing, but if the goal is to not expose anything to the open internet, a VPN would be the thing that does that
Tailscale gives me access to my home network when I'm not at home. I can be on a train, in another country even, and watch shows streamed off the Raspberry Pi in my home office.
Tailscale is a bit more than a VPN. It operates in a mesh configuration rather than a traditional VPN concentrator setup. Tailscale's control plane orchestrates NAT traversal for devices on the Tailnet (through techniques like UDP hole punching) and allows them to establish direct Wireguard tunnels between them. That way, there's no VPN concentrator bottleneck because there's no concentrator at all, every device establishes tunnels to every other device.
> How do we break the deadlock? That’s where STUN comes in. [...] In Tailscale, our coordination server and fleet of DERP (Detour Encrypted Routing Protocol) servers act as our side channel
Yes, NAT traversal is used widely. It is only needed at the start of the connection to get both firewalls to open ports. The encrypted wireguard tunnel is point to point
That sounds like a good thing, no? People able to hold jobs at their full potential is good for them, good for their families and good for people who would had to be their helpers/caregivers otherwise.
It is! It's why we advocate for a broader umbrella of dx for ASD.
There are kids who are are independant and almost functionally neurotypical, they probably don't even need "helpers", but still need assistance that they wouldn't get if they didn't get a dx under the "old" definitions
It's now ASD or "Autism Spectrum Disorder" and it much better describes the broad range of impacts the disability can have because it really is a spectrum; all the way from non-verbal to the mild, but real impact it has on social development, communication and interactions and putting a label on it means access to help
My guess? implicit behaviours are always more valuable than explicit behaviours, so when implicit engagement became the metric and measurable, Facebook didn't need people to deliberately engage with content to determine its value
Also..
* In that time we moved from desktop to mobile; clicking that tiny button was difficult on mobile and they couldn't replace it with a comparable mechanic
* Changes to third-party cookie and XHR rules in browsers made the data less reliable
Same, I spend an inordinate amount of time in mermaid, and I just can't see a reason for D2 over Mermaid especially when you can write a single Markdown doc and jump in between code, prose and diagrams as simply as
It's neither Turkish nor Thai for obvious reasons:
- Thailand is in south-east Asia
- Turks weren't around that area, not even close, until ~700 years
Considering that the majority of asia minor was Greek for millenias before, calling this site "clearly Turkish" is like calling Machu Picchu "clearly Spanish"
It is not Greek either, The area had been under control of tens of different civilizations in the last 10.000 years. Calling it Greek would be equally ridiculous.
I interpreted the comment thread as talking about the website being clearly Turkish, because that was what my first thought when I saw the Turkish text. It didn't even occur to me they could be talking about the archeological site, as you clearly interpreted it. Kind of interesting how the same sentence can mean multiple things, one being wrong and one being right.
Also kind of interesting to consider the relation between both meanings of site. It makes perfect sense, but I stopped considering that because website took on such a much larger meaning in my life than physical site.
