fsebugoutzone.org:9999

       Post ATHVSyZef5KFrcjy40 by crawshaw@inuh.net
 (DIR) More posts by crawshaw@inuh.net
 (DIR) Post #ATHVSuVxkrznH0yxkm by milan@social.tchncs.de
       2023-03-03T22:33:54Z
       
       0 likes, 0 repeats
       
       hmm if tailscale would work better on the iphone, i could use the odroid for something like pihole ... that could be fancy... literaly
       
 (DIR) Post #ATHVSuvqCehCZH5d5c by greg@clar.ke
       2023-03-03T22:37:08Z
       
       0 likes, 0 repeats
       
       @milan I wish I could connect to Tailscale with a stock Wireguard client. Obviously it&#39;d lose the fancy routing features but it would work on many more platforms.
       
 (DIR) Post #ATHVSvbfh89kf0f2I4 by cardes@social.pi.vaduzz.de
       2023-03-04T12:48:06Z
       
       0 likes, 0 repeats
       
       @greg @milan Would you mind sharing your decisionmaking for using tailscale over wireguard? I‘m a bit puzzled what the real benefit is. I‘m using the wireguard app on ios and besides beeing a real battery drainer its working perfectly fine.
       
 (DIR) Post #ATHVSwDxOmmUZkZbxw by greg@clar.ke
       2023-03-04T14:44:25Z
       
       0 likes, 0 repeats
       
       @cardes @milan apart from not needing to host a VPN server, Tailscale also has fancy routing. If two VPN clients are unable to connect to eachother directly, because of firewalls or port blocking, Tailscale will route the traffic through their servers. Useful for public wifi, corporate networks, complex cloud networks, etc. It&#39;s Wireguard so it&#39;s still E2E encrypted. My Cloud VMs, home servers, travel router, laptops, cell phone, all just connect no matter where I am.
       
 (DIR) Post #ATHVSwvCnzNMjso9NQ by cardes@social.pi.vaduzz.de
       2023-03-04T18:05:35Z
       
       0 likes, 0 repeats
       
       @greg Thanks a lot for your reply, so its basically a huge help if you have no public endpoint with enough bandwith. I&#39;ll have to look into it how they do it to understand the security implications. If I&#39;m not wrong this looks like a man in the middle knowing all your traffic because the endpoints are managed by tailscale, so they know your keys, right?
       
 (DIR) Post #ATHVSxMVAVD66XZwvI by greg@clar.ke
       2023-03-04T18:57:44Z
       
       0 likes, 0 repeats
       
       @cardes I&#39;m not a security expert but as far as I&#39;m aware all connections are end to end encrypted even if the network packets are routed through Tailscale infrastructure. @tailscale, can you confirm?
       
 (DIR) Post #ATHVSy1chc6UA4on1E by cardes@social.pi.vaduzz.de
       2023-03-04T19:10:24Z
       
       0 likes, 0 repeats
       
       @greg @tailscale The end-to-end encryption is only helpfull if there is no way for the private keys to leave your devices. If those keys are managed by tailscale / on tailscale infrastructure you have to trust them on that end, basically its a shared key then, not a private key.
       
 (DIR) Post #ATHVSyZef5KFrcjy40 by crawshaw@inuh.net
       2023-03-04T19:15:54Z
       
       0 likes, 0 repeats
       
       @cardes @greg @tailscale to check that our client software does not transmit private keys, the code is open source. To avoid placing any trust in our infrastructure, we are building Tailnet Lock: https://tailscale.com/blog/tailnet-lock/
       
 (DIR) Post #ATHVudOH10FEGxbavQ by cardes@social.pi.vaduzz.de
       2023-03-04T19:21:06Z
       
       0 likes, 0 repeats
       
       @crawshaw @greg @tailscale Thanks a lot for pointing me in the right direction for more information on your setup!