[HN Gopher] Tailscale vs. Narrowlink
___________________________________________________________________
Tailscale vs. Narrowlink
Author : thunderbong
Score : 269 points
Date : 2023-08-11 15:24 UTC (7 hours ago)
(HTM) web link (narrowlink.com)
(TXT) w3m dump (narrowlink.com)
| gerdusvz wrote:
| Target market seems to be more VPN alternative in environments
| where VPN usage is prohibited/banned/tracked.
| lazzlazzlazz wrote:
| I think Defined Networking[1] is also in this category, but I
| haven't seen too many comparisons. I have heard very good things.
|
| [1]: https://www.defined.net/
| gabeio wrote:
| Interesting. I thought recognized the logo, apparently seems to
| be a commercial support offering of
| https://github.com/slackhq/nebula and they support the "nebula"
| iOS app. I had been using for nebula/defined in the past.
| FloatArtifact wrote:
| Sounds like in Narrowlink as a proxy passes through all traffic
| as it's not peer-to-peer? As a home lab with it deployed on a VPS
| the bandwidth rates/caps could be significant. Granted
| residential lSP can run into caps as well.
| vocatan wrote:
| I started reading through the Narrowlink URL, but the frequency
| of typos was frustrating enough the I came right back to
| HackerNews to read the comments and synopsis of what the
| kerfuffle is about.
|
| Thanks for the pointer to headscale - will take a look ;)
| fragmede wrote:
| The typos are there so you know it wasn't generated with
| ChatGPT.
| topaz0 wrote:
| Next generation SEO technique: introduce minor typos to LLM-
| generated text to make the search engine think it wasn't LLM-
| generated.
| Sugimot0 wrote:
| Here's a list of alternatives and related projects:
| https://github.com/anderspitman/awesome-tunneling
| lwhsiao wrote:
| Innernet is also in this space. Also rust, but using wiregaurd.
|
| https://github.com/tonarino/innernet
| c7DJTLrn wrote:
| Definitely interested in this, however:
|
| >Narrowlink uses a centralized gateway that clients and agents
| connect to over HTTP/S protocols
|
| Tunneling TCP over TCP will undoubtedly result in poor network
| performance. This is why WireGuard is UDP-only.
| SajjadPourali wrote:
| Hey, I am the creator of Narrowlink. I certainly find your
| comment valid, and using WireGuard over HTTPS most of the time
| provides better network performance. However, in very specific
| cases, Narrowlink demonstrates superior performance.
|
| 1- When your devices' routes are not optimal, and utilizing a
| CDN can enhance the connection due to smart routing. For
| instance, I have a server in Poland (while I live in Canada)
| where the direct connection is slower than connecting via
| Narrowlink behind the CDN (The gateway behind the CDN).
|
| 2- And in rare cases, Tailscale cannot establish a peer-to-peer
| connection, opting to use DERP servers and their own servers
| (no longer strictly P2P as seen here:
| https://tailscale.com/kb/1232/derp-servers/). In such cases,
| Narrowlink may provide faster connectivity.
|
| 3- When you start your Tailscale client, it needs to perform
| NAT discovery. If a symmetric NAT exists, it takes time to
| connect due to network flooding for UDP hole punching, while
| Narrowlink can respond on demand (see the section "The benefits
| of birthdays" on https://tailscale.com/blog/how-nat-traversal-
| works/).
|
| It's also important to note, alongside the protocol, the
| software implementation is crucial. Narrowlink is written
| purely in Rust, while Tailscale has been created by
| orchestrating existing tools and uses the Go and C++
| programming languages. I suggest you try Narrowlink and
| experience its computational performance.
|
| I believe Tailscale is an amazing VPN solution, but its
| protocol, infrastructure, and complexities might not be the
| best fit for self-hosted platforms. In contrast, Narrowlink is
| a Proxy solution (currently not a VPN) that is very simple to
| set up.
|
| Please note that narrowlink only encapsulate the TCP payload's
| not its headers.
|
| I recently released Narrowlink (just two days ago), and it is
| in the early stages of its journey. I have various plans for
| this project, including a web interface, integration of the
| QUIC protocol, and more. I just need the support of the
| community and more time to enhance it.
| pcthrowaway wrote:
| Isn't SOCKS typically tunneling TCP over TCP? SOCKS has been
| rock solid for me
|
| And on the other hand, HTTP/S is often using UDP for the
| transport now
| wmf wrote:
| No, because SOCKS terminates the "inner" TCP connection at
| the proxy.
| brutal_boi wrote:
| Tailsacle also has a series of performance optimization and
| wireguard testing blog posts; considering some of their late
| offload additions, and even though they use userspace wg, I
| find it hard to believe they are nowhere in the same perf
| ballpark, but I could be entirely wrong here...
| benjaminl wrote:
| They should move to using QUIC which is the protocol backing
| HTTP/3. QUIC incorporates TLS1.3 and has an extension for UDP
| style unreliable datagrams
| (https://datatracker.ietf.org/doc/rfc9221/). It would be the
| perfect way to bring SSL/TSL/HTTPS VPNs onto a modern
| performant protocol while keeping the simplicity in of the
| https based VPN. It would still have the advantage of looking
| like https traffic, while have the performance characteristics
| of UDP based VPN protocol.
| predictabl3 wrote:
| Uhh, this is really not compelling to me, at all. It's hard to
| understand if these differences are just differences or touted as
| supposed features.
|
| Especially since you can self-host headscale...
| Nezteb wrote:
| I've tried Tailscale, Headscale, Nebula, Netmaker, OpenZiti, wg-
| easy, and a few other niche overlay network and VPN tools. Each
| time I still end up using Firezone [1] when I need a simple
| wrapper over Wireguard.
|
| [1] https://www.firezone.dev/
| jgavinray wrote:
| "Narrowlink and Tailscale are two open-source solutions with
| different architectures that enable secure remote access and
| connectivity across networks."
|
| The opening statement of this document is misleading and
| indicative that the author isn't really aware of what is open
| source and what isn't. A more appropriate comparison should be
| between headscale and narrowlink.
| makkesk8 wrote:
| Netmaker[1] is another player in the space
|
| [1] https://www.netmaker.io
| predictabl3 wrote:
| Wow, every time I check in on it it feels like its 10x the
| product it was the 4-6 months prior. Impressive!
| SOLAR_FIELDS wrote:
| The downside of that is its instability. I enjoy it as a
| product - I was using it almost two years ago and it was good
| enough to set up a small scale mesh network at that point -
| but they basically were issuing breaking releases every month
| or two. Maybe now that they have a cloud offering it has
| stabilized.
| brunoqc wrote:
| Another alternative could be https://webmeshproj.github.io/ .
| It's not 100% done yet, but it already looks nice.
|
| No central point of failure, I think.
| brobinson wrote:
| What this tells me is that I really want something like Tailscale
| but written in Rust and not requiring a third-party, closed
| source server for authentication. (yes I know about headscale)
| zhaoweny wrote:
| Seems Narrowlink is tunneling at socket level; while Tailscale is
| tunneling at network / IP level.
|
| I think they are comparing apple to orange here.
| notatoad wrote:
| comparing apples to oranges is legitimately a good analogy
| here, just not in the idiomatic way people usually mean it.
|
| apples and oranges are pretty comprable. they are different
| things, but serve the same purpose and are often used
| interchangeably. it's perfectly reasonable to compare those two
| things.
| Joker_vD wrote:
| Yeah, the usual way this analogy is meant to be understood
| always pissed me off. _Of course_ you can compare them:
| apples are better for making an apple pie than oranges;
| apples are cheaper and less squishy during transportation;
| oranges have more vitamin C; apples have more bio-available
| iron; oranges (subjectively) are tastier and less sour; etc.
| Joker_vD wrote:
| And we all know apples and oranges are incompatible in every
| single way. Even their physical dimensions or prices can't be
| meaningfully compared!
|
| Seriously though: both of those products aim to provide secure
| tunnelling/network connectivity. They do it differently, which
| leads to different trade-offs including, among other things, at
| which level the OS network stack is intercepted. All of those
| things can be meaningfully compared (e.g., "do I need my
| favourite application Z to explicitly support and be configured
| to use a HTTP/SOCKS-proxy or will it 'just work'(tm)?" -- Tor
| and OpenVPN give two different answers).
| hobofan wrote:
| Both of those products provide that functionality on paper,
| but they are widely different products with widely different
| audiences.
|
| I think their respective "Get Started" buttons show it best:
| Tailscale tries to get you connected to your team and to
| download the client as fast and easy as possible (= it's a
| product for everyone in the company), while Narrowlink throws
| you to a lengthy explainer page that no non-technical user
| will bother with.
| Joker_vD wrote:
| Notice how you actually have compared those two products
| according to one particularly (arbitrarily?) chosen
| criterion.
| hobofan wrote:
| Of course you can compare apples to oranges, but if you
| know that a huge amount of the population is allergic to
| citrus fruit, it's just a waste of time to compare their
| dimensions or prices.
|
| It's not arbitrarily chosen, and I wouldn't call it a
| criterion. I am arguing that they are different products
| for so different audiences, that all other criteria don't
| really matter.
|
| > both of those products aim to provide secure
| tunnelling/network connectivity
|
| You are talking about technical capabilities, but that
| still doesn't make them similar products. Figma and Miro
| are not similar products, just because they both provide
| an infinite canvas and team collaboration capabilities.
| SajjadPourali wrote:
| You can integrated it with sing-box to do.
| https://narrowlink.com/docs/extended-tutorial/vpn-
| integratio...
| tamimio wrote:
| I'm more interested in the link stability and latency, any
| benchmarks for all these products? Nebula/headscale/narrolink?
| yuedongze wrote:
| The HTTP/S proxy network of NL is interesting. But I think QUIC
| unreliable transport + MASQUE is the future here
| mikae1 wrote:
| Don't forget Nebula[1].
|
| [1] https://slack.engineering/introducing-nebula-the-open-
| source...
| Alifatisk wrote:
| There is also Zerotier (zerotier.com)
| pahae wrote:
| Nebula is fantastic, absolute love it. We use it in production.
| Cert management can be a bit of a pain on a large scale but
| there's an excellent Terraform provider [0] that can help.
| Coupled with the Terraform ansible provider and a little bit of
| scripting you can automate anything related to cert
| provisioning and renewal.
|
| [0]
| https://registry.terraform.io/providers/TelkomIndonesia/nebu...
| PlutoIsAPlanet wrote:
| Used Nebula to build a cross-cloud Nomad cluster, very
| underrated and does 99% of what you'd want from Tailscale.
| JeremyNT wrote:
| This is my favorite tool in this space as well. It's very
| simple and p2p.
|
| I don't know why it seems to be so far below the radar in
| these comparisons / conversations. Perhaps the Tailscale
| marketing is just that good :)
| pawelduda wrote:
| No Android support though, instant dealbreaker for me. I use
| tailscale and termux to SSH into my devices, or to access my
| HomeAssistant from anywhere
|
| EDIT: my bad, they have an Android client
| dsissitka wrote:
| What doesn't support Android? Nebula has an Android client:
|
| https://play.google.com/store/apps/details?id=net.defined.m
| o...
| [deleted]
| pawelduda wrote:
| You're right! I didn't realize article posted by parent
| was 3 years old (it only mentions iOS client being in
| development). Their website mentions Android client!
| jdoss wrote:
| Hey me too and I fully agree! Nebula is super underrated in
| this market space. I use Nebula to connect my primary
| datacenter rack with a bunch of dedicated servers and VMs all
| together on an overlay network. This makes it easy for me to
| add Nomad client nodes quickly in different parts of the
| world and everything just works.
|
| I actually use https://defined.net for a managed Nebula
| experience and it makes everything super easy to get going
| and the team is super helpful with the few issues that I have
| run into. The free tier is super generous with up to 100
| hosts for free and you don't need a credit card to get
| started. I highly recommend checking it out.
| bootsmann wrote:
| This article is classic SEO fluff right? The Q&A style answering
| exactly the type of questions that people comparing the two would
| write into google search.
| decremental wrote:
| That's why the competitor's name is first in the title.
| semiquaver wrote:
| It's not exactly a new idea. If it works for SEO this is
| probably just a case where search engines are doing what you'd
| expect.
|
| https://en.wikipedia.org/wiki/FAQ
| lmeyerov wrote:
| I found it useful - we have been considering tailscale for part
| of our post-VPN strategy, and as tailscale markets successfully
| there, the direct comparison helps. That they were fair about
| the OSS & centralization comparisons without explicitly
| punching up was also great for trust building - good job
| whoever wrote that.
| skybrian wrote:
| It's a little verbose but I'm in favor of people writing these
| sort of comparisons, and a Q&A format is fine. People writing
| more FAQ's seems like a mostly positive side effect of SEO, if
| they're accurate.
| esafak wrote:
| That's marketing: clarifying positioning. Everybody startup
| should write such pages.
| philsnow wrote:
| If you want a search term for more info about it, this kind
| of article specifically falls under "content marketing", in
| this case it's a high-converting type called a "versus page".
| [deleted]
| booi wrote:
| how dare they try to answer questions people would type into
| google
| bootsmann wrote:
| Ah I'm not negative about this here, its just notable and
| makes the article overly verbose.
| fragmede wrote:
| What makes it "fluff" to you? My definition of "fluff" is that
| it _doesn 't_ answer my question, and that I walk away from it
| with no idea what the product even is. This is mostly concrete
| and I can tell you roughly what Narrowlink is and isn't after
| reading their (misspelled) page.
|
| Something like:
|
| "Introducing NarrowLink, the world's most advanced and secure
| VPN solution! With our cutting-edge technology, you'll
| experience unparalleled speed, reliability, and security. Our
| military-grade encryption ensures that your data stays private
| and safe from prying eyes. Enjoy unlimited access to all your
| favorite content, no matter where you are in the world. Say
| goodbye to restrictions and hello to a new era of internet
| freedom. Join millions of satisfied customers and take control
| of your online experience with NarrowLink today!"
|
| would be fluff.
| jpeeler wrote:
| Wow, did you use ChatGPT to write that? I actually enjoyed
| reading it knowing that it was going to be fluff in advance.
| madeofpalk wrote:
| It's SEO spam. You might find it helpful, but that doesn't
| detract from the obvious nature that, for better or worse,
| it's design to rank in google and capture clicks.
| travem wrote:
| > VPN solution
|
| You included what the product actually is in the first
| sentence so I can tell you are still lacking some real
| marketing obfuscation skills
| mightybyte wrote:
| Nebula is another option along these lines.
| https://nebula.defined.net/docs/ I've been using it for the
| better part of a year and am very happy with it. It is able to
| make point-to-point network connections in many situations,
| avoiding the out-and-back cost of VPN ingress/egress points that
| are far away from source and dest.
| __jem wrote:
| > However, tailscale focuses on access different devices to each
| other, while Narrowlink focuses on access to the services trough
| on the agent as a proxy.
|
| You can easily do the same thing with Tailscale:
| https://tailscale.com/kb/1019/subnets/.
| smashed wrote:
| What does the sentence you quoted even mean? This reads like a
| rough first draft that needs to be clarified. I don't get it at
| all.
| pcthrowaway wrote:
| > access to the services trough on the agent as a proxy
|
| I assume the services trough is somewhat of a poor man's
| service bus
| gunapologist99 wrote:
| or misspelled "through" but that wouldn't make much sense
| either.
| Tijdreiziger wrote:
| That's the way they picture it on the intro page of their
| docs [1], so it makes sense to me.
|
| In general, that page is a lot clearer about the product
| than the linked one.
|
| [1] https://narrowlink.com/docs/intro
| infinityio wrote:
| For people for which the SaaSiness of Tailscale would be the main
| deciding factor, it is important to note that this article
| completely fails to mention Headscale, a BSD-licenced tailscale-
| compatible coordination server under active development
| aliasxneo wrote:
| We tried switching to Headscale recently...it was not a
| pleasant experience. I'm sure with more time in the oven, it
| will eventually become a comparable replacement, but I wouldn't
| be relying on it for anything production oriented.
| [deleted]
| juanfont wrote:
| Headscale dev here!
|
| What issues did you face? :)
| aliasxneo wrote:
| It was last year, so it's not in recent memory, but most of
| the problem was around instability. We ran into some
| frequent issues where we would begin troubleshooting,
| assuming it was something on the application end, only to
| find out that the issue was happening in the network. We
| eventually figured out that the Headscale network was
| randomly dropping in and out. I'm sure with a lot more time
| we could have identified the root cause, but unfortunately,
| we had a deadline and just paid Tailscale (and haven't had
| any issues since).
|
| Like I said, I'm sure it's coming along fine, it's not just
| something that we were able to set and forget like with the
| Tailscale experience.
| juanfont wrote:
| We have definitely improved a lot the stability and test
| coverage in the last year. Really, really a lot. Still a
| bit to go, but overall there have been many changes :)
|
| But indeed we are not meant to replace the full
| frictionless experience of Tailscale SaaS.
| AdamJacobMuller wrote:
| Interesting, I am using it in some limited production
| capacities and it works fine, what kind of issues are you
| seeing?
|
| The interface is a bit clunky but the service (both agent and
| control plane) are rock solid for me.
| linsomniac wrote:
| Just for a counterpoint: I've been running headscale for 11
| months, with just over 100 tailscale nodes, and it's been
| pretty good. There was one version upgrade that completely
| exploded memory use (it originally was running on a 1 or 2GB
| VM, with the upgrade I had to switch to 16GB to avoid
| thrashing), but that was fairly quickly resolved.
|
| I would say it's been a pleasant experience, headscale and
| the headscale devs have been fantastic.
|
| However, I would also agree with the statement that I
| wouldn't use it in production. In particular: I was hoping to
| use it as an overlay network for basically all traffic,
| between production machines and to user workstations. For the
| overlay network, my biggest fear there is that when headscale
| goes down, the entire network pretty much immediately stops
| responding. The usual case for this is when I make an ACL
| update and make an error, the entire overlay is down until I
| get the ACL fixed.
|
| For replacing our OpenVPN, headscale+tailscale is going to be
| a clear win.
|
| For the overlay network, I probably should go with Nebula.
| Headscale has these things over Nebula: Easier user
| onboarding (users can just login, no key exchange required),
| tailscale was able to route around some network problems we
| saw in Comcast (though it sounds like Nebula has experimental
| ability to do that now), and headscale has vastly better
| ACLs. Tailscale's are even better. Another downside of
| tailscale is that you can only connect to one tailnet at a
| time, so you can't have a "work" and "home" tailnet and be
| connected to both -- you have to switch.
|
| Nebula has the benefit that there is no coordination server,
| so no worries about that going down. Even in the case of the
| Defined Networking SaaS, an outage of the control plane would
| just interfere with the ability to manage the network, until
| keys start expiring your network will continue to work.
|
| ZeroTier also is very good, I'd classify it as closer to
| Tailscale, but it does have the ability to connect to
| multiple networks. ZeroTier in many ways is very slick, but I
| ended up removing it from my list of options because of a bad
| interactions with their sales team. It's ACLs are pretty
| obtuse though.
| linsomniac wrote:
| Oh, another slight minus of tailscale is it's manipulation
| of the system firewall rules, so if you have other firewall
| manipulation, in particular if you manage large rulesets
| via iptables-restore from a rules file, tailscale can lose
| it's rules. On the plus side "tailscale status" will report
| "health" issues in that case to point you in the right
| direction.
| xrd wrote:
| I'm using head scale. Is this a drop in replacement? Intrigued.
| tailspin2019 wrote:
| > Narrowlink and Tailscale are two open source solutions with
| different architectures that enable secure remote access and
| connectivity across networks.
|
| A nitpick, but ironically I think they're being generous to
| Tailscale there. Tailscale isn't really "open source" - or at
| least not without heavy qualification. I'm not an open source
| zealot by any means but that line just seems a little misleading.
|
| The clients are partially open source [0], but the server isn't
| at all.
|
| There is an open-source _implementation_ of the Tailscale server
| called Headscale, but Headscale is not Tailscale. This
| distinction is important because a significant part of the value
| proposition of Tailscale compared to other overlay /mesh networks
| is their very well designed web UI which makes managing their
| Wireguard based networks very user friendly. Headscale has no UI
| (edit: there are some third-party "unofficial" Headscale UIs
| [2]).
|
| In fact the Headscale repo still says explicitly "This project is
| not associated with Tailscale Inc." [1] even though I understand
| that it is (unofficially?) supported by Tailscale these days.
|
| [0] https://github.com/tailscale/tailscale
|
| [1] https://github.com/juanfont/headscale
|
| [2] https://github.com/juanfont/headscale/blob/main/docs/web-
| ui....
| gunapologist99 wrote:
| Perhaps narrowlink doesn't want to draw attention to this:
| https://github.com/narrowlink/narrowlink/blob/main/LICENSE.m...
| amarshall wrote:
| What's to draw attention to there? MPL and AGPL are both Open
| Source licenses.
| pxeger1 wrote:
| > For companies or organizations whose policies are not
| compatible with the AGPL-3.0 license, we offer a separate
| business license. To inquire about the business license or
| discuss licensing options, please contact us at
| opensource@narrowlink.com.
| Semaphor wrote:
| Perfectly fine, and perfectly open source.
| pxeger1 wrote:
| I know, I'm just suggesting what GGP might have been
| referring to
| KRAKRISMOTT wrote:
| One's not usable in any corporate context, especially one
| that's so low level in the network stack. The doc post is a
| content marketing post (in this case, for SEO hacking
| specifically) disguised as a technical comparison, so they
| clearly have monetisation in mind.
|
| In other words, disingenuous advertising.
| midasuni wrote:
| Why isn't AGPL usable?
| yebyen wrote:
| It isn't usable if your goal is to take the open source
| project and turn it into a component of your own
| commercial product that is for sale and is closed-source.
|
| But I think more than half of the people in this thread
| have the opposite opinion (that if it isn't open source,
| it isn't usable) and I tend to agree with that.
| p_l wrote:
| it's also isn't usable if you're going to need to modify
| it, even if something trivial like patches to work on
| your internal historically complicated stack, then due to
| legal bugs in AGPL you might find yourself _never_
| compliant with the license.
| tptacek wrote:
| That they're licensed under two different open source
| licenses?
| predictabl3 wrote:
| > significant part of the value proposition of Tailscale is
| their very well designed web UI which makes managing their
| Wireguard based networks very user friendly.
|
| I think this is an opinion. I don't use the tags/rules, and I
| literally only use their website to complete the oauth flow to
| auth a new client. Headscale is a perfectly functional
| replacement of Tailscale for me.
| skrtskrt wrote:
| I interviewed there and asked about this and they said their
| coordination server and (and other UI features UI) are almost
| completely about satisfying very demanding enterprise
| customers, with one of the major concerns being the
| performance particularly of applying ACL rules across huge
| complex networks.
|
| They said there would be a lot of code cleanup to open source
| the coordination server, and it's not been completely ruled
| out but Headscale is such a nice alternative for those that
| care about an open source coordination server that it doesn't
| seem to be a big motivation.
| tailspin2019 wrote:
| I don't mean to downplay the value of Headscale, but only to
| make the point that it's quite a different beast to the
| Tailscale SaaS experience.
|
| For the record I think Headscale is an impressive project.
| LambdaComplex wrote:
| > I understand that [Headscale] is (unofficially?) supported by
| Tailscale these days
|
| I'm not sure if it clears the bar of _official_ , but it seems
| to be not-unofficial. They were planning on open-sourcing a
| coordination server once they cleaned the code up, but then
| decided that there was no point in doing so due to Headscale.
| On top of that, one of the primary maintainers of Headscale
| works at Tailscale now.
|
| Source: https://tailscale.com/blog/opensource/
| crawshaw wrote:
| (Tailscalar)
|
| The client is completely open source on open source operating
| systems. The repository you linked to is 100% of the client for
| Linux, and there's another repository for Android.
|
| As a bonus you can run the open source client on closed source
| OSs, i.e. macOS, WSL2.
|
| We never open sourced our coordination server because Headscale
| beat us to it.
| hk__2 wrote:
| > We never open sourced our coordination server because
| Headscale beat us to it.
|
| From what I understand, Headscale has not all the
| capabilities of Tailscale's server.
|
| Excerpt from Headscale's README:
|
| > Headscale's goal is to provide self-hosters and hobbyists
| with an open-source server they can use for their projects
| and labs. It implements _a narrow scope_ , a single Tailnet,
| suitable for a personal use, or a small open-source
| organisation.
|
| (emphasis mine)
| crawshaw wrote:
| Sure, and that seems very reasonable? If you're running
| your own coordination server, stand one up for each tailnet
| you want to run. Different software has different operating
| requirements, and headscale is building to requirements
| that are better suited to someone running their own.
|
| E.g. our internal coordination server has a bunch of goop
| in it for talking to a couple of AWS services we use. No-
| one wants that.
| [deleted]
| TaylorAlexander wrote:
| Personally I just feel better recommending something to
| people if I know the service is 100% open source. I don't
| care if the code includes stuff "no one wants". I'm a
| talescale user and I love it, but I do feel a bit weird
| using and recommending a service with important bits that
| are proprietary. At the same time, part of why I like the
| service is that it's dead simple to use. I imagine
| headscale takes more effort to set up and use. So I use
| the proprietary client, and just kinda feel weird about
| it. If it were open source I wouldn't have those
| reservations.
| p_l wrote:
| Having recently put some work to essentially sell
| headscale-as-a-service (to clients that for various
| reasons wouldn't want to pay tailscale anyway even if
| they found the service great), about only issues between
| tailscale and headscale are that headscale got a bit of
| cruft regarding internal models that are currently being
| worked on, and for practical purposes it shows up in a
| bit harder time handling ACLs and no tailnet-peering
| support.
| TaylorAlexander wrote:
| It strikes me that if you had to build a service
| platform, then that shows me there is a difference in the
| systems from a user perspective. I am a very technical
| user but I do NOT want to spend my time configuring
| network stuff, that's the whole reason I use tailscale.
| The fact that headscale is self hosted immediately
| creates barriers that tailscale does not have. I already
| host several web servers and it a huge pain that I want
| to do less of. (Everything is fine on digitalocean until
| some update does something weird and I have to spend a
| few days debugging it).
| [deleted]
| uxp8u61q wrote:
| > We never open sourced our coordination server because
| Headscale beat us to it.
|
| Can you elaborate? This sentence makes no sense to me.
| Headscale is not tailscale, so they didn't "beat you to it",
| they just released a competiting product.
| aidos wrote:
| They've been really good about promoting and supporting
| headscale. I feel like this comment from Bradfitz gives a
| nice little insight into the reality of open sourcing code.
|
| https://news.ycombinator.com/item?id=32470615
| freedomben wrote:
| I'm a big open source advocate and would be heavily critical
| if the Linux and Android clients weren't open source, but I
| don't see how a person can complain about tailscale being
| closed source on an operating system like Macos or iphone or
| Windows, when the entire platform practically is closed. Such
| person clearly does not have a problem or concern about using
| proprietary and closed systems. I think tailscales position
| here makes a lot of sense, and if it bothers somebody because
| they see the tremendous value in open source, I hope it would
| cause them to consider their platform of choice.
| lloeki wrote:
| > The client is completely open source on open source
| operating systems.
|
| IOW it's by and large the GUI part that is not open source.
| Personally I prefer to run it as a system LaunchDaemon than a
| user LaunchAgent anyway.
|
| > We never open sourced our coordination server because
| Headscale beat us to it.
|
| I seem to recall reading that another reason was that there
| was intent to open source it but it made little sense as far
| as running it because its code was written for (and coupled
| to) Tailscale's heavy duty infra. So Headscale beat Tailscale
| to it by providing not just code but code that could work on
| much wider contexts.
| p_l wrote:
| the GUI part is also open source (I went looking recently
| in hope of adding support for `tailscale switch` on
| android). It's just in surprisingly weird toolkits :)
| dsissitka wrote:
| Their clients consist of a daemon and, optionally, a GUI.
| The daemon is open source. The Android and Linux GUIs are
| open source but the Windows, iOS, and macOS GUIs aren't.
|
| Source: https://tailscale.com/opensource/
| phibz wrote:
| By gui i think the above posts meant the tailscale web UI
| for auth and account management.
| lloeki wrote:
| Nope I meant the macOS and iOS UI (possibly more)
| juanfont wrote:
| > even though I understand that it is (unofficially?) supported
| by Tailscale these days.
|
| https://tailscale.com/blog/opensource/
| tailspin2019 wrote:
| I was drawing attention to this line in your README:
|
| > This project is not associated with Tailscale Inc.
|
| :)
| juanfont wrote:
| Ah, I was not stating anything else than linking their blog
| post :)
|
| I am pretty sure they would have eventually published a
| control server.
|
| We just happened to be quicker (and come up with a great
| name, IMHO).
| yebyen wrote:
| Reverse nit, there is a UI for headscale:
|
| https://github.com/gurucomputing/headscale-ui
|
| Granted, that's also not tailscale.
| tailspin2019 wrote:
| > Granted, that's also not tailscale.
|
| I take your point, but they're technically not Headscale
| either!
|
| Yes there are a few third-party UIs for Headscale but now we
| are 3 times removed from Tailscale :)
| yebyen wrote:
| Ah, looks like there are several! And they're all
| third-(third-)party...
|
| > https://headscale.net/web-ui/
___________________________________________________________________
(page generated 2023-08-11 23:00 UTC)