Nebula[0] addresses this and is IMO an improvement over WireGuard. Came out of Slack originally, and it supports peer discovery, NAT hole punching, and some other cool features. Also still uses the Noise Protocol.
In practice, the extra networking features + better first class peer config management baked in is very nice (Nebula’s “lighthouses” are configured with a tool similar to DSNet for Wireguard[1])
[0] https://github.com/slackhq/nebula [1] https://github.com/naggie/dsnet
I use Nebula but the relay config is somewhat clunky and the macOS port is pretty buggy.
What's the story with removing uncooperative endpoints from Nebula?
So now we're back "tailscale but with different steps"
tailscale appears to be a paid product with a free tier, nebula (while DIY) is free
there is an open source control plane called headscale which covers almost all of the features for free (while DIY)
People keep saying that, but haven't we learned already that eventually Tailscale gets bought, then priorities change, then they make incompatible changes because they're need to grow, and headscale either can't keep up, or gets pushed away by Tailscale themselves, and we're back to using $TailscaleCompetitor who promises to not do the same thing.
Just don't rely on centralized for-profit entities, rely on stuff produced by non-profits and foundations, that you know isn't gonna screw you over as soon as they need money.
I am personally happy to use Tailscale directly so I don't know. There isn't anything better out there though.
> Just don't rely on centralized for-profit entities, rely on stuff produced by non-profits and foundations, that you know isn't gonna screw you over as soon as they need money
What do you use that fits that philosophy and offers the basic functionality (NAT traversal, Magic DNS, failover relaying) TS provides?
Nebula has NAT traversal and failover relaying I beleve, but not magic dns
This is correct, and the lack of a MagicDNS solution is definitely felt when using Nebula (esp. when switching from Tailscale)
While I agree in spirit, I find this logic around for profit FOSS projects a little backwards sometimes, because it implies forking Tailscale wouldn't save much time.
What makes you think we'd be better off building a competitor to something open source if it has all the features we want now? The reason we don't see open source competitors to big products is not because people are too dumb to try it. It's because it's way, way harder. It makes way more sense to Fork and work from there while we're still getting this momentum from Tailscale.
If you think Headscale is going to have problems keeping up with a private Tailscale, good luck rebuilding Tailscale.