Yeah, Tailscale is really cool. The only thing I wish is that they didn't tie auth to either a big tech monopoly (Google, github etc) or running your own IDP service. I would love to use Tailscale for some self hosted stuff I have, but hesitate to start exposing something like an identity management tool because that's a high value target. And of course, I don't really want to let Google et al be in control of my VPN setup either.
That's a valid concern.
I've also used ZeroTier with good success.
They're a competitor that offers VPN with similar idealized P2P topology. Unlike Tailscale, ZT is not based on wireguard (ZT predates wireguard), but they do offer the option to use their own local auth without reliance/potential issues with yet-another party.
ZT also allows a person to create and use their own relay (called a "moon"), if that's something useful: https://rayriffy.com/garden/zerotier-moon
(For my own little purposes I don't really have a preference between either Zerotier or Tailscale.)
Thanks for the tip! I'll check that out and see if it would work for my VPN needs, but it certainly sounds promising.
They support Passkeys. This is exactly how I continue using them after moving away from Google Workspaces.
Oh wow, I had totally missed this[0]! Is it possible to migrate an existing SSO account (with associated tailnet) to a passkey one?
[0]: https://tailscale.com/blog/passkeys