• 1 Post
  • 105 Comments
Joined 1 year ago
cake
Cake day: July 9th, 2023

help-circle










    1. Biggest thing was actually the sign up options. What if I don’t want my machines calling to Google or Microsoft to get access to Tailscale? I need to look up the other OIDC providers but don’t know much about that yet.
    2. Then the fact of Nebula being fully open source and fully on my machines. (Though that’s a little undercut by the Android problem being solved only by their managed service).
    3. Headscale gave me an impression of being more complicated to set up and maintain. Haven’t tried it yet, that was just my feel when I chose which one to try.
    4. More recently, I saw Nebula’s interesting post on performance benchmarks. At high throughout Tailscale can be better for CPU but heavier on memory. Hopefully at my sort of very low throughout it’s small on memory but if I’m squeezing a client into a cheap vps alongside nextcloud and other things, memory use is more concerning to me than CPU… I wonder how much memory Tailscale uses when not doing much.


  • I agree having a paid service, or some viable finance model, is a good sign for longevity …that said Nebula is what Slack use themselves so publicly or privately it’s going to be kept developed!

    Just the fact the Android client is only properly configurable if you use their managed config service, made me worry a bit. Even though Tailscale you’re signing up for more eggs in their basket (unless you use Headscale), it felt like at least you start out on that basis, you aren’t pushed into it unexpectedly.

    I do like that both projects talk politely about each other. That feels like a good sign for both!

    I’ll check out Netbird, thank you.


  • Is Headscale easier than Nebula? I thought it looked like it might become much more work.

    Nebula was mostly easy, but had a few hurdles I needed to learn.

    • Setting up systemd. I think I had to look that up and write a startup thing for it. I might have copied one from Syncthing or something! I don’t remember right now.
    • firewalls confused me a couple of times
    • and I had to get the hang of the certificate system of course

    I have mixed feelings about trying Defined Networking’s managed config, but I imagine that would get round the learning curve of the config.


  • What’s an edge vps? Is that some sort of distributed cdn-style vps? Or just a VPS at the ‘edge’ of your network?

    Biggest points for me of having a mesh, not a central Wireguard hub, are,

    1. I have a VPS in one country, a ‘host’ laptop in a friend’s house in another and a third laptop. I want the two laptops to connect directly to each other not bouncing all packets off the vps.
    2. For backups, ssh, etc, I’d like to be able to just call the VPN IP, whether two machines are on the same LAN or not. Nebula/etc makes that work; a centralised VPN would sometimes be sending packets pointlessly out on WAN and back.