zlacker

What do you need Tailscale for? Why isn't Wireguard enough?

>>rane+(OP)
I think it’s easier to manage, plus you get ACL functionality. You can use Headscale for the control server and tailscale clients.

>>rane+(OP)
There's nothing wrong with wireguard at all if you already have the hosting service available. The core value add for Tailscale is that they provide/host the service coordinating your wireguard network.

If I'm not mistaken, there's a self-hosted alternative that let's you run the core of Tailscale's service yourself if you're interested in managing wireguard.

>>rane+(OP)
The author mentioned closing their VPN port so people would stop trying to break in, but this also cut off the author's access.

Tailscale allows you to connect to your home network without opening a port to allow incoming connections.

>>_heimd+L
I believe you are referring to Headscale https://github.com/juanfont/headscale

>>_heimd+L
What kind of "hosting service" are you referring to? Just run wireguard on the home server, or your router, and that's it. No more infra required.

>>bennyt+Bi
I meant to say hosted service there, I.e. running a wireguard server to negotiate the VPN connections.

The main reason I haven't jumped into hosting wireguard rather than using Tailscale is mainly because I reach for Tailscale to avoid exposing my home server to the public internet.

>>_heimd+hB
What could be the issue with exposing WireGuard at a random port to the public internet?

It works over UDP so it doesn't even send any acknowledgement or error response to unauthenticated or non-handshake packets.

>>rane+4U
There may not be an issue at all, I'm just gun shy about opening any ports publicly. I don't do networking often and have never focused on it enough to feel confident in my setup and maintenance.