Tailscale vs Headscale

First of all, I’d like to understand why tailscale seems to be really recommended including by @jonah when they seem to collect a lot of data?

I feel like this would not normally pass the usual recommendations.

Would installing headscale (the self-hosting equivalent of tailscale) solve all these privacy concerns?

If I learn how to self-host this, I’m also wondering if it’s a one-shot installation or if self-hosting requires maintenance?

Thanks! :slight_smile:

INFORMATION YOU PROVIDE TO US

We collect a variety of information that you provide directly to us. For example, we collect information from you through:

  • Your registration to use the Services
  • Your use of the Services
  • Your participation in product demos and webinars
  • Your communications with our support/sales teams
  • Requests or questions you submit to us via online forms, email, or otherwise
  • Your participation in surveys, research, sweepstakes, or contests
  • When you communicate with our customer support teams via email, phone, videoconferencing, or chat (e.g., you email, video chat, open a support ticket, file a feature request, tweet at us, etc. for customer support)
  • When you attend our conferences or events or interact with us at other conferences or events
  • When you sign up for our newsletters
  • When you use a blog or forum made available through the Services (for example, if you comment on a post or submit a question)

The types of data we collect directly from you include:

  • First and last name
  • Email address or username
  • Postal/billing address
  • Telephone number
  • Log-in authentication information
  • Your company or organization name
  • Your title
  • Any other information you choose to directly provide to us in connection with your use of the Services

However, please note that Tailscale does not process, or have the ability to access, the content of User traffic data transmitted through the Tailscale Solution, which is fully end-to-end encrypted.

This was from their privacy page that you linked.

You can opt out of participating some of the above stuff. The personal details is unavoidable if you intend to use their paid tier. You might get away with wrong info like aliases and burner emails though.

1 Like

There are other good self-hosted solutions which have an open source server and clients. See NetBird.

1 Like

I use Tailscale, but an eng I respect immensely swears by NetBird. If I were not yet bought into the Tailscale ecosystem, I’d definitely want to switch to NetBird (among 3 or 4 other FOSS alternatives like Innernet, NetMaker, ZeroTier, DefinedNet).

Though, I must say that despite the ominous sounding privacy policy, I believe that the Tailscale founders have their heart in the right place (and it goes without saying that Tailscale isn’t in the business of public / consumer VPNs, but they do integrate with Mullvad for “exit nodes” & ControlD/NextDNS for DNS, which, from my understanding, is that it is driven solely by wanting to holistically building out the product).

So are free users “the product?” No. If we’re going to fix the Internet, there’s no point only fixing it for big companies who can pay a lot. That misses the point of the whole adventure. The Internet is for everyone. We have to fix it for everyone, or why bother? We knew we had to design a business model and a technical architecture that removes any incentive to abuse your privacy.

- Avery, CEO at Tailscale, How our free plan stays free · Tailscale

4 Likes

If I’m not mistaken, ZeroTier is proprietary. Their tunnels also seemingly aren’t Wireguard-based (unlike most of their competitors), which is somewhat off-putting in my opinion.

A recent interview of the CEO. He seems like a cool upright guy.


Accompanying L1T Forum discussion:

1 Like

I don’t feel like this is backed up by the privacy policy you linked, which lists a pretty minimal and reasonable amount of data collection.

However, please note that Tailscale does not process, or have the ability to access, the content of User traffic data transmitted through the Tailscale Solution, which is fully end-to-end encrypted.

The reality of a networking product like Tailscale is that they have to know information about you like your IP address, by virtue of… how the internet works.

This is the price you pay to not have to host something yourself. Tailscale is a cloud service.

I’m no longer using Tailscale,[1] but I’ll happily continue recommending it for people who want something that’s dead simple and reliable.

To be fair, I think it pre-dates WireGuard, and ZeroTier is technically different from WG/Tailscale and all these other solutions because it is a Layer 2 (Ethernet) connection instead of a Layer 3 (IP) connection.[2]

Most people will use Tailscale and ZeroTier the same way so the difference doesn’t really matter, but there are some cool things advanced users can do with ZeroTier that wouldn’t really be possible with WireGuard if you’re so inclined.


  1. now I connect all my clients to a single central router with WireGuard instead of doing a mesh networking thing ↩︎

  2. Hamachi also used to operate on Layer 2 like this if anyone remembers that app from the early 2000s ↩︎

5 Likes

can you kindly elaborate on this a bit?

You’re right. They switched to BSL which isn’t a FSF / OSF approved license: Relicense: GPLv3 -> ZeroTier BSL 1.1 · zerotier/ZeroTierOne@52a166a · GitHub

Yeah. Most of Avery’s blog posts (mostly on software / industrial eng, computer networks, startups) are really well-written. I share this one (mirror) when any newbie eng asks for advice.

(as an aside, multiple engs I know maintain that Avery’s redo is some of the best Python code ever authored)

1 Like

Alright, so everybody here convinced me that it would be “safe” to use tailscale.

I also mostly got convinced by this:

But now I’m also curious of this:

Why? What are the pros/cons of all of those? What about headscale?

Would someone who know be able to list some pros and cons about Tailscale vs Headscale vs Innernet vs NetMaker vs ZeroTier vs DefinedNet?

Here’s what AI came up with. Does that make sense? @ignoramous @jonah

Tailscale:

Pros:

  • Easy to set up and use, with a user-friendly interface
  • Supports multiple platforms, including Windows, macOS, and Linux
  • Offers end-to-end encryption and secure networking

Cons:

  • Limited free tier, with restrictions on the number of devices and features
  • Can be expensive for large-scale deployments
  • Some users have reported issues with connectivity and reliability

Headscale:

Pros:

  • Open-source alternative to Tailscale, with a strong focus on community involvement
  • Offers more customization options and flexibility
  • Can be self-hosted, giving users more control over their data

Cons:

  • Steeper learning curve due to its open-source nature and lack of commercial support
  • May require more technical expertise to set up and manage
  • Limited documentation and resources compared to commercial alternatives

Innernet:

Pros:

  • Offers a unique, peer-to-peer approach to networking, with no central servers
  • Provides end-to-end encryption and secure communication
  • Can be used for both personal and business purposes

Cons:

  • Limited platform support, with a focus on Windows and macOS
  • Can be complex to set up and manage, especially for large-scale deployments
  • Some users have reported issues with connectivity and reliability

NetMaker:

Pros:

  • Offers a cloud-based platform for easy management and scalability
  • Supports multiple platforms, including Windows, macOS, and Linux
  • Provides end-to-end encryption and secure networking

Cons:

  • Limited free tier, with restrictions on the number of devices and features
  • Can be expensive for large-scale deployments
  • Some users have reported issues with connectivity and reliability

ZeroTier:

Pros:

  • Offers a unique, software-defined networking approach with a strong focus on security
  • Provides end-to-end encryption and secure communication
  • Can be used for both personal and business purposes

Cons:

  • Can be complex to set up and manage, especially for large-scale deployments
  • Limited platform support, with a focus on Windows and macOS
  • Some users have reported issues with connectivity and reliability

DefinedNet: I couldn’t find any information on DefinedNet. It’s possible that it’s a lesser-known or emerging solution, or it may not exist at all. If you have more information about DefinedNet, I’d be happy to try and provide more insights.

How much time does the setup of each option take? How much time does each take to maintain?

Tailscale:

  • Setup time: 10-30 minutes (depending on the number of devices and complexity of the setup)
  • Maintenance time: Low to moderate ( occasional updates and monitoring, approximately 1-2 hours per month)

Headscale:

  • Setup time: 1-5 hours (depending on the complexity of the setup and the user’s technical expertise)
  • Maintenance time: Moderate to high (regular updates, monitoring, and troubleshooting, approximately 2-5 hours per month)

Innernet:

  • Setup time: 30 minutes to 2 hours (depending on the number of devices and complexity of the setup)
  • Maintenance time: Moderate ( occasional updates and monitoring, approximately 1-3 hours per month)

NetMaker:

  • Setup time: 10-30 minutes (depending on the number of devices and complexity of the setup)
  • Maintenance time: Low to moderate (occasional updates and monitoring, approximately 1-2 hours per month)

ZeroTier:

  • Setup time: 30 minutes to 2 hours (depending on the number of devices and complexity of the setup)
  • Maintenance time: Moderate (occasional updates and monitoring, approximately 1-3 hours per month)

Do those answers make sense?

Lastly, I’m still curious as to why that is?

1 Like

It’s better to do some research online than posting LLM generated walls of text. The comparison you posted was not very accurate or helpful.

Many of these companies post comparisons online, just be aware that they have an inherent bias in favour of their own product.

2 Likes

Haven’t used NetBird but from what I was told, NetBird is source-first (as in, almost all its components, including the Admin UI) is OSS or source-available. Headscale, I don’t think, comes with an equivalent for Tailscale Web UI built-in?

(I can’t see your other post, it was flagged. Feel free to DM me).

1 Like

I will respectfully disagree, as it was helpful to me and could have been for others as well.

Thanks for the links, I will check those out and pm ignoramous.

I used ZeroTier with a self-hosted controller after they changed the device connection limit in the free version from 25 to 10. I’m concerned that they’ll do worse in the future.

I’m thinking of Netbird, but their Android app is buggy and the web UI is unresponsive. Tailscale is conventional, but I don’t keep my browser cookies after it is closed. Tailscale uses provider logins like Google or Microsoft, and their login verification is very slow and too much process.

1 Like

Tailscale is great, if it works. But it has had some random speed issues on my devices and has caused DNS problems on Windows and Linux. I fixed the DNS problem on Linux, but couldn’t fix the other two. I am seriously considering going to another solution or even a plain Wireguard solution.

Alright, so that throws me off Netbird. Thanks.

You’re the first mentioning this. I was going to go ahead with Tailscale, but I’m still hesitant as the option I’m choosing will be the one for the next couple years.

What sorts of DNS problem did you get? Could you also elaborate on the speed issue you’ve experienced?

Would Headscale solve all of that or not really?

The goal of the tool would be to connect online to my NAS around 8 different devices and to eliminate the need of Port Forwarding. I also want to stop using OpenVPN to connect because everytime there is an electric outage, my IP changes and I need to update the ovpn file in order to connect again. The tool needs to be free. I’d also prefer as less maintenance as possible.

Which one would you recommend based off that?

DNS simply didn’t work. On Linux I had to run a script after every start to reset some DNS related services. On Windows, I couldn’t use Tailscale’s DNS at all.

Speed went really low, with high latency, but that only happened sometimes. Deactivating the tailscale client made it go away.

Probably not. DNS problems seem to be client based. Speed issues, I have no clue what the reason is.

Would recommend to try Tailscale. It’s quite easy to get started. If it works for you, fine. Aside from Tailscale, I have only experience with using Wireguard directly.

1 Like

Alright, will try it, mark this as the solution and if I don’t report back, it’s because it worked fine! :slight_smile:

1 Like

Report back anyway. Always good for others to learn from your experiences.

1 Like