The part I never understood with Tailscale is the ACL's. I wish they put a front end to it to make it easier to configure. But your explanation was pretty good and understandable.
@DigiDoc101Ай бұрын
I struggle with ACLs the same. This is why I'm strongly considering netbird, but I haven't had the time to set it up.
@Jims-GarageАй бұрын
It is odd why it isn't more user friendly. I would expect it be a GUI like Netbird etc (I have a video on that).
@Greg.MАй бұрын
Does Tailscale have a faster connection (through put) than Netbird? Hows the performace compare to using Headscale (is Headscale more performant)?
@theglowcloud2215Ай бұрын
@@Greg.M I've had generally horrible performance over Tailscale. Could never figure out the root cause; it didn't seem to have anything to do with my hardware or networks.
@Greg.MАй бұрын
@@theglowcloud2215 . . . with Netbird - how was your performance (in comparison)?
@chucksw15 күн бұрын
I use tailscale to access my network ip cameras that are connected to my home BlueIris PC, works great, I can even watch my cameras from My Toyota Rav4 display while driving, I connect an android box and connect to my hotspot on my mobile phone, it all works good running Tailscale :)
@Jims-Garage5 күн бұрын
@@chucksw1 that's awesome 😎
@Layer2CloudsАй бұрын
Used Tailscale for two years with spotty reliability. I have since moved to Netbird and have had great success. The Netbird routing nodes are brilliant.
@Jims-GarageАй бұрын
Yes, I currently use Netbird self-hosted and it's been reliable.
@dimasshidqiparikesit1338Ай бұрын
I tried netbird's mobile app and so far it's terrible. What's your use case?
@techdad6135Ай бұрын
Another great video! Would love to see more tailscale videos. Something I'm particularly interested in that I haven't found any videos or guides on is the App Connector feature.
@Jims-GarageАй бұрын
I considered looking into it but it stated it was still in beta.
@GeekendZoneАй бұрын
We need a video for Taiscale vs WireGuard vs Netbird.
@Jims-GarageАй бұрын
What would you like to see? I've covered all of those.
@GeekendZoneАй бұрын
I have seen your videos, about Netbird and now Tailscale, but I would like to know which would be your choice between Netbird, Tailscale and Wireguard and why, right now I use Wireguard and so far it has worked very well for me, but is it worth changing to Netbird for example?
@psecretpseudonym480129 күн бұрын
@@Jims-GarageIt would be great to see how they differ. I know they’re similarly marketed and do many of the same things, but they do some differently and have somewhat different focuses (kind of like GitHub vs GitLab). Both seem like great options, but are there specific reasons why I should want either in specific situations?
@shootinputin633212 күн бұрын
Great video, Jim. Thank you. Are you going to expand on this? say integrating Tailscale with Traefik and so on?
@Jims-Garage12 күн бұрын
I might do. As long as you allow LAN, set your DNS resolver correctly and don't have overlapping networks it should just work
@idunnoobroАй бұрын
Thanks for the great video! It was really interesting. Have you considered creating a video on how to securely connect to a home lab while on the go using a combination of classical VPNs like Mullvad and Tailscale? This would allow users to benefit from both services, ensuring strong privacy and convenient remote access. I know about the native Tailscale integration with Mullvad but I like to keep my VPN as seperated as possible. Cheers!
@Jims-GarageАй бұрын
It's an interesting idea. I can think of reasons to do it for certain activities... But struggling to see a point for a homelab. Definitely sounds interesting though.
@idunnoobroАй бұрын
@@Jims-Garage I personally have my phone connected to tailscale 24/7 so I can access my homeassistant instance and other services. I enjoy the added privacy of a VPN but I can see that not everybody is as paranoid about everything as me.
@PW-72648Ай бұрын
Hey Jim, thanks for another comfy vid. Can you remind me what you was using (hardware) for your opnsense router?
@Jims-GarageАй бұрын
It's a VM on my MinisForum MS-01.
@133colАй бұрын
Very cool! Hoped you'd delve a bit into specific services as well (apps, services, funnel, etc) but nevertheless it's a perfect introduction for newbies to Tailscale! A question: have you ever used Zerotier, and if yes, would you recommend that instead of tailscale?
@Jims-GarageАй бұрын
Thanks, I will go into those features in the next video. Zero tier is on the list
@iclaudiuАй бұрын
For me Zerotier is more simple to use, Mikrotik routers have built-in Zerotier. Zerotier minus is 1admin and 10 devices vs Tailscale 3 admins and 100 devices for free version.
@133colАй бұрын
@@iclaudiu I started out with zerotier but just don't have the time to digest the setup for an exit node and subnet routing. Hope Jim will cover it :) Tailscale is more user-friendly though, was a breeze to set up. Though I really really love ZT and would prefer it. Btw it allows 25 devices for free.
@martinottolangui4667Ай бұрын
Not watched yet , i think tailscale is where i what to go , Basically though i want to access a windows machine, to then access the rest , its where on my lan / home i do , so from remote, basically RDP 🤷 Vm windows, my net Cheers for the great vids
@marcus_cole_2Ай бұрын
I wish there was a more feature-rich GUI for Tailscale across general GUI-compatible operating systems. This would make it much easier for newcomers and non-UNIX users to navigate, without needing to understand command-line syntax. The current GUI options are too basic-Windows has only a bare-bones interface, and UNIX systems often lack a GUI altogether. Only my Raspberry Pi OS has a GUI option, but even that could be improved. If Tailscale really wants to encourage more people to adopt UNIX, a more advanced, visually intuitive GUI would help a lot. Most people are used to OS interfaces on Windows, macOS, and Android, which offer full-featured, user-friendly GUIs. A simple network map with icons, usernames, and easy-to-use options would make it so much more accessible. An enhanced GUI would let new users click or check boxes to configure settings without needing to type commands, making the software more appealing and user-friendly.
@Jims-GarageАй бұрын
I agree. Netbird is the poster child currently.
@marcus_cole_2Ай бұрын
@@Jims-Garage ???
@Jims-GarageАй бұрын
@@marcus_cole_2 whilst I acknowledge that it's not on the client, the netbird control plane is self hosted and much simpler to use IMO
@jellevanburen9427Ай бұрын
Great video as always. The part which I don’t quite understand is, if it would be possible to ‘route’ all of our family members phones/laptops through our local network. So I can see all of the traffic, but also can access local services like synology calendar. So they also get synced without punching a hole in my network for the nas. Is it possible to connect to the router? Or do I need to tie every phone to every service? But then I think they aren’t ‘on my local network’ anymore? So I cant use the policies I’ve made in unifi anymore? That would be something I would like to have more in depth coverage about. Not from a homelab perspective, but from a family privacy and security perspective.
@Jims-GarageАй бұрын
Yes, that's possible. There's an option to allow a client to share LAN access. What that means is it shares the local network to other clients.
@mattiashedman8845Ай бұрын
What I have understood about Tailscale that the derp server is only used when connecting two machines. Those two get an wireguard tunnel.
@Jims-GarageАй бұрын
It's for when machines cannot make direct connections (as demonstrated).
@Ai4all-d7yАй бұрын
Thankyou Jim's for considering tailscale. In previous video of yours about ENTE with terrific, I had requested for a tutorial of ENTE with caddy as sidecar and Tailscale. I think you should make a tutorial. I have struggled my self to do a testing but failed miserably. You new video will be a part of this video and will be much helpful. I have currently managed Tailscale, caddy as sidecar and nextcloud-aio. its working but with some secutity and setup warning inside nextcloud dashboard. there is probably some DNS issur with my setup as I am running docker rootless. SO I think the docker rootless misbehave. Regards
@kevinhu196Ай бұрын
I hope public WiFi do not block tailscale as it's my lifeline for accessing internet and my homelab, it's just that good. With some ACL tutorial I can even get github runners working on my private server.
@dstratievАй бұрын
Yet another interesting and more importantly - informative video. Thanks Jim! I have a bit of wondering around the DERP relay - if let's say we have two remote sites which we want to connect. In one of them the node is behind a "easy nat" and in the other location the node is behind a "hard nat". Will Tailscale manage to initiate a direct connection in this case? Or it would fall back to DERP?
@Jims-GarageАй бұрын
I believe both need Easy NAT for it to work. Otherwise it goes to DERP. You can also host your own DERP if needed so it doesn't use Tailscale's.
@dstratievАй бұрын
@@Jims-Garage Thanks a lot. I need to explore :)
@goodcitizen4587Ай бұрын
That's really cool. Thanks for the vids.
@Jims-GarageАй бұрын
Thanks for watching!
@casperghst42Ай бұрын
It does make it easy, though I miss the option you get with traditional VPN where you get access to a full network. Meaning I connection with my VPN client and I can access all the hosts on my network (or what I have allowed in the configuration/firewall).
@Jims-GarageАй бұрын
You can do that. Allow LAN access on the client.
@casperghst42Ай бұрын
@@Jims-Garage perfect, thank you.
@NickyNiclasАй бұрын
One thing I've tried to setup many times is a Tailscale exit node that exits through a killswitched VPN but I just can't get it to work. I tried setting it up as a compose stack with Gluetun but no matter what I try, for some reason it just won't work. Any ideas? (Maybe I should just pay for the built in mullvad VPN but I'd like to be able to use any provider.)
@InsaiyanTech14 күн бұрын
I’m trying to figure this out as well but it’s over my head and beyond my knowledge sadly I’m in the same boat.
@unmesh599 күн бұрын
I now have Tailscale running on Windows, Linux and IoS! Any recommendations for a low power consuming Tailscale peer device that I can run economically energy-wise 24x7 in a remote location to serve as an exit node?
@Jims-Garage8 күн бұрын
@@unmesh59 a cheap, second hand mini pc from eBay? An old laptop? An old Pi?
@unmesh598 күн бұрын
@@Jims-Garage I have all three as spares! Would a Pi Zero W have enough processing power to push through say 10Mbps if it was running no other "applications"?
@Jims-Garage8 күн бұрын
@unmesh59 I don't know ... You could test locally. It might be able to.
@unmesh597 күн бұрын
@@Jims-Garage I tried it and it works!
@Jims-Garage7 күн бұрын
@unmesh59 awesome, thanks
@alanjrobertsonАй бұрын
Agree with comments re their ACL page needing a nicer UI but really impressed with their VS Code plugin, very slick and easy, esp with built-in SSH option. Re Netbird - I tried self hosting it but just couldn't get it to work properly. Tailscale also have pretty decent docs and explanations. One dkwnai I found is some corporate networks block aceess to their control plane server.
@cybr774Ай бұрын
I've been planning for some time to manage the ACLs with terraform
@tompaah7503Ай бұрын
Are you using a IBM Model M keyboard?
@Jims-GarageАй бұрын
@@tompaah7503 sadly not, but it's a custom mechanical
@InsaiyanTech14 күн бұрын
Can you make a video on how to connect this on Truenas scale with like nginx or traefik and cloudflare I want my network secured with this setup on my nas would be dope
@Jims-Garage14 күн бұрын
@@InsaiyanTech I will consider it. Essentially you want the LAN option enabled on the client
@InsaiyanTech14 күн бұрын
@@Jims-Garage ya i just want to keep my nas atleast local but without zero ports open from what i read if you do this option cloudflare into tailscale ip into nginx to truenas techically no ports are open and everything is still local.
@Shaq2kАй бұрын
You have to make up your mind soon :) While you're at it, maybe test out Twingate as well
@soul_maestroАй бұрын
i'd only use it with headscale, and other self hosted servers needed to even run this - to not depend on any of their servers. as using their services would tell them when my servers are or aren't online, when somebody connects to it or not, and from where. (and worse case: allow them also access into my network or some info about it)
@Jims-GarageАй бұрын
Yes, the privacy trade-off won't work for everyone.
@Bruno-vz8vkАй бұрын
I tried the same thing but as i use adguard dns on my phone i'm having an error message... Any idea?
@JoerBrandoАй бұрын
What about ZeroTier?
@Jims-GarageАй бұрын
On the way soon
@Common-man_lifeАй бұрын
It would very help if you please share the process turn off DEEP server on windows and Linux
@Jims-GarageАй бұрын
I assume you mean DERP? If so, it's nothing to do with the OS, it's simply due to networking.
@Common-man_lifeАй бұрын
@@Jims-Garage yes DERP how to you off that ..please share the config
@Jims-GarageАй бұрын
@Common-man_life put all the clients on the same subnet and you won't have a problem.
@Common-man_lifeАй бұрын
@@Jims-Garage if in different then have issue please share how you doing the setup so it would very help
@Jims-GarageАй бұрын
@Common-man_life I showed how to do it in OPNSense firewall. You need rules to allow traffic between vLANs.
@justinbrennan11Ай бұрын
Not sure if it's just a me issue. I've found the tailscale android app is a battery drainer over using say the standard wireguard app.
@BenjaminBenSteinАй бұрын
🎉
@kevinhughes98016 сағат бұрын
Excellent vid there acl config page defo needs a gui thanks
@Jims-Garage6 сағат бұрын
@@kevinhughes9801 totally agree
@kevinhughes98016 сағат бұрын
@ merry Christmas thanks for all great videos!
@Jims-Garage6 сағат бұрын
@kevinhughes9801 same to you! 🎄
@kristof9497Ай бұрын
Thanks.
@TheRealAnthony_realАй бұрын
Firewalls are usually good and 99% configured to stop incoming traffic ... However if you run services which have to reach the internet you'll end up inevitably with open ports such as http and https ... There is a ton of malware out there that installs through that and lots of segmented programmes that open tunnels from inside out ... Whatever fire rules you have if you don't create specific ones for all the services in/out your network is still vulnerable ... With this being said will tailscale help ? Traffic is generally encrypted via HTTPS either way ...
@bikramtuladharАй бұрын
Tailscale work well with devices with root access. But it is not reliable in CI/CD platform where root access is not permitted. If anyone planning to use Tailscale to deploy to private server through Tailscale network, use private self-hosted CI/CD runner instead.
@Sledy95Ай бұрын
Great material. Thank you for sharing your precious knowledge and time for free :)
@Jims-GarageАй бұрын
Glad it was helpful!
@toddselby443Ай бұрын
You really want to thank him, throw him a few bucks with the Thanks button or become a subscriber to his Patreon. Help feed his sweater addiction!
@michaelgleason4791Ай бұрын
It's not free. Nothing is free.
@enderst81Ай бұрын
Tailscale vs Netbird, I can't decide :(
@KrisFromFutureАй бұрын
Tailscale vs NetBird please ;)
@Jims-GarageАй бұрын
They're basically the same just the management is different. I have a video on Netbird and I still use it personally...
@toddselby443Ай бұрын
NetBird has a prettier icon on your Windows taskbar.
@xr4nchyАй бұрын
Jim always amazes me with his quality of video, great explanation. I think Tailscale should have picked you as their "Developer Advocate" rather than that guy at tailscale who makes youtube videos, who struggles when asked about a simple networking question in livestream. Instead of showing actual stuff he shows his face 90% time in the video.
@Jims-GarageАй бұрын
Wow, thanks! I'll have to check out the videos you're referring to.