Really appreciate this, I've just managed to get TailScale working, thanks for motivating me!

Been using Tailscale for years, it’s awesome

worth watching. Feel like a finished book

I so appreciate the extended conversation about this. I am relying on Zerotier quite a bit. It would have been nice to hear about how would tailscale would be different with Zerotier.

What are the best practices for securing a headscale server on a public IP? Running outside of home lab? Port forward from router? Reverse proxy running outside of lab? Something else?

Very hard to find tuto about the Headscale part. The git page isnt super clear to me.

what about netmaker?

Can you do headscale on a raspberry pie?

Secure networks do not allow RANDOM UDP or TCP ports in or out. Period. Yes, adds inconvenience when somebody “decides” to start using a new service or application, but if you don’t have control of your network, somebody else will! Trojans/spyware usually use non standard ports when trying to connect or send data to their command and control server.

First