---
layout: post
title: Trying out Tailscale
date: 2024-12-08 19:11 +0100
lang: "en"
categories: "tech"
---

I've been [using Wireguard]({% post_url 2022-11-20-eine-kleine-netzwerk-reise
%}) for quite a while now, mostly to connect my servers. Also, to connect my
phone to my network to have "a VPN" in open WiFi networks. With the acquisition
of [a Chromebook]({% post_url 2024-12-01-new-device-acquired-chromebook %}).
the number of devices increased by one.

[OpenWRT](https://openwrt.org/) actually has a nice
[interface](https://openwrt.org/packages/pkgdata/luci-app-wireguard) for
managing a Wireguard network, and it works good enough. Nevertheless, out of
*sheet, absolute boredom*, I've been considering setting up
[Tailscale](https://tailscale.com/) or [Netbird](https://netbird.io/) to
simplify the whole device and key management. I *briefly* considered
self-hosting, which is possible with both services (Netbird offers their own
solution, Tailscale has Headscale), but rejected the idea.  Reason being, "too
much work" (or too overblown, I am not a huge fan of Docker Compose), and also,
"don't wanna fuck this up". I went with Tailscale in the end, with Netbird
still kinda "in beta".

You can follow the process [on
Mastodon](https://furry.engineer/deck/@uvok/113606683580862388) actually, I
kinda tried to write everything within this thread. I got Tailscale on my
OpenWRT router as well, however, *not using the opkg package*, but using the
static binary provided by Tailscale (the opkg version being terribly out of
date!).  The OpenWRT wiki actually has [an
article](https://openwrt.org/docs/guide-user/services/vpn/tailscale/start)
explaining what you have to install, in regards of iptables stuff, for… I think
masquerading to work. [1] I'm kinda worried it will do something bad to my VPS
using ufw - or at least, ufw overwriting again rules set by Tailscale on the
start of the daemon…

So far it works quite well. I can't really find a *huge* advantage for
Tailscale (vs. manual Wireguard). I mean, yeah, I don't have to take care of
key management. Also, the "Magic" DNS is a nice extra for Tailscale. *However*,
I *do not like* it messing with resolv.conf, so I disabled it for my servers
and my router.

Would I recommend this service? No idea, it depends on your use case. It's
free, however, so there's no damage in trying it out.

[1] Actually, as I'm researching this, Tailscale [now supports
nftables](https://tailscale.com/kb/1294/firewall-mode)! Yaaay!