Tailscale is an overlay Mesh network. It relies on a central login server which then brokers wireguard connections behind the scenes. The tailscale also offers DNS, ACLs and a whole bunch of other bits around the side of just transferring data between nodes.
Tailscale is partially closed source and has developed by a business with paid offerings for enterprise. A bunch of their stuff is open source though, and from their blog https://tailscale.com/blog/ they seem a pretty cool company with a heavy focus on fancy new tech solutions, and with a clear route for funding.
The most notable closed source part of Tailscale is the login server which Tailscale host. Headscale is an opensource implementation of Tailscale which you can selfhost!
Tailscale even acknowledge this on their blog and seem to have a nice relationship with the headscale dev. The main headscale dev is also super polite and considerate towards Tailscale, itās quite a sweet & wholesome relationship to read about on github.
How do I use it?
Currently running Headscale internally on my main server, deployed via docker compose (see Docker containers on overlays)
DNS
I keep hitting DNS issues again, hereās some relevant notes.
Tailscale client side sets the client DNS to 100.100.100.100 which points to a recursive DNS server built into the tailscale client.
The inbuilt DNS client can recurse to the servers specified on the tailscale/headscale login server, including IP addresses within the tailscale ranges.
However, thereās many moving parts here with many layers of fallbacks and failovers which complicates things and leads to general flakeyness.
2024-03-20 listen port ignored
Noticed newer containers I built by installing tailscale via the Dockerfile as per Docker containers on overlays were appearing as relayed in my LAN. I realised that the tailscaled daemon wasnāt respecting the āport parameter if a login server was specified.
Turns out the issue was I had randomisclientports enabled in headscale config. Thereās still some inconsistencies here: I think most normal people would read the docs and assume that āport should take priority: https://github.com/tailscale/tailscale/issues/11174