tailscale VS netbird

Tailscale has made all of their client source code available for anyone to view so if you want to confirm that you’re not sending unencrypted data or keys through their servers you’re more than free to do so.

https://github.com/tailscale/tailscale

I think there is some merit to setting up wireguard (e.g. you want more devices than what Tailscale offers for free, or their servers become unreliable for some reason)

But people who push the “scarey boogeyman will look at your data” with Tailscale are either technically illiterate or overly-paranoid.

For example, the home networking, personal VPN, we may use Tailscale. https://tailscale.com/ which is also listed on the Umbrel App Store.

Here then comes VPN (Virtual Private Network) which is basically establishes a protected network connection when using public networks. I already have relevant experiences with this one as some of my previous projects involves private repositories that can only be accessed by connecting into the client's VPN. There are many solutions for this specific use case like WireGuard, but in this particular blog, I chose Tailscale.

I had 2 old laptops sitting around, both 10 years old. I turned both into a home server. Installed Ubuntu Server, set up Docker, and now I run all my containers remotely. With Tailscale, I can securely connect to it like it's on the same network. This way, my MacBook doesn't have to run MongoDB, Redis, or RabbitMQ anymore. That alone freed up a lot of memory. I can even run other services like HomeAssistant, MailHog, Immich, etc.

Then I wanted to add Tailscle which besides being a "best in class VPN" for the homelabbers, allows you to add k8s services directly into your tailnet. What does it mean? The Tailscale operator allows you to access your k8s applications only when you are logged into your private network (tailnet), with the usage of your domain for ended with ts.net. You can configure it in two ways on the resource side, with ingress or with service annotation.

here's the GitHub issue tracking the problem:

https://github.com/tailscale/tailscale/issues/3363

We actually have that nowadays... the config file support to tailscaled, as Irbe mentioned on the bug Jan 2024: https://github.com/tailscale/tailscale/issues/1412#issuecomm...

I dunno if the CIA would trust them but I like Amcrest cameras

https://amcrest.com/

because they have a wide range of different price points and capabilities. Use these with software like

https://zoneminder.com/

which you could run on a cheap Linux box. For secure access use

https://tailscale.com/

Vertical scaling this language also gets into painful territory quite often, I’ve had to workaround this problem before but never with a thing that felt like this: https://github.com/tailscale/tailscale/blob/main/syncs/shard...

https://github.com/netbirdio/netbird is probably what good looks like with regards to your last paragraph.

Netbird seems (or perhaps is?) newer. It didn't have some basic features baked in when I last looked into it, e.g. you couldn't switch accounts on the client https://github.com/netbirdio/netbird/issues/3273 and if I had an account associated with a single team, then that account couldn't be invited to or be associated with additional teams.

Recently I've been looking at VPN solutions, specifically ones built around WireGuard, that take away some of the manual steps required to manage a large scale deployment. After building proof of concept solutions with several of these offers, I settled on NetBird.

The project that has a feature which allows admins to SSH to any computer in the VPN ? [1]

They have a feature called remote SSH access where the agent running on the node allows other VPN users to SSH to another machine on the network without having SSH enabled / public keys set up. I've tested the project at the beginning of the year and it was a big NO for me. They seemed to fix this issue but it appeared again.

[1] https://github.com/netbirdio/netbird/issues/1868

Or https://netbird.io which is open-source. You can host the coordination server too :)

https://github.com/netbirdio/netbird seems to be completely open source (BSD), https://github.com/gravitl/netmaker?tab=License-1-ov-file#re... uses Apache for the non-pro stuff, and both of those I found by simply looking at https://github.com/topics/wireguard

This is why I asked, the phrase "I decided to reinvent the wheel which has honestly been quite fun with learning about eBPF, and recently clustering and HA with etcd" makes it sound like it's doing a bunch of cool stuff (which I want to hear about!), but the readme says nothing about those.

The best way to securely connect your functions to your other resources is with an encrypted mesh network like NetBird. NetBird lets you link your infrastructure together using a zero-config private WireGuard network that works across cloud, serverless, and on-premise infrastructure.