I've been using headscale for a bit now, would definitely recommend. The docs in the GitHub are pretty easy to follow, and it's more or less feature complete for most of the stuff I want, although it doesn't do everything Tailscale does.
My setup is Headscale + Caddy L4 TCP passthrough + OIDC provider (Authentik) on a VPS (have used both Oracle Cloud and Contabo in the past). Caddy routes everything through one namespace in headscale onto my local machines. I have another namespace that's for my laptop, PC, and phone as well. Happy to answer any questions!
I've used a bunch of these and I think they all have their place. I ended up switching over to Netmaker because it's also Wireguard-based and its web-ui makes it easy to add and remove clients and have some fine-grained control over each one's access.
You can pretty much do the same stuff with headscale, but it's the type of thing I'd do infrequently enough that I'd have to spend all of my time in the man page each time I had to make a change.
Been using Headscale for a few weeks. Its super lightweight, its default SystemD unit is absurdly protective (it makes sure that headscale can only access and do what it truely needs and runs as an underprevileged user on purpose) and it should be possible to use it in something like a free fly.io instance. Haven't made that work just yet - but that is very much a me-problem. Connections have been rock solid and stable, config is super small and simple. :)
I've been using headscale for a bit now, would definitely recommend. The docs in the GitHub are pretty easy to follow, and it's more or less feature complete for most of the stuff I want, although it doesn't do everything Tailscale does.
My setup is Headscale + Caddy L4 TCP passthrough + OIDC provider (Authentik) on a VPS (have used both Oracle Cloud and Contabo in the past). Caddy routes everything through one namespace in headscale onto my local machines. I have another namespace that's for my laptop, PC, and phone as well. Happy to answer any questions!
More replies
I use headscale. Quite simple to setup. You don't even need oidc in the first place if you don't plan on having to deal with identities.
I love it, and I love tailscale.
To be fair tailscale is architected in a way that they do control your network, but in a way that does not grant any access to your data.
Actually reading the tailscale blog is a fantastic lesson in both enterprise development and networking.
More replies
Another option (though not as popular) is Netbird
More replies
I've used a bunch of these and I think they all have their place. I ended up switching over to Netmaker because it's also Wireguard-based and its web-ui makes it easy to add and remove clients and have some fine-grained control over each one's access.
You can pretty much do the same stuff with headscale, but it's the type of thing I'd do infrequently enough that I'd have to spend all of my time in the man page each time I had to make a change.
More replies
Been using Headscale for a few weeks. Its super lightweight, its default SystemD unit is absurdly protective (it makes sure that headscale can only access and do what it truely needs and runs as an underprevileged user on purpose) and it should be possible to use it in something like a free fly.io instance. Haven't made that work just yet - but that is very much a me-problem. Connections have been rock solid and stable, config is super small and simple. :)