I don't think you need to pay $6 a month to try it out.
Install it on all the machines you want. When you are running it on the machine, it is networked to the other machines that are running it. Now make an 'exit node' on one of those machines by selecting it in the UI, and all your gear can access the internet via that exit node. Your phone can run it. Your apple tv can run it. You can have multiple exit nodes. So you can have a worldwide network and not once did you have to open ports in firewalls etc.
How does it compare to Zerotier? The way I understand it it's kind of overlapping functionality but not necessarily everything.
What I want from Zerotier is basically what you described about Tailscale.
The two problems I have with zerotier are:
1) It's supposed to let a mobile device like an Android tablet route its traffic through zerotier (functioning as a VPN to my home site, in this case). However, I've never got that to work. It's running, but doesn't affect anything network-wise for the other applications (unlike running e.g. openvpn on it)
2) On a couple of computers with specific routing set up to various destinations, when Zerotier runs it simply blocks all of that and there's no way for me to continue accessing anything else than the Zerotier network. No fiddling with routing tables etc. changes any of that. On other computers, also some running OpenVPN, Zerotier does not interfere. I've never figured out what causes this.
So, in short, I'm pondering if I should ditch Zerotier and try Tailscale instead. If it does the same - I simply want a way to connect my devices, but I also don't want to lose total control over routing. For mobile devices I would want full VPN, for computers I don't. Edit: So, I'm both after connecting my multiple networks, as well as VPN'ing certain things or devices through another location.
Having tried both Zerotier and Tailscale, I found Tailscale to be a significant improvement. Tailscale uses Wireguard as the base encrypted protocol instead of a semi-homebrew protocol Zerotier came up with that notably lacks things like ephemeral keys/perfect forward secrecy. Tailscale also has a faster pace of improvement and is responsive to customer asks, regularly rolling out new features, improving performance, or fixing bugs. Zerotier by contrast seems to move slower, regularly promising improvements for years that never materialize (e.g. fixing the lack of PFS).
My last gripe is more niche, but I found Zerotier's single threaded performance to be abysmal, making it basically unusable for small single core VMs. My searching at the time suggested this was a known bug, but not one that was fixed before I switched to Tailscale. Not impossible to work around, but also the kind of issue that didn't endear the product to me or inspire confidence.
It's been a minute since I ran ZeroTier, so my memory is fuzzy.
Tailscale and ZT are not the same. ZT can do certain things that TS can't. One example is acting as a layer 2 bridge. Or a layer 3 bridge. TS can do neither. It can achieve mostly similar results though.
ZT can be a pain to setup. TS is a breeze. ZT's raw performance is quite poor. TS's is usually very good.
If I understood you correctly, you want both a way to access your home LAN when you're out - this is easy. Set up a node with NICs on the LAN subnets you want access to (I run it on my router), and configure the TS node to announce routes to those subnets. Install the TS client on your laptop and mobile and accept those routes. Job done.
If you also want to mask your egress - i.e. reach the Internet via your home network as if you were there - then you need a node (can be the same as above) configured to act as an Exit Node. When you want one of your devices to use this, just select the appropriate exit node. Job done.
So, somewhere on that website, there’s a free version that can be downloaded onto a desktop and run without signing up for their service?
I think I understand what it does now. So, basically you leave a computer running at home, and this thing lets you pretend to be running your internet stuff through it while you’re on the road?
The first plan on the left called 'Personal' is free.
It uses a central orchestrator which is what requires you to sign up. If you prefer to self host your orchestrator you can look into Headscale, an alternative that seeks to be compatible with the clients.
> So, basically you leave a computer running at home, and this thing lets you pretend to be running your internet stuff through it while you’re on the road?
That's one thing you can do with it, yes. You can also run custom DNS entries across it, ACLs, it is very flexible.
Ugh. On mobile, the first plan on the pricing page is “ starter” for $6. The plan to the right is partly visible, indicating that you can scroll that way. There’s nothing to indicate that you can scroll left.
A less hostile website design would have (again) saved me a question.
It seems like it defaults to Business, which is paid. If you tap "Personal" you'll see the free plan.
Sorry, but try a little harder. Tailscale isn't hostile, but it seems you are -- you claim to think you need it, but don't know what it does and can't put in the effort to determine and foist those inabilities on Tailscale?
I've been using Tailscale for many years now and they have a terrific product.
Tailscale is one of the simplest, most useful things I use. I only use the personal plan, but I keep toying with signing up for paid because it’s a damn good product.
The service is free up to certain amount of connected people and devices. You most likely don't need to pay for it. I am pretty heavy user and don't.
It is virtual private network orchestrator. It allows you to connect to other devices that you add to your network as long as they are connected to the internet. So your office computer, home server or NAS. If you have some home automation like home assistant you can connect to it from anywhere. That kind of stuff.
You can run it on a capable router or on a RPi, or on your NAS. It's especially useful if you want to self-host (e.g. Immich). You can use it to authenticate for ssh if you like, or simply give you an IP you can ssh to.
It's especially handy if you want a secondary way in, in case you have problems connecting using wireguard, since it supports using a relay if you're stuck in a hotel with a heavily restricted connection.
If you run DNS at home, you can even configure it to use your home DNS and route to your home subnet(s).
Install it on all the machines you want. When you are running it on the machine, it is networked to the other machines that are running it. Now make an 'exit node' on one of those machines by selecting it in the UI, and all your gear can access the internet via that exit node. Your phone can run it. Your apple tv can run it. You can have multiple exit nodes. So you can have a worldwide network and not once did you have to open ports in firewalls etc.