by arittr on 12/7/23, 7:26 PM
"One thing you can rely on with IPv4: whatever the problem, Network Address Translation is part of the solution."
NAT... the cause of, and solution to, all of life's problems.
by AdamJacobMuller on 12/7/23, 7:31 PM
> To address this (no pun intended),
Liars, you definitely did.
I was a bit surprised when I learned tailscale was addressing out of a single global pool and wondered how they would fix it when they ran out of IPs (and I knew they would, Tailscale was and is obviously that good to me). I vaguely suspected this would be kind of solution they would employ because it's really perfect from an end-user experience point of view, but, thought they might not because it's definitely more complex on their side. Shame on me for misunderestimating the tailscale team.
by cyrnel on 12/7/23, 9:44 PM
> We all know how well IPv6 adoption has gone
What frustrates me is that people keep building solutions like this that heavily rely on IPv4, even when forward-compatible options exist. With clever use of IPv6 transition technologies, you could have retained support for legacy devices while generally using IPv6 everywhere else.
by lnxg33k1 on 12/8/23, 3:25 AM
The only thing preventing me from using tailscale is that to register I need to give my data to shitty companies like Google, Microsoft or apple but i used it when I was at a company where I had a company github account and it was nice, but personally it’s not even for privacy, i just want nothing to do with those companies
So i hope one day you will be able to register with user and password
by wheybags on 12/7/23, 7:09 PM
The one feature I feel is missing now is attaching to multiple tailnets from the same client. Since you can configure address ranges, I could set up non-overlapping ranges on my personal and work tailnets, and then use both on my phone, for example.
by tambourine_man on 12/7/23, 11:32 PM
By reading the title I imagined a brand new way address routing. That’s how high I regard Tailscale, I guess.
I remember watching many years ago a talk about a mesh network scheme where its users would unambiguously assign themselves addresses through some hash function. I was fascinated by this concept of generating my own address (instead of having it assign to me) and that it could possibly be mine forever, perhaps associated with some biometric marker.
Anyway, this is also cool, just less ambitious :)
by jakedata on 12/7/23, 8:57 PM
I hope they are working on improving firewall traversal. Lots of firewalls don't allow symmetrical UDP NAT ports, causing clients to fall back to DERP relays on TCP port 443. It's a lot slower. It is possible to work around this by statically mapping inbound UDP ports but that is clearly not an ideal situation. I generally love Tailscale though, amazing work all around.
by incahoots on 12/7/23, 9:14 PM
Tailscale is needed if you require site to site connectivity via something like Starlink.
I may be putting my ignorance on display here, but I recently completed a site-to-site network between two farms in rural America, no other ISP can serve these farms, and they needed to communicate cow data between the different farms. Tailscale did the majority of the heavy lifting thankfully, and we were able to get them all sorted out.
I could not get Wireguard to work, and that may be down to my limitations in networking, but I was sucessful with tailscale, so make of that as you will.
by GauntletWizard on 12/7/23, 7:54 PM
1:1 Nat is a great solution... except in cases where IP Addresses of peers are transmitted as part of the protocol, like in Gossip structures or (Not that anyone should be using this!) FTP. Most games do this, though explicitly to get around NAT so they understand which packets are coming from where.
Honestly, in none of my use-cases will it matter - I can't see myself running a gossip protocol across servers that I do and don't control.
by evntdrvn on 12/7/23, 7:05 PM
Thank you to everyone at TS involved in this feature!!
It will solve a big pain point for us re reserved CGNAT ranges that were causing conflicts.
Cheers
by timenova on 12/7/23, 10:02 PM
I'm glad they released this feature. There are databases/services which require you to input the IP address to listen on instead of the network interface. This will greatly simplify configuring those services.
by moduspol on 12/7/23, 7:32 PM
I just set up Tailscale for work last week. I've been really impressed with it.
by teddyh on 12/8/23, 3:46 PM
The eternal problem with companies like Tailscale (and Cloudflare, Google, etc. etc.) is that, by solving a problem with the modern internet which the internet should have been designed to solve by itself, like simple end-to-end secure connectivity, Tailscale becomes incentivized to keep the problem. What the internet would need is something like IPv6 with automatic encryption via IPSEC, with IKE provided by DNSSEC. But Tailscale has every incentive to prevent such things to be widely and compatibly implemented, because it would destroy their business. Their whole business depends on the problem persisting.
by lucw on 12/8/23, 1:16 AM
I setup a proxmox on a bare metal server to create development VMs. The solution that works for me is IPv6. Every VM that I create is publicly accessible, it's secured by a firewall and openssh public key only access. It's standards compatible, every smartphone and tablet has access, including chromebooks. Tailscale is not available on chromebooks.
If tailscale looks interesting for your use case, but you'd rather have a standards compliant solution, look into IPv6. From an engineering perspective, it's a much cleaner solution.
by jedberg on 12/7/23, 10:03 PM
What is the advantage of using the CGNAT range instead of 10/8?
by pbnjay on 12/7/23, 11:58 PM
Ok that’s fun. My home network is 10.3.x.x … can I somehow script to get my tailnet onto 100.103.x.x ?
Now I need to investigate!
by anonymousiam on 12/8/23, 4:40 AM
I'm not sure how many have done this as well, but I've deliberately allocated lots and lots of elastic IPs on AWS in order to find one that I liked, for use by a long-living instance.
by BonoboIO on 12/7/23, 10:41 PM
Next thing: Vanity 100.xxx.xxx.xxx IP addresses.
by tonymet on 12/8/23, 4:31 AM
How about IPv6 with distributed acl?
by 1_ui2mas on 12/8/23, 1:53 AM
Stumbel guis
by slt2021 on 12/8/23, 4:15 AM
This blog is blocked by DNS Security solution because of "personal VPN".