Tailscale is very much a successor to Hamachi. Hamachi was already "the 90s as a world of mesh networks on top of today’s internet." Ive run into some client side issues with Tailscale on Windows, but when it works, it works great.
BUT, this blog post is the worst part of SEO. If you're going to blog with lots of keywords to build up google cred, communicate useful things, not just a weird nostalgia. I didnt find the story particularly compelling.
Also, and probably more importantly, the message of 'as long as the perimeter is secure, security within the lan is just a nuisance' is kind of odd. I dont know if that part of the 90s is the part worth reviving. Endpoints should not be trusted by default. (That isnt necessarily tailscales job, but dont market/sell the product as a "its super easy to connect EVERYTHING, security be damned." That is irresponsible to people who want to build connectivity but dont know what they are getting into. If this is an Apple like 'it just works' dont underplay the dangers.)
(Author here) FWIW, I wrote this blog post a long time ago, when I was trying to understand what the product we were building is and why I like it. I sat on it for months because I assumed it was almost entirely unrelatable. Eventually I realized the internet is full of unrelatable things and so I may as well post it. SEO certainly wasn't on my mind.
As for how it relates to our product, I agree this post doesn't go into the "how" we recreate this programming environment. We certainly don't ever take a "security be damned" attitude, it's most of what I think about.
The goal is to build a secure environment, to achieve the security we had in disconnected environments (LANs), while keeping the world connected. If the environment is secure, you can spend less time wiring security through your code.
We are working on something fancier here, but it's tricky to get right so we haven't released it yet.
To be clear: if you're going to share a google account, you should create a new empty google account to do it, and should assume everyone in your family is an admin.
Please let me know if you found something on our site that isn't clear about that.
Yeah, I should have written something like "source code available for self-hosting".
The important point for me isn't really if this is true Open Source or not, but that I usually want (even paid is OK) access to source code so that I can fix things myself, if I have to.
This is the same license as CockroachDB and a bunch of other projects. It's used in cases where a company wants to avoid their product being put behind someone else's paywall ("SaaSification"). The AGPL isn't quite good enough and has issues.
Sorry you didn't like the article :) We posted another one this past weekend called "How Tailscale works" that this crowd seems to enjoy more, at least based on upvotes: https://news.ycombinator.com/item?id=22644357
And yes, we do think of ourselves as a "modern Hamachi." Hamachi was great! (I'm from Tailscale)
I thought that article last week was much more interesting.
/Techsupport side note. I have a Windows laptop, and for the life of it the client will not connect to the service. How do I troubleshoot this thing? Its almost too simple. Are there logs? https://i.imgur.com/QRLkQl1.png
/And is there any way to get to test the magic dns? Will there be better ways to set up relay nodes, and then SEE the design of the network? Can I set up a relay node on Windows, and only for specific IP addresses instead of entire subnets?
/On the topic of "security within the lan is just a nuisance" I do appreciate this being more of a unix philosophy like single tool than kitchen sink. I do think there would be a market for a companion piece of cloud software that acts as a firewall orchestrator between devices, surfaces logs, allows you to block or allow specific connections between specific devices, and to visualize the activity of the mesh. It would be beneficial to be able to super quickly design a "all the field ipads can get to the server, but not each other" type network, while at the same time giving pcs more LAN like access, or being able to designate "edge/guests/clients" that can only connect to "servers." The two types of networks shouldnt need to be mutually exclusive.
/On the topic of other markets and use cases, and maybe this isnt what Tailscale ever wants to be, I think there is a huge opportunity for a pure software client Wireguard SD-WAN a la Velocloud. If I have two ISPs plugged into my network, let me define BOTH gateways as acceptable places for traffic outflow, and build simultaneous tunnels out both. Maybe load balance traffic between them, watch for packet loss, congestion, jitter, and correct accordingly. That extra redundancy of being able to lose a link and keep the path would be extraordinary.
(I'm from Tailscale) A few people have reported a failure for the Windows service to start, usually related to registry lockdowns. You can try running "start /w tailscale-ipn.exe /server" in a "admin mode command prompt" window and paste the messages in an email to support@tailscale and we can try to decode them. You can also compile tailscaled from https://github.com/tailscale/tailscale with a Windows target and it'll run on Windows, which makes it easier to explore any bugs.
Magic DNS isn't available for testing yet, but coming soon!
Our network diagnostic logs are based on https://apenwarr.ca/log/20190216 and we do intend to surface those eventually to end users or at least network admins. Just need to work out the right API and security model for that.
As for access controls between devices, Tailscale already supports that but our docs are currently too vague. If you're using Tailscale, visit https://login.tailscale.com/admin/acls to explore. Security policies you edit in there are immediately enforced by all nodes right away, so you can give some users access only to central servers, etc.
While we're reminiscing what made Hamachi great; am I missing something or is it not possible to connect different accounts together with the 'Solo' Tier package of Tailscale?
Also I couldn't find an 'Exit' button anywhere. Is deinstallation really the only official way to close the application?
We started using SoftEther recently to connect a couple of warehouses over fiber to our existing subnet without having to redo any of our network architecture. I’ve always felt it was the new Hamachi. Tailscale to me feels like the new DirectConnect.
I meant it mostly as a comparison between IPSec and Wireguard. That tailscale is the next generation. I much doubt Hamachi will transition anytime soon.
https://en.wikipedia.org/wiki/LogMeIn_Hamachi
https://vpn.net
Tailscale is very much a successor to Hamachi. Hamachi was already "the 90s as a world of mesh networks on top of today’s internet." Ive run into some client side issues with Tailscale on Windows, but when it works, it works great.
BUT, this blog post is the worst part of SEO. If you're going to blog with lots of keywords to build up google cred, communicate useful things, not just a weird nostalgia. I didnt find the story particularly compelling.
Also, and probably more importantly, the message of 'as long as the perimeter is secure, security within the lan is just a nuisance' is kind of odd. I dont know if that part of the 90s is the part worth reviving. Endpoints should not be trusted by default. (That isnt necessarily tailscales job, but dont market/sell the product as a "its super easy to connect EVERYTHING, security be damned." That is irresponsible to people who want to build connectivity but dont know what they are getting into. If this is an Apple like 'it just works' dont underplay the dangers.)