You buy a Tailscale contract for the same reason you buy a Red Hat contract. If something goes wrong, and you need to fix it fast, their experts will work on that, not yourself.

Also, Tailscale offers OAuth through large corporate providers; I'm not sure Headscale is going to support that. (Actually, this is why I don't use Tailscale for my private network: I don't want to depend on an external OAuth provider.)

Headscale dev here.

Companies looking into this will pay Tailscale.com service. You really need commercial support if you plan a large enterprise deployment. Tailscale even now offers a self-hosted version of their service - for those with concerns about using the public SaaS.

You can possibly buy a subscription but tell the devs that you're using headscale. If enough people do this they might make a host-your-own version like bitwarden.

To clarify, I don't use Headscale either.

Both look like great products, I just don't need what they're offering enough to accept their downsides.

We're working on the key distribution trust problem. Stay tuned.

I agree - there's always a danger with companies that try and have a lot of their product as OS that someone will come along with an OS product that plugs the gap in the only place they're trying to make a profit!

I think because in this case they enforce that by hosting the control plane themselves, it doesn't really matter. I wouldn't use something I can't self-host anyway, not something as security-sensitive as a VPN.

So many users will not have even considered the paid version anyway, and their participation will give tailscale a higher marketshare and thus more viability.