Who cares at this point, Tailscale itself is the 600th reimplementation of the same idea, with predecessors like nebula and tinc. They came at the right time, with WireGuard being on the rise, and poured millions into advertisements that their community "competitors" didn't have since most of them isn't riding on VC money.

I've met a lot of people who think Tailscale invented what it does.

Prior to Tailscale there were companies -- ZeroTier and before it Hamachi -- and as you say many FOSS projects and academic efforts. Overlay networks aren't new. VPNs aren't new. Automated P2P with relay fallback isn't new. Cryptographic addressing isn't new. They just put a good UX in front of it, somewhat easier to onboard than their competitors, and as you say had a really big marketing budget due to raising a lot when money was cheap.

Very few things are totally new. In the past ten years LLMs are the only actually new thing I've seen.

Shill disclosure: I'm the founder of ZeroTier, and we've pivoted a bit more into the industrial space, but we still exist as a free thing you can use to build overlays. Still growing too. Don't have any ill will toward Tailscale. As I said nobody "owns" P2P and they're doing something a bit different from us in terms of UX and target market.

These "dumb pipe" tools -- CLI tooling for P2P pipes -- are cool and useful and IMHO aren't exactly the same thing as ZT or TS etc. They're for a different set of use cases.

The worst thing about the Internet is that it evolved into a client-server architecture. I remain very cautiously optimistic that we might fix this eventually, or at least enable the other paradigm to a much greater extent.

I know it wasn't a "new" idea, but still, ZT was a paradigm shift for me. I was suddenly on the same LAN with people I cared about. Thank you for making it happen.

> put a good UX in front of it

It's good as long as everything works out of the box, but it's a nightmare when something doesn't work. Or at least that has been my experience. I'm used to always troubleshoot first when I have any issue, but with Tailscale I decided I'm done trying to fight it, next time something doesn't work I'll just open a ticket and make it the ops team problem.

This is true for all systems that hide a lot of complexity. Apple is great until something doesn't work and you get things like "Error: try again later." A car is great until it doesn't start, and there are numerous reasons that can happen.

I remember running Hamachi and NoIP DUC's (Dynamic Update Client) as a kid in late 2000's to expose private server addresses for games or for multiplayer through direct network addresses

NoIP was also the recommended "easy" option for configuring RAT (Trojan) host addresses at the time IIRC.

Hamachi was BIG in the gaming scene. I used to host a Tibia server and use it to make the server accessible to friends.

As one of the iroh developers I must say thank you for creating ZeroTier! It absolutely was part of the inspiration and it's seamless functioning continues to amaze me daily. Something that continues to drive me to strive for as seamless an experience in iroh.

I love the fact we can make different tools learning from each other and approaching making p2p usable in different ways.

As others have said Hamachi was very popular in some gaming communities. I don't know quite how it fits technologically, but a similar user experience seems to come from playit.gg[1].

[1] https://playit.gg/

My friends and I used Hamachi in the early 2000s to play StarCraft and other games over the internet without involving online services. Worked great. I’ve got a soft spot for it.

As much as hyped tailscale is, at least there is an option to fully self-host coordination server. Do you have something like that?

ZeroTier controllers can be self-hosted.

It doesn't look fully independent from ZT. It's maintained by you guys. Headscale is fully independent and has much clear, easy to follow docs

TailScale sells certificate escrow, painless SSO, high-quality integrations/co-sell with e.g. Mullvad, full-take netlogging, and "Enterprise Look and Feel" wrapped around the real technology. You can run WireGuard yourself, and sometimes I do, but certificate management is tricky to get right, the rest is a pain in the ass, and TailScale is cheap. The hackers behind it (bfitz et all) are world-class, and you can get it past most "Enterprise" gatekeeping.

It doesn't solve problems on my personal infrastructure that I couldnt solve myself, but it solves my work problem of getting real networking accepted by a diverse audience with competing priorities. And its like 20 bucks a seat with all the trimmings. Idk, maybe its 50, I don't really check because its the cheapest thing on my list of cloud stuff by an order of magnitude or so.

Its getting more enterprise and less hackerish with time, big surprise, and I'm glad there's younger stuff in the pipe like TFA to keep it honest, but of all the necessary evils in The Cloud? I feel rather fondly towards tailscale rather than with cold rage like most everything else on the Mercury card.

I've managed a Wireguard-based VPN before Tailscale. It's pretty straightforward[0].

Tailscale makes it even more convenient and adds some goodies on top. I'm a happy (free tier) user.

[0] I also managed an OpenVPN setup with a few hundred nodes a few decades back. Boy do we have it easy now...

Iroh is much better suited for the application layer. You can multiplex multiple QUIC streams over the same connection, each for a specific purpose. All you need is access to QUIC, no virtual network interface.

It’s a bit like gRPC except you control each byte stream and can use one for, say, a voice call while you use another for file transfer and yet another for simple RPC. It’s probably most similar to WebRTC but you have more options than SCTP and RTMP(?).

This is made using iroh, which aims to be a low level framework for distributed software. Involves networking but also various data structures that enable replication and consistency between networked nodes.

Does it include reconnection logic? I presume that's not considered "low level", but it does always annoyingly have to be reimplemented every time you deal with long-lived socket connections in production.

yes, to an extent. It will time out if the connection completely dies for more than the timeout interval, but all connections are designed to survive changes to network changes like IP address or network interface (eg: switching from WiFi to ethernet, or cellular)

Iroh is one of these low level libraries. It is basically p2p QUIC, where p2p means 1. addressing by node id and 2. hole punching.

Dumbpipe is meant to be an useful standalone tool, but also a very simple showcase for what you can do with iroh.

Connecting phones on mobile/cignat with Tailscale is really one of the few software "Aha" moments I've had.

Isn’t tailscale a wrapper around WireGuard? With some other hole-punch sprinkles?

Well, WireGuard and WebRTC, but yes.

The real feature of Tailscale is being able to connect to devices without worrying about where they are.

You might be confusing it with netbird, which is the 601st implementation of a mesh network that does use both WebRTC and WireGuard.

There's no WebRTC in Tailscale.

Isnt a derp server juat webrtc with minor changes?

You don't need the whole of WebRTC for NAT traversal, TURN/STUN will do the job.

Edit: apparently it uses STUN/TURN but not WebRTC

Nat punch is a big part of it, but so is key management/sync, and configuration management.

...and DNS, and host provisioning, and SSO, and RBAC, and other stuff you need to sell to enterprises.

tailscale is a wrapper around wireguard in the same way that dropbox is a wrapper around rsync

Theres overlap but i can see complementary uses as well. It uses some of the same STUN-family of tecniques. I have no plans to stop using TailScale (or socat) but i think i use this every day now too.

iroh is meant to be this library, but there is also libp2p, which existed before iroh.

Part of the problem with libp2p is that the canonical implementations are in Go which isn’t really well-suited to use from C++, JS, or Rust. The diversity of implementations in other languages makes for varying levels of quality and features. They really should have just picked one implementation that would be well-suited to use via C FFI and provided ergonomic wrappers for it.