I think for simple cases, it's great. If you have remote boxes somewhere that needs administration, it's awesome.
If you have more complex cases, the IPTables/Netfilter rules make it vastly more difficult to manage, particularly if you're running docker-compose (or anything using IPTables rules) on the same box and trying to troubleshoot the packets coming out of docker and going into tailscale.
And then trying to figure out what tailscale is doing with your packets is not great as well. They've also broken features I relied upon with a minor release.
Their nat traversal doesn't always work, as sometimes I get connected to a DERP server, so that limits the network speeds across the internet.
I blame CG-NAT quite a bit -- it's really why we can't have nice things these days -- and I get tailscale is trying to fix a bunch of that. But the reality is, I just want an interface just like eth0 or wl0, not an IT infrastructure to move my packets across.
If you have more complex cases, the IPTables/Netfilter rules make it vastly more difficult to manage, particularly if you're running docker-compose (or anything using IPTables rules) on the same box and trying to troubleshoot the packets coming out of docker and going into tailscale.
And then trying to figure out what tailscale is doing with your packets is not great as well. They've also broken features I relied upon with a minor release.
Their nat traversal doesn't always work, as sometimes I get connected to a DERP server, so that limits the network speeds across the internet.
I blame CG-NAT quite a bit -- it's really why we can't have nice things these days -- and I get tailscale is trying to fix a bunch of that. But the reality is, I just want an interface just like eth0 or wl0, not an IT infrastructure to move my packets across.