Building on what katnegermis said, this is what we're trying to help with. We integrate with identity management systems and handle the key management (and NAT traversal) on top of WireGuard, making it easier to deploy and manage.
Tailscale looks awesome but I would love a tier between “free single user with gmail” and “$10/user/month + GSuite/etc” (GSuite itself is $5/user/month I think?). Something like 1Password’s family plan, with the ability to use gmail accounts.
Then I would use it for my family, e.g. I could replace DynDNS + port forwarding I set up so my dad can control his home automation software (Hass.io) from his iPhone app, even off the WiFi. I’m unfortunately just not willing to set up/shell out for GSuite/Active Directory/Office365 for my family.
What really hooked me was your story about the medical practice a little while back.
Wow! I'm super happy I gave this a try. I've been trying to put together an elegant solution to this problem for my personal infrastructure for over a year now and the furthest I ever got was an OpenVPN server on DigitalOcean and an EasyRSA folder full of certificates. I was living in UK university halls at the time, so my main use-case was being able to access my computers located in my UK uni dorm while visiting home in the US and accessing my US machines while at university in the UK.
It is extremely refreshing to not have to deal with key/certificate management, and to have all my VPN traffic be directly client to client instead of via a slow (or expensive) and likely remote VPN server.
Great product and I can't wait for some time to play around with it further!
This looks pretty interesting. Can I setup a sink inside my AWS vpc ? So that everyone can access my RDS database?
It would be great if Tailscale had its independent 2-fa that I fan use through any hardware key (for compliance reasons), rather than go through Google.
Building on what katnegermis said, this is what we're trying to help with. We integrate with identity management systems and handle the key management (and NAT traversal) on top of WireGuard, making it easier to deploy and manage.
If you're interested, a colleague of mine wrote up a blog post on how things work: https://tailscale.com/blog/how-tailscale-works/