It isn't based on WireGuard, but is a true mesh network, unlike everything you've listed. No central coordination point, every node is equal.
Think of it as BitTorrent with a few initial peers you set up through a config file, and it learns of every other peer at runtime (like BitTorrent does through Peer Exchange).
It can forward traffic through other nodes (like Tailscale and unlike Nebula) and recomputes the most efficient route as peers become (un)available.
I use tinc myself and like it. I like that I only have to update a single node and all the other nodes will accept those peers from that node. I've been playing with wireguard, and having the other nodes discover and communicate with each other directly doesn't happen without you adding the other's public key to both peers.
I remember there was talk about switching the backend for Wireguard for security and speed, but it seems to be on the backburner: https://github.com/gsliepen/tinc/issues/179
I really like it for my use case but just assume it's not secure at all. I change the default Ubuntu install to not run the daemon as root (a major flaw in my view) and then just assume that network is as insecure as any other. It's really useful to have all my personal machines always connected between each other at the same IP independently of network config. Security comes from SSH/TLS on top of it.
Considering that the wireguard mesh solutions seem to require static IPs, I'm now wondering whether it might be a good idea to run a wireguard mesh on top of tinc, basically just using tinc as a way to get static IPs and routing connectivity between nodes. That still leaves the issue of updating the wireguard configuration, though.
It seems that the value-add magic sauce of TailScale is the work they've put into NAT traversal etc. There are some interesting blog posts from the team regarding work in this area.
I wonder if the work they put in can be extracted to some kind of tool the other projects can use as well. NAT traversal always seems like the limiting factor in projects like this.
NAT traversal is an impossible problem in practice in the general case (boo symmetric NATs), and the best-effort version is a solved problem since at least 2003 with the STUN protocol[1] which is part of WebRTC, and there are STUN implementations available in many languages[2].
https://github.com/gsliepen/tinc/tree/1.1
It isn't based on WireGuard, but is a true mesh network, unlike everything you've listed. No central coordination point, every node is equal.
Think of it as BitTorrent with a few initial peers you set up through a config file, and it learns of every other peer at runtime (like BitTorrent does through Peer Exchange).
It can forward traffic through other nodes (like Tailscale and unlike Nebula) and recomputes the most efficient route as peers become (un)available.