I’ve been using Wireguard for quite a while now, mostly to connect my servers. Also, to connect my phone to my network to have “a VPN” in open WiFi networks. With the acquisition of a Chromebook. the number of devices increased by one.

OpenWRT actually has a nice interface for managing a Wireguard network, and it works good enough. Nevertheless, out of sheet, absolute boredom, I’ve been considering setting up Tailscale or Netbird to simplify the whole device and key management. I briefly considered self-hosting, which is possible with both services (Netbird offers their own solution, Tailscale has Headscale), but rejected the idea. Reason being, “too much work” (or too overblown, I am not a huge fan of Docker Compose), and also, “don’t wanna fuck this up”. I went with Tailscale in the end, with Netbird still kinda “in beta”.

You can follow the process on Mastodon actually, I kinda tried to write everything within this thread. I got Tailscale on my OpenWRT router as well, however, not using the opkg package, but using the static binary provided by Tailscale (the opkg version being terribly out of date!). The OpenWRT wiki actually has an article explaining what you have to install, in regards of iptables stuff, for… I think masquerading to work. [1] I’m kinda worried it will do something bad to my VPS using ufw - or at least, ufw overwriting again rules set by Tailscale on the start of the daemon…

So far it works quite well. I can’t really find a huge advantage for Tailscale (vs. manual Wireguard). I mean, yeah, I don’t have to take care of key management. Also, the “Magic” DNS is a nice extra for Tailscale. However, I do not like it messing with resolv.conf, so I disabled it for my servers and my router.

Would I recommend this service? No idea, it depends on your use case. It’s free, however, so there’s no damage in trying it out.

[1] Actually, as I’m researching this, Tailscale now supports nftables! Yaaay!