Tailscale - Pay as You Go

My main use case for Tailscale  is to whitelist connections using the exit node to whitelist certain connections to public addresses. I also use it to access internally exposed load balancers and to gatekeep certain services within the VPN.

For accessing internally exposed load balancers or whitelisting connections, we may have a GKE  Kubernetes  cluster set up with an authorized network, meaning access is restricted to authorized networks and a VPN Gateway IP that can only access it from the public internet. To give a developer access to the internal IP of the control plane without exposing it publicly, we install a Tailscale  operator in the cluster. Once the Tailscale operator is installed, we expose the internal IP of the cluster through one of the pod operators as a subnet router. When developers connect their Tailscale client, they can access the cluster locally without routing through the public internet.

Tailscale can also be used for whitelisting. For instance, if we have a service in the Kubernetes  cluster exposed externally through Traefik, NGINX  Ingress, or a Gateway and certain users need access, we can set up exit nodes for different regions. If we have users in Europe and users in America, we can set up an exit node for users in America and another for users in Europe. These exit nodes have external IPs that we can use as a whitelist in our externally exposed services. When traffic comes from those external IPs, it is allowed through. When a user connects their Tailscale client and enables one of the exit nodes, they can access the externally exposed address since it is whitelisted to those external IPs. If their Tailscale client is not connected and the exit node is not enabled, they cannot access the externally exposed service.

The best features Tailscale offers is that the access control list is good. We can separate different kinds of connections even within the tailnet, allowing developers to connect to certain IPs and services, with engineers having different access levels. Tailscale is fast as well.

The access control lists help my team by allowing us to control who accesses our services. For instance, we have some services on developer clouds where only certain users can connect. Those developer clouds are on our VPC, which is exposed with tailnets. Developers must connect to Tailscale to access the tailnet and developer cloud already exposed to the tailnet. We created groups with certain users and administrators who can access government clouds. We only have to give those groups access to those government cloud IPs, while every other developer cannot access the government cloud IP because the ACL  controls this.

For speed, we can use the same ACL . If we only expose certain cluster addresses to certain developers, we open the dev cluster's local address to the developers. In some cases, we want to ensure the security team can access the cluster locally to perform audits. We can grant the security team access to the cluster in the ACL. This works very fast. With just the configuration required in the ACL, within a few seconds, we can see the access reflecting for the security team, and they have access.

In terms of how Tailscale has impacted my organization positively, it is good for security on the network side of things. It helps us connect properly. Because our company is remote globally, even if someone is in Australia and needs to connect to a cluster or any services, instead of routing through the public internet and exposing the traffic there, we can connect internally through Tailscale tailnets, and everybody is working.

Tailscale can be improved, especially with logging in. I have two tailnets, for instance, one for personal use and one for my company organization. Sometimes trying to log out of a particular tailnet and connecting to the company's Tailscale tailnet is challenging. Especially if you have been logged into one of those tailnets for a long time and want to log into another one after a few days, the login process can be tricky. Sometimes I have to restart my whole system to ensure that after I log out from one tailnet, I can effectively log into another one. The process is not as smooth as I would imagine, especially if it has been a while. We have to log out and sometimes even switch off the entire system and log back in.

I choose eight out of ten because there are other improvements that can be done with the logging. I am not a fan of the ACL in its current format. It is a JSON ACL, and perhaps if it were in YAML format, that would be better and more readable.

Aside from the logging side of things, everything is straightforward with Tailscale. The ACL can be improved by converting it from JSON format to YAML format for better readability.

I have been working in my current field for three years. I have been using Tailscale for close to three or four years.

Tailscale is stable.

We are using Tailscale at the SaaS level, so we do not scale it locally. We do not install it on premises.

Tailscale's customer support is good and very responsive. I would rate the customer support a ten.

Before Tailscale, we used a normal VPN like GCP  Cloud VPN, for instance, which was adequate but had limitations.

I have seen a return on investment in terms of time saved and security. Time saved and security provide good returns.

I am not involved in the pricing side of things as I am an administrator who controls Tailscale and ensures developers have access. The pricing is mostly handled by the IT and accounting team. Based on what I hear from them, it is a bit costly and can be on the expensive side.

We went for Tailscale straight away without considering other alternatives.

The advice I would give to others looking into using Tailscale is that it is good for developers. Tailscale is deployed in our organization on public cloud and Kubernetes clusters. We do not have a hybrid or private cloud setup. We have it mostly on public clouds. The UI of Tailscale looks good and is not problematic. I rate this review eight out of ten overall.

My main use case for Tailscale  is the accessibility and simplicity that it offers me to access my servers from anywhere, as well as my local computer and local LLM models. I can access them from anywhere on the network. When I'm doing testing, developing, or handling sensitive data that I don't want to be in the cloud, I can always access my home setup and process the data as required. Additionally, when I was setting up my Kubernetes  cluster, I considered Tailscale  as a solution for the interconnectivity between the bare metal node and the Oracle virtual machines that I have, which are isolated.

Tailscale helps with accessing my local models and sensitive data due to the simplicity of setting up everything. Even for non-technical people, it's easier to set up. I have my setup with my phone, my laptop, and my servers connected. When I need to work with a client or as a consultant, if they are remote and don't have the technical capabilities to access their infrastructure network, it is as simple as that. I just send them a script showing how to install and what to click to join my Tailscale organization. Then I have access to their system easily.

Tailscale has made things easier for presenting, setting up, and sharing files. When I'm working on a project or building an application in React and want to present the UI, even though it's locally hosted, I can serve it on Tailscale and share the Tailscale link that is accessible from the public so the client can see the work in progress. It has also been useful to use the serve feature for sharing files. If I need to share a specific larger file, I would put it on a share and send the link to a friend or coworker so they can download the file. When the process is finished, I can simply stop the sharing.

My opinion about the best features Tailscale offers includes accessibility, simplicity, the file serve feature, and the ability to share internal routes. I can set up access to anything at home. Tailscale will advertise the routes inside the network so you can reach any part of the network without any issues, and it provides the control to isolate everything. I also see they have a new feature called lockout that I want to try.

Tailscale has positively impacted my organization with shorter time for setting up connections and improved accessibility. Even when a non-technical person needs help, I can assist them much faster than explaining the process to them.

I don't have any particular ideas or additions about the features. It was nice for the service discovery that I used in the cluster because you can connect and use auto service discovery, but I haven't implemented that much because the complexity of the networking that I have sometimes caused issues.

I haven't thought much about how Tailscale can be improved.

I have been using Tailscale for something more than two years.

In my experience, Tailscale is stable.

Tailscale's scalability is great.

I find Tailscale's customer support to be good.

I did not previously use a different solution.

I cannot provide input on whether I have seen a return on investment with Tailscale since I used the free version.

I'm using the free version of Tailscale, so I didn't have any experience with the pricing.

Before choosing Tailscale, I evaluated other options by looking at Teleport  but for a different solution. For networking mainly, I use WireGuard tunnels, which are peer-to-peer connection point-to-point.

My advice to others looking into using Tailscale is to try it. It's simple to set up and simple to connect your applications from anywhere. I would rate this product an 8 out of 10.

I use Tailscale  to share the branches in one network to make a site-to-site VPN. I have customers, and each customer has a server with too many branches. We need to access some devices that are not connected directly to the network, such as fingerprints that cannot have any firmware to install, for example, Tailscale  agents. I need to connect the branch with the headquarter office and use Tailscale commands to reach the fingerprint through this VPN site-to-site.

This is the main purpose for using Tailscale until now, and I am searching for the other properties and features of Tailscale.

Tailscale is fast and easy to install. I can install Tailscale on any operating system, as it has a lot of OS versions and supports Linux, Mac, Android phones, Apple iOS, and Windows. This feature is suitable for my daily jobs and tasks.

Tailscale has a great interface that is friendly and acceptable. Tailscale fixed the problem with reaching devices such as fingerprints, and it is now the most preferred way to connect the site-to-site VPN when we have a customer with fingerprints.

Tailscale is good in troubleshooting, and it takes no time.

One of the most significant issues I faced is that in some countries, when I access my Tailscale account, it gives me more steps to verify and confirm, such as sending a message to my mobile and entering the code. I can see this is not helpful for the user experience compared to other alternatives.

Another issue is that when I use Tailscale with other alternatives such as Radmin and ZeroTier , it takes high priority and takes all the incoming connections, even if the other alternative has a different IP scope. It still takes the control and tends to cancel the other software as a VPN site-to-site.

Tailscale is stable, but sometimes with no more use, it sometimes needs to be activated again and again. For example, if I cannot connect or if the customer cannot connect to the network or use the tool, after one month, the customer gets lost or disconnected from the network and needs to verify again.

About one year.

Tailscale is stable, but sometimes with no more use, it sometimes needs to be activated again and again. For example, if I cannot connect or if the customer cannot connect to the network or use the tool, after one month, the customer gets lost or disconnected from the network and needs to verify again.

Tailscale is good, and I can add any number of branches I need until now.

Tailscale customer support is good. I can contact them and receive a fast response.

I still use other tools such as Radmin and ZeroTier . In previous years, I used to use Hamachi. They were good, but in some cases and some OS that does not support them, I switched to Tailscale.

Tailscale is a great solution that is fast, easy, and cheap.

Tailscale is cheap regarding other alternative site-to-site VPN solutions.

I evaluated Radmin and ZeroTier, and they were good.

Tailscale is good in performance, but with the previous issues I explained, I can give it just eight until it fixes these issues. I give Tailscale a rating of eight out of ten.

My main use case for Tailscale  is connecting to company internal systems due to GDPR requirements. The company is located in Germany with private servers in Germany, and I stay in the UK, so I use it to connect a point-to-site VPN connection from my home laptop to the private servers in Germany. I use Tailscale  to create a secure connection.

Apart from connecting to the internal systems, my main use case also provides a very nice interface with the CI pipeline. I connect Tailscale with my CI on GitHub Actions  to allow me to do automatic deployments through the company's internal systems.

The best features Tailscale offers are really easy usability and a straightforward user experience. It is a one-click install where you select your servers that you want to connect to. The whole integration with GitHub Actions  for CI is pretty good, and I use it a lot, so I am very confident in that.

The GitHub Actions integration stands out for me because it is not every day you see a seamless tool that can allow you to perform CI builds on private networks. I and the company have tried other options, and it was difficult, but Tailscale provided their action script, documentation, and simple authentication mechanisms using OIDC on GitHub Actions. Everything was straightforward to set up.

Tailscale has positively impacted my organization by allowing us to speed up development without worrying about GDPR restrictions. One of the things about GDPR restrictions is that we cannot allow data to leave the EU region or Germany. It was very easy for us to integrate GitHub  with the whole CI pipeline, and it was a very positive impact. It allowed us to eliminate the stress for our CI and the stress of accessing internal systems from far away. So, it allowed us to focus on the development of the application part rather than struggling with how we are going to get this code deployed on certain servers while still following GDPR restrictions.

Tailscale could be improved in different ways. I have not really found any problem with it so far. It pretty much solved the problems of other VPN clients that we have been trying. If Tailscale provided a way to integrate with native cloud providers, such as AWS  or other cloud platforms, it could be a very nice thing. For example, I want to connect my EC2  instance from AWS  over my private Tailscale network. It could be a nice feature so I do not have to stress about the AWS VPC and all that. I could probably just port it over to my Tailscale network. I do not think they have a feature like that, but that would be fine.

I rate Tailscale an eight because I do not think it has any native cloud support with AWS tools such as EC2 , GCP , and Azure . If they can find a way to do that, then it would be fine. One of the things that would actually make more sense is if Tailscale could find a way for us to use serverless compute over private networks. Private server functions or serverless functions probably would not be executed on non-EU regions. That is something I am thinking about.

I have been working in my current field professionally for four or five years.

Tailscale's scalability is good. It is scalable in the sense that we could add as many servers as we want to the network without any downtime from Tailscale. It is pretty fast. Even though I am making a request to the network, the extra hops are pretty much invaluable for network speed. I still get the best speed as possible even though the amount of network hops is two or three. I have to first make a connection to the Tailscale network and then from the Tailscale network to the actual underlying server. Apart from all of that, it is still pretty good. I would say it is really scalable, and I do not think I have ever experienced any downtime with Tailscale.

I have not really had any issues with customer support. I have not really contacted them. If the application is as fine as this, then the customer support should also be good.

Before I joined the company, there were several solutions being employed. The company used Teleport  and there were a lot of VPN alternatives. There was Twingate  and Teleport . We used Teleport before. When I joined the company, we brainstormed together, and I think that was one of the first tasks we did. We found a suitable solution that could handle all this easily, and Tailscale was the one that we picked. We figured out that it was very good.

My experience with pricing, setup cost, and licensing is that pricing was relatively fine. It had a generous free tier, and the pricing was okay. It is good for the amount of servers that we have. Setup cost was not much; it basically was zero setup cost. We probably just did it ourselves. The software was straightforward. We only had to pay for the amount of servers that were going to be able to enter the network. The company handled the licensing, I am not entirely sure about all the details.

We evaluated other options before deciding on Tailscale. We tried Twingate , and I do not remember what all the others were that they were using before. There was this NordVPN client that we could use to connect our servers together, but it was not really developer-friendly. There was Zscaler; we tried to use Zscaler, but it did not really get into what we wanted. They were all good options, but it was not what we wanted. We wanted developer-friendly documentation, access to the CI pipeline build, point-to-site VPN connections, and one-click install. I just install Tailscale, connect the servers, and that is all. I do not want to always be starting up the VPN client and finding my servers and trying to make that connection to them. In my system, I am always automatically connected to that network. Tailscale just provided everything that we needed.

My advice to others looking into using Tailscale is to definitely try it out because it is going to really abstract away a lot of network problems, especially when it comes to private networks, private systems, or internal systems in general. It is really going to abstract away a lot of the complexities. I rate this product an eight overall.