Playing around with a new self-host NAS OS, finally thought about Tailscale. But, I see it wants a login to an account. Checking online, seems I have to use Google, Apple, MS, Github or OIDC (which iassume costs money based on the site).
So how tf y’all setting to your tail scale stuff? I’m not using a big brother us tech account for auth on this thing. Think I’d rather go back to regular wireguard if that’s the case.
Edit: OK I see you can use regular email. It didn’t load the webpage correctly the first time or I missed it. Odd. Anyway, I do don’t want an account add I don’t want to risk any data compromise at some point
I know you’re trying to tell me something brother, but at this moment in time, I seem more stupid than normal, so if you would, unpack that for me in relation to what I was explaining to OP about Tailscale security.
DERP is the service that actually relays packets between tailscale connected devices when they are crossing a NAT (leaving one private network and going across the internet to another private network).
If you host headscale (the self-hosted community version of the tailscale control plane) and use it with tailscale, by default it will still use the public Tailscale DERP servers. Your traffic is still encrypted and not visible to them, but it does still rely on part of their centralized architecture even though you are hosting the control plane yourself.
That being said, you can just use the embedded DERP that ships with headscale, although there are some other considerations when doing that because it will need to be publicly on the internet, probably with a proper domain name and publicly trusted certificate.
Thanks for explaining. I really didn’t mean it as a Headscale v Tailscale. kind of thing as far as data security goes. I’ve heard a lot of great things about Headscale. OP was just worried about his data being compromised, and I was just pointing out that it’s pretty tight.