Then the difference is really that someone else is handing the security, right? At the end of the day, there’s an encrypted file somewhere, and a TOTP only protects a particular connection by network.

KeepassXC handles TOTP.

Ok

They pass TCP over UDP.

I took a quick look at the GitHub repo - selfhosted Netbird looks harder and more resource hungry, not easier! At least compared to Nebula.

Wow, self-hosting Netbird is a lot more involved than Nebula, and needing a lot more resources!

Isn’t that the same with all of them? Using UDP so they can tunnel between machines that are both behind NAT?

Thank you, that’s helpful. I’ll look up Authentik.

1. Biggest thing was actually the sign up options. What if I don’t want my machines calling to Google or Microsoft to get access to Tailscale? I need to look up the other OIDC providers but don’t know much about that yet.
2. Then the fact of Nebula being fully open source and fully on my machines. (Though that’s a little undercut by the Android problem being solved only by their managed service).
3. Headscale gave me an impression of being more complicated to set up and maintain. Haven’t tried it yet, that was just my feel when I chose which one to try.
4. More recently, I saw Nebula’s interesting post on performance benchmarks. At high throughout Tailscale can be better for CPU but heavier on memory. Hopefully at my sort of very low throughout it’s small on memory but if I’m squeezing a client into a cheap vps alongside nextcloud and other things, memory use is more concerning to me than CPU… I wonder how much memory Tailscale uses when not doing much.

Does Tinc have advantages over Nebula? I was under the impression that both Nebula and Tailscale improved on Tinc, albeit in different ways.

I agree having a paid service, or some viable finance model, is a good sign for longevity …that said Nebula is what Slack use themselves so publicly or privately it’s going to be kept developed!

Just the fact the Android client is only properly configurable if you use their managed config service, made me worry a bit. Even though Tailscale you’re signing up for more eggs in their basket (unless you use Headscale), it felt like at least you start out on that basis, you aren’t pushed into it unexpectedly.

I do like that both projects talk politely about each other. That feels like a good sign for both!

I’ll check out Netbird, thank you.

Is Headscale easier than Nebula? I thought it looked like it might become much more work.

Nebula was mostly easy, but had a few hurdles I needed to learn.

• Setting up systemd. I think I had to look that up and write a startup thing for it. I might have copied one from Syncthing or something! I don’t remember right now.
• firewalls confused me a couple of times
• and I had to get the hang of the certificate system of course

I have mixed feelings about trying Defined Networking’s managed config, but I imagine that would get round the learning curve of the config.

What’s an edge vps? Is that some sort of distributed cdn-style vps? Or just a VPS at the ‘edge’ of your network?

Biggest points for me of having a mesh, not a central Wireguard hub, are,

1. I have a VPS in one country, a ‘host’ laptop in a friend’s house in another and a third laptop. I want the two laptops to connect directly to each other not bouncing all packets off the vps.
2. For backups, ssh, etc, I’d like to be able to just call the VPN IP, whether two machines are on the same LAN or not. Nebula/etc makes that work; a centralised VPN would sometimes be sending packets pointlessly out on WAN and back.

Nebula you also need a VPS or something public for the coordination server (‘lighthouse node’). Seems there’s no way around that at the moment: at least one machine, of your own or another’s, has to have a public IP so the other machines can learn how to connect to each other.

I don’t know a lot about Tinc, but it looked to me like both Nebula (directly inspired by Tinc) and Tailscale solve problems Tinc has, and improve on its excellent but older design.

Step one: email must be much easier, I’ll just make an email server instead.

Step two: screw this, I’m writing letters and posting them.

As an LLM, I don’t truly understand the notion of sharing, but I can point you to a few resources that may help you understand more. It’s important to remember that human interaction is complex and varied, and different people will have different opinions.

Here are some ideas to get you started.

1. “Sharing is Caring”. “Sharing is Caring” is a popular phrase to explain the meaning of sharing. If you really care about your secret, that way you are sharing it with the loved ones in your life.
2. Valuable things, such as companies, are often divided into shares. If you divide your secret and sell parts of it to different people on the internet, it becomes a shared secret.
3. “A problem shared is a problem halved.” This is another popular phrase, showing that if you halve your secret, i.e. make it smaller, or less secret, then you are sharing it.

Overall, humans value both secrets and sharing as a way to build and strengthen community. A shared secret is the ultimate expression of humanity in community.

I hope that answers your question. If there’s anything else I can help you with, please let me know.