Hi, Anybody tried Twingate as demonstrated by NetworkChuck today? Any concerns? It is a way of accessing your internal network remotely with zero trust. Not a vpn.
Not watched it, yet.
How does it compare to the likes of tailscale etc?
Infact, what’s the TL:DW?
Any aspects you like/dislike?
I think this is the video. Posted in another thread
But perhaps we can have any discussion here?
iirc, @H-i-v-e viewed it pretty much as an ad / biased strongly to one company
Okay, so struggling though the beard and the pretty hand drawn charts, it seems very similar to tail scale and such.
Authentication and matchmaking done via Twingate, so they can check, and also charge (I’m fine with fair charges for good services)
The data is encrypted with TLS
So harder to inspect than normal traffic?
Peer-to-peer, so no privacy but it does not at all vaunt privacy, and even VPN’s that advertise it, may just draw more attention (allowing the glowies to track you anyway, even if they can’t read contents)
But still only uses TLS, rather than Wireguard or such.
Encryption tokens look like a better than normal pre shared key, so that’s nice.
And the real killer, is Access Control, so one can have a small-ish team, and they can only connect to assets you allow.
that is pretty cool.
One could control access on the end separatele, but the Twingate’s way looks cool, only showing the services allowed.
I don’t see the use for it in a homelab- even if your kids / mates can see the machine you don’t want them in, you can just not let them log in.
But for small corporation, it looks easy to set up, and manage.
There are probably better tools, and more secure ones.
I would rather go with something like tailscale (also no privacy, but I believe safer. I could be wrong), and then use access control on my end, rather than centrally managed though.
Anyone care to point out what I am mis-understanding?
Its closed source/proprietary… I am not so sure about it, even if it is audited, a simple update will make it irrelevant.
Maybe tailcale/zerotier is a better alternative.
But what am I saying. I do not admin anything bigger than my home really.
yes. That. Tailscale is actually really reasonable, so reasonable, I am going to probably give them money. Yes, it is easy to transform and do the remote access/self vpn bits for nearly free, without tailscale,… but for most folks that want a home server without “the internet”
Tailscale is The Way ™.
This alternative is… not fabulous… imho
Alright so sticking with “at least mostly” open source and self hostable VPN/Mesh-VPN/SD-WAN/ExoIntranet/HyperLan/Yuri’s-Psychic-Dominator projects that have a decent GUI, there’s
https://github.com/zerotier (the web UI for the controllers is not self-hostable currently. I’m not clear on this, but it seems that things are still dependent on connecting to zerotier’s infrastructure to keep running)
https://github.com/gravitl/netmaker (fully self-hostable afaik)
https://github.com/slackhq/nebula (fully self-hostable afaik)
https://github.com/omniedgeio (fully self-hostable afaik)
https://github.com/tailscale/tailscale (Has a closed source coordination server. See headscale for an independent open source alternative)
Any I’m missing?
Yeah my concern was around the closed nature of the software. Who knows what it might be doing. I’ll check out Tailscale then. Never heard of them before.
Tail scale is built with witeguard and it’s more open than most things. It’s really just the control plane webui which your actual traffic tries very hard not to flow through anyway. It does seem to be, at least for now built for the user (in the sense of I fight for the user from tron).
I agree headscale is a good alternative that lacks the polish owing entirely to walled garden billshit from apple/Google.
Just to throw another one into the ring is NetMaker. GitHub - gravitl/netmaker: Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
I haven’t used it but remember hearing about NetMaker around the time TailScale and Wireguard was gaining steam.