I want to point out that this is a brilliant blog post that is practically art. This has inspired me to go and find new great examples of technical documentation. I think this page has set a new standard for what a blog post could be. I am so glad I live in a world where I get to appreciate this piece today.
Thank you, I try! I guess the lesson here is to turn the anxiety that comes from immigration stress into surrealism that turns into blogposts. I can't believe I got away with this, but I bet I could probably do it again in the future.
> Headscale is a self-hostable version of the Tailscale control plane. It's a great project, and it's quite remarkable what they've been able to accomplish through sheer reverse engineering fueled by the boredom that came up at the start of the pandemic
Not to take anything away from the creators of headscale for their excellent work, but I think this doesn't give enough credit to Tailscale. They've gone out of their way to support headscale.
It seems a bit weird to me to say "this doesn't give enough credit to Tailscale" considering that the person writing this is a Tailscale employee. I guess you could say it's overly modest though.
> A Tailscale account on the SaaS control plane (you can use some throwaway gmail address for this).
How, with a throwaway SIM-card? I don't understand Tailscale's dependence on third parties for authentication. Google/GitHub/etc. don't need to know which computers I'm linking together, so I use ZeroTier instead.
Tailscale now supports custom OIDC providers. But if you already have the ability to host one, you won’t benefit from what’s in the above article (which is about hosting stuff at home even without a public IP address). https://tailscale.com/blog/custom-oidc/
Perhaps everyone knows this, but it's possible to create Gmail addresses without a SIM card inserted. This can be useful, e.g., when one has exceeded the max number of addresses that can be assigned to a single mobile number.
Make no mistake, I am not endorsing third party authentication when making direct connections between computers.
Yes. Remove SIM card. Use Wifi. Create Account. Choose "Google".
Once the "account" is created, can delete it on the phone, but the Gmail address survives.
The usefulness of this is, e.g., avoiding a cap on how many addresses one can create with a mobile number (SIM card), not some increased level of privacy for the user of the phone. It might be an old/throwaway phone. One might never use it for anything except creating Gmail addresses.
The practice of so-called "tech" companies trying to force people to hand over mobile numbers for anything and everything is absurd. It should be prohibiited by law. Mobile numbers are for making calls.
Phone/tablet. You still provide the G. with IMEI of the device, but I assume you can just go buy a second-hand/refurb one for $25-$50 with the cash probably anywhere in the world and toss it later. Hell, you can buy a new one for $50.
But of course the G. would try to get a phone number from you with all the dirty tricks you can imagine. So better use it just as a bootstrap for acquiring some other form of the presence on the net.
aka Using Tailscale free offering to bootstrap your Headcale infrastructure while placing Headscale control plane behind NAT/CGNAT/whatever using Tailscale Funnel.
Quite amusing idea if you are okay to use Tailscale even for a bit.
It shows a lot of confidence on the part of Tailscale to host a guide for something like this. I really like that their idea of competition seems to be focused on making a better product when for so many companies, it's more like unconditionally, categorically grasping for control. I hope it stays that way.
Hi, I am the author of this article. I honestly have no idea how stable this is. The idea for this post was to match the neosurrealism of the last April Fool's Day post about SQLite: https://tailscale.com/blog/database-for-2022/
When I say that I haven't tested it extensively, I mean that I barely was able to confirm it worked while I was writing the entire article in an anxiety fueled liminal state of consciousness that you can only truly achieve from the surrealist horror of dealing with the immigration system. I'm amazed it works as much as it does. Please don't use this in production. I don't know if it works reliably.
I'm really happy that I can talk about Headscale in a professional sense. It's a project that I've got a few patches lined up for (mainly doing NixOS tests that I am still fighting with CI over) and I hope that they land to make things better for everyone.
Thanks for reading my article. I hope it was enlightening. Or at least something.
Oh, it was clear from the article that this is not a recommended configuration! I only meant confidence in Tailscale as a product and in its strategy. Wherever I've used Tailscale at work it has been Tailscale™, haha.
The article was fun and interesting and it has impressed Tailscale Funnel into my memory, which is a feature I'd not yet tried. :)
Sorry about your immigration system woes, by the way. Ordinary bureaucracies and formal processes and appointments are maddening enough. High stakes bureaucracies that affect where you can work and live? Ugh, ugh, ugh.
You can use managed tailscale for your main network and a headscale for some compartment of your network where you don't want to share the same main tailnet for whatever reason. You can use how many subnet routers you want etc etc
I've been using tailscale extensively for around 6 months now, with a lot of the use being for my mac laptop to run a wezterm hosted on my Linux laptop. This is kind of a weird mix of tmux and ssh X forwarding. Sometimes I'm on a second WiFi at home, sometimes on the same network at home, sometimes at a coffee shop or on via my cell phone. Tailscale has been just great.
I put it on a couple devices in my home, namely a couple pikvms.
It was useful for sure when I left home for 3 weeks. During that time we lost power. My modem somehow dropped out of bridge mode and went into some type of routed mode, double batting me. My main vpn access was offline as a result. It gave me a secondary option to remote in and fix the double NaT issue as well as the pikvm allowing me to make sure a few ancillaries came up cleanly (mostly Pi-hole and dhcp).
I’m still a bit shaky about keeping it. But I had the forethought to set it up ahead of time and was glad I did. So much so I’m bringing a pi with tailscale down to my parents (I support their big house wifi setup and subsequently my mothers out of the home consulting business)
It’s a good use case and the one that got me started. I also have a raspberry pi acting as an exit node in my home which is useful when I’m at the coffee shop or in a hotel.
Not just terminals — I have done videoconferencing via that exit node, and I’ve even worked in a “hybrid” mode where some services are on a tailnet, others are on a company VPN, as we haven’t migrated the company over fully.
I don’t have high expectations for actual screen sharing a la VNC or whatever, but it does work, and my lowered expectations for how well I can work that way not specific to Tailscale.
