T
- Category
- Network · SaaS alternative
- Cost
- Freemium
- Country
- Canada
- Licensing
- Mixed
- Platforms
- Linux · macOS · Windows · iOS · Android
# PROS AND CONS
+ what works
- +Clients and daemon are open source under BSD-3-Clause
- +Free Personal plan covers up to 6 users and unlimited user devices
- +WireGuard underneath, with automatic NAT traversal and key rotation
- +Headscale exists as a FOSS control-plane replacement for users who want full self-host
− watch out for
- −Not a privacy "hide your IP" VPN; this is a mesh between your own devices, not an exit to the public internet
- −Control plane (coordination server, identity mapping, DERP relays) is proprietary and hosted by Tailscale
- −Identity is tied to a third-party SSO (Google, Microsoft, GitHub, Okta, Apple); no first-party accounts
- −Free tier limits and pricing have shifted over time, so long-term cost is hard to lock in
# PRIVACY NOTES
Tailscale builds a peer-to-peer mesh on top of WireGuard. Traffic between your devices is end-to-end encrypted and does not pass through Tailscale servers in the common case; when NAT traversal fails, encrypted packets relay through Tailscale's DERP servers without key access. The hosted control plane sees device metadata, public keys, and identity mappings tied to your SSO login. Tailscale Inc. is based in Toronto, Canada, and is subject to Canadian legal process. Latacora performs ongoing security review and the company holds a SOC 2 Type II report.
# REPLACES
icloud-private-relay
# TAGS
#wireguard · #mesh-vpn · #zero-trust · #bsd-licensed · #has-foss-control-plane
# DOES THIS WORK FOR YOU
# NOTES FROM PEOPLE WHO TRIED IT
Comments (0)
No comments yet. Be the first.