Curious if anyone is selling customers on Tailscale or related overlay networks rather than using traditional client to site VPNs.
My issues with doing this come down to a question of management.
Most of our customers are using O365 already, so it makes sense to tie it into that as an identity provider, but as I understand it, the first account that gets created with a particular domain basically owns that Tailnet going forward.
Maybe I should be reaching out to their sales department for this, but I’m curious if anyone has any success stories / recommendations.
Maybe it’s different for the paid version? I’ve only ever tested the personal edition.
I think overlay networks shine when using them behind cgnat or with ISP with only dynamic IP addresses. Also the simplicity of “firewall rules” of what can access what on a separate system rather than a traditional firewall with IPsec. Or when you need access to a clients server and they don’t know how to configure IPsec.
For me, in the business realm I like IPsec and have setup many tunnels. But from the edge cases mentioned above it solves all those problems and possibly more.
The issue I have with IPSec is that the windows client for it sucks big time.
If we’re going with a more traditional VPN topology I would much prefer something like OpenVPN or Wireguard where the client is more reliable and doesn’t require me to manually go in and configure split tunneling on the interface.
My reasoning behind suggesting something like Tailscale or Netbird has more to do with the fact that they integrate with existing identity providers, each of which is simple to put 2FA on.
Absolutely, I prefer Netbird as it is easier to use. It can act as a traditional VPN and makes ACLs easy. Wuth Netbird you can make things talk across states and on the go which was very nice. It is almost as good as sliced bread.
