I use OPNSense and OpenWRT myself and there's no way you can make travel routers this convenient with them.
That will be fun for browser geolocation based on WiFi name.
So the usually ssid is in my home country, and another ssid is based somewhere else geographically.
Not as convenient as this travel router sounds though, but comes close-ish for techies. (wish it didn't require that tweak via SSH. Maybe it'll be added)
I wish Eero offered this feature. I bring three eeros to Airbnb’s to replace their crappy WiFi with my same SID, but it would be nice if it connected back through the home internet.
In my defense, I'd argue that the average Tailscale user would be comfortable running an SSH command! And GL.iNet is just one very minor tweak away to making this entirely possible from the GUI. (though they might be intentionally avoiding it because of the support burden of quirks caused by Tailscale acting as a subnet router...)
How is this different compared to running a tailscale exit node in your home network?
Is the benefit of this that you have a hardware device that you can connect to instead of needing software like tailscale?
You can also do this with a travel router like one of GL.iNet's and Tailscale subnet routers.
I'm just surprised this needs an extra device. It would make sense if the device provided its own connectivity (with global wireless service, say), but this doesn't seem to be the case here. It still needs an uplink.
I did save money, a really significant amount of money.
Obviously, yes, I am capable of going through the work that eliminates my need for this product. I have no trouble configuring Wireguard and setting it up on my client devices and running through all that.
But it was a lot of work to get to this point and I had to spend a lot of time learning how to do that, even as a person who is already technical. Wireguard in particular took me a solid half a day to build understanding and get it configured.
If I was a little bit richer and I went back in time I'd probably just buy all Unifi. Actually if I went back in time I think with my same levels of wealth I'd probably just buy Unifi and save some precious time.
This specific device does seem like a really nice extension of their product line.
I have a Ubiquiti EdgeRouter Lite that's a little over ten years old. At the time, it was revolutionary in its ability to pump a whole lot of data over a cheap device with a lot of features - but a lot of those features weren't available in the GUI at all; you had to go CLI and learn Vyatta (of which it was a fork) to do them. It's been updated over the years and is now much easier to use as the web interface exposes a lot more functionality, but it's not part of Unifi (and never will be).
Early on, I looked at and even tried one of their AP's. 100 Mbps wired uplinks for N wireless? No thanks. Even the one that I got to test with had absolutely abysmal range. Say what you will about TP-LINK generally, but their Omada unified control system had AP's that actually worked in my house. So the early Unifi stuff wasn't anything special, and based on how they had dropped the ball on so much of their early hardware (the EdgeRouter Lite had its software on an internal USB drive that, out of warranty, failed in a way that I was only able to diagnose with a serial console cable - at least it had a port so I could monitor it during boot, and searching for the error messages found a way to replace the thumbdrive and reload the software) I had no reason to go with them.
If I were setting someone up today, with all new gear, I might go Unifi, but I have no reason to spend any time at all replacing a system that works just fine.
I ended up with the OpnSense box plus Zyxel APs. The Nebula cloud offering has been surprisingly good for me: it offers plenty of features in the free tier and the APs don’t actually need the cloud service to be configured if it were to be discontinued.
I have a hardware controller, but I will probably end up putting it in my in-laws’ house because software is fine for where I live. I actually set the whole thing up via software controller and transferred the config when it was all set and I would only be making small changes.
Added bonus that I can use tailscale on the GL router to route remote traffic through my tailnet -- including devices where I can't install tailscale client (e.g. corp laptop).
I don't mind a unifi premium for the integration but they should at least have a $50 wifi 5 version and a $100 wifi 6 "pro" version
Now what I'd be really more interested in a Pro version, more so than wifi 6, would be a built-in modem with SIM/eSIM.
I don't even know what is my Wifi "version" at none of the places I have my routers, things just work for all purposes (work, gaming, streaming).
If this device had a 5g sim slot, then I could see the point but it’s not that.
Interesting, as someone who has always used iPhones, wouldn't mind getting an Android phone for this.
Is there some app?
A 5g phone tethering to your Wireguard connected MBP beats this out of the water
Mudi V2: https://www.gl-inet.com/products/gl-e750/
They have an upcoming 5G NR WiFi 7 version:
It’s also nice to control VPN and DNS from one place , in case the hotel is doing DNS or IP filtering.
And quite a few hotels still offer wired Ethernet , which helps performance.
Makes video conferencing and large downloads usable.
It has limits, like the amazon hardware keypress thingy with north korea showed recently, but unless your working at superbigtech or defense contractor it would probably work.
But a travel router can be nice to have.
I bring some tech with me when I travel.
Obviously a phone, but also a decent-sounding smart speaker with long battery life so I can hear some music of my choosing in decent fidelity without using Bluetooth [bonus: battery-backed alarm clock!], a laptop for computing, a streaming box for plugging into the TV, maybe some manner of SBC to futz with if I'm bored and can't sleep during downtime.
All of this stuff really wants to have a [wifi] connection to a local area network, like it has when I'm at home.
A travel router (this one, or something from any other vendor mentioned in these threads, or just about anything that can run openwrt well) solves that problem.
All I have to do is get the router connected to the Internet however I do that (maybe there's ethernet, decent wifi, or maybe my phone hotspot or USB tethering is the order of the day), and then everything else Just Works as soon as it is unpacked and switched on.
And it all works togetherly, on my own wireless LAN -- just as those things also work at home.
Bonus nachos: With some manner of VPN like Tailscale configured in the router, or the automagic stuff this UBNT device is claimed to be able to do, a person can bring their home LAN with them, too -- without individual devices being configured to do that.
I think travel routers are pretty great, myself.
(But using Ubiquiti gear makes me feel filthy for reasons that I can't properly articulate, so I stick with things like Latvian-built Mikrotik hardware or something running OpenWRT for my own travel router uses.)
Very curious about how they're pulling this off
(And yes I know there are other bypasses you can do like spoofing MAC addresses to get around some device count restrictions)
Besides, at least where I live, 5G/4G is often faster than shared wifi. I’d be surprised if this is used by more than 0.1% of all users.
Given that this has been available on Android for years, I do not consider it an overly difficult feature for Apple to implement.
Delta has had free WiFi for awhile now as does JetBlue and I believe Southwest. It’s coming soon to AA and United.
I fly Delta 99% of the time.
United was looking to have its regional fleet done by end of this week, Qatar has finished their 777s; Hawaiian's entire fleet is done, so is airBaltic's. WestJet are also close.
British Airways is starting the rollout now, so are SAS, Air France and a few others.
What's the catch?
You'll make tens of ... dollars every flight.
https://www.techradar.com/pro/security/man-arrested-for-sett...
Is it though? It genuinely looks like you might get caught doing this, and I'm sure you are at least breaking airline policy, even if you're not charging money; not to mention if you charge.
Is there a better way to get these connected to a WiFi for relaying where the Ethernet isn't an option?
Anyone know how it automagically sorts out connecting to the hotel WiFi?
Hotels often want some combination of my room number and surname I've found, or some combination of hotel name and floor password.
from the FAQ https://store.ui.com/us/en/products/utr
Thought about it for a few minutes and realized that the portal was likely just doing mac filtering. So I adjusted my MacBook Pro's MAC address to be the same as the PS5, went through the portal login and then powered down the MBP. Booted up the PS5 and I was online.
Damn it feels good to be a gangster.
> Usage Data. We may collect certain information about your devices, your network, your system and third party devices connected to your network or system when you use the Services ("Usage Data"), including but not limited to device data, performance data, sensor data, motion data, temperature data, power usage data, device signals, device parameters, device identifiers that may uniquely identify the devices, including mobile devices, web request, Internet Protocol address, location information (including latitude and longitude), browser type, browser language, referring/exit pages and URLs, platform type, the date and time of your request, and one or more cookies, web beacons and JavaScript that may uniquely identify your devices or browser.
I upgraded to homogenous ubiquiti/unifi when I set up a point to multi-point on my farm because I thought it would make that part easier. Surprisingly, those links aren't really baked in to the rest of it, but the router and wifi antennas that I've installed around those links "just work" with a private, protected, and guest network.
I used to have to update two different routers with the same SSID, username and password to make "hopping" from one to the next "seamless" and, now that I've got 8 wifi antennas in a mesh with a single UI to configure them all, I can't even imagine how I'd do it with the hodge-podge of gear I used to work with.
And I'm probably going to buy a travel router, but I'm wondering, if I use it connect to the hotel wifi, will I be able to use the thing as a wifi hotspot as well or do I have to use an ethernet point because the wifi is "taken"?
Im their target audience for sure but I’m not sure I need all of the same features my home network has. Really my travel router is just used to share a paid connection and run AdGuard network wide.
I have wireguard running on my home router. Why do I need a piece of hardware when my laptop already can connect to it from anywhere?
With Teltonica/GL.Inet you also can use small external antennas. Getting behind windows is often enough.
Otherwise I don't really see the point to carry a specific hotspot device when my phone has one built in.
I’ve always had a Pocket Travel Router (along with a thin but long enough RJ45 cable) with me while traveling, starting with the D-Link AC750 Travel Router. It does away with Wi-Fi Change, and all of your devices just continue to work, no worry about syncing, file-transfers, etc. A travel router becomes even more convenient when traveling with the family.
[1]: https://store.gl-inet.com/products/puli-ax-xe3000-wi-fi-6-5g...
What if you want to use the hotel's internet connection instead of your roaming data?
What if you want to use wireguard or tailscale to funnel all traffic through your home network?
What if you want to enable your family's devices to connect to your self-hosted services?
2. Most Android phones can do this.
3. Android phones can do this.
4. This is just the same question as 3.
WAN connectivity via USB tethering and ethernet, not just wifi?
The blog has almost no details, but the product page is also pretty light on technical details.
The competition (I use GL-MT3000) is pretty strong.
I guess it's nice if you are in Ubiquiti ecosystem already and want as little friction as possible. Otherwise it's probably similar to any travel router.
Unifi shipping without eSIM support is a big mistake imo. I don’t want to have a 5g router(which are insanely expensive) or a second smartphone with 5G.
This is a travel router.
Personally I just connect my phone to WiFi and then use Tailscale and call it a day.
Typically I don't watch the hotel TV though, as I don't want to figure out what channels are on it and I probably wouldn't want to watch them anyway. If I watch anything it will be on my iPad.
Completely different experiences when it comes to experiencing/exploring the city.
The multi-uplink is intriguing. While on the surface it seems that an ostensibly 'plug and play' carrier aggregation dongle (no idea if this is actually a feature) would be a easy solution to smooth out poor connections, many networking hiccups encountered during travel just boil down to impossibly terrible RF environments, regardless of the spectrum or protocol.
I also think the variable state of hotel TVs is a factor even when travelling alone. Being able to plug your own device into the HDMI is valuable.
For me, I can't remember the last time I used a hotel TV. When I travel, I want to do stuff at the place I'm visiting, the hotel room is just a place to sleep and shower.
If I do want to watch something, I much prefer the experience of my much nicer TV and surround sound system at home. That said, I don't watch much TV, so maybe this is easier for me.
If I have downtime when I travel, I tend to just read, or do the same thing I do at home - doomscrolling news, reddit, HN :)
Again, really depends on what kind of travel you’re doing. What you’re describing sounds like leisure travel, which is awesome. But travel for work is often very different. You’re exhausted from a days work and you’re also often staying in very uninspiring places with little to explore.
For me, even in the boring towns, I've had good luck finding at least restaurants and breweries to explore. Sometimes I do end up falling back to reading books or playing old games on an emulator on my phone. For me, I'm willing to take the compromises of the phone-based entertainment for traveling lighter.
But yeah I also have P family so O(M * P * N) would be a headache.
Some of those trips I'll have extended time of 18+ hours of not really doing anything outside of the hotel other than grabbing dinner. For those types of trips I'm definitely more apt to bring additional devices like my GLinet travel router and MAYBE a streaming stick. I've also brought RPis or MCUs for tinkering during my downtime.
However, other trips I'm with you. I bring my phone, laptop, iPad (required for job), and chargers and that's about it for devices. I really try to limit my packing to things I know I will use and honestly for probably 50% of my travel that's clean clothes, toothbrush, phone, and wallet.
My travel I describe above is solo, work related. When the family comes we tend to tow a 9,000 lbs condo on wheels, so literally the "kitchen sink".
I do load my phone up with eBooks for unexpected downtime, and I do have an emulator on it. I would not chose to use my phone for reading or gaming normally, but on the road it's "good enough" - jack of all trades, master of none.
Of course if I'm traveling for work my work laptop comes, but I never put personal accounts on it.
The only trips I've been on with 18+ hours of down time were due to weather events (getting snowed in on a ski trip). That was with a big group. We just played card games, cooked, talked, and consumed copious amounts of alcohol to pass the time ¯\_(ツ)_/¯.
However I don't think Unifi's default protocols are useful for that. To get reliable performance over China's firewall, you need plausibly-deniable obfuscated protocols, e.g. encoding all your packets inside a stream of requests of JPEGs of cat pictures over HTTP port 80 or some such.
Or just go Tailscale
I’m looking forward to the GL.Inet MUDI 7, their first 5G hotspot, which should be running an open-source and hackable OS unlike most hotspots:
- support modern VPN protocols like WireGuard and Tailscale
Ubiquti does support wireguard natively. And you can get Tailscale running if you manually install the package through the SSH CLI.
Pretty sure that's what OP is referring to.
Ideally mainline Linux support.
wateralien•1mo ago
kstrauser•1mo ago
My wife and I traveled a bit this year and it was great having all our gadgets connecting to a single AP under our control. It’s easily paid for itself by avoiding ludicrous per-device daily charges.
windexh8er•1mo ago
I own two of their products, one of them I bought in 2019 and can still run what I need to on it.
WhyNotHugo•1mo ago
xgbi•1mo ago
Uptime is in years, it’s invisible and chugs along without visible power draw. All her devices connect to it, including her Cisco voip phone. It autossh to my ovh server with remote port forward for remote admin. Cost me 15€ in 2016.
TeMPOraL•1mo ago
> My wife’s work WiFi is handled by a gl.inet 150 (...) since at least 2019. All her devices connect to it (...) Cost me 15€ in 2016.
I think this answers GP's question as (yet another) solid reason why manufacturers "can't understand" prosumer needs - it's because targeting prosumers, or generally making products that "just works", is very bad for sales down the line.
qilo•1mo ago
copperx•1mo ago
xgbi•1mo ago
Since her desk is far from the internet router, I added this little guy for her to have less cables and allow more connectivity.
ssl-3•1mo ago
Some companies aren't very big, and neither are their budgets. And of course, it might be said that there is no solution more permanent than a temporary one.
We've got a large-ish color laser printer (IIRC, an HP 4600) at one of our locations. It's not a big place; it has only had as many as 3 people working there regularly and has been normally staffed by exactly 1 person for the last several years.
When we moved into that building, a missing link was noticed: The printer did not feature wifi, and there was no way to get a clean ethernet drop to it without visible external conduit. The boss man didn't like the idea of conduit.
To get it working for now, I went over to Wal-Mart and bought whatever the current rev of Linksys WRT54G was. I put some iteration of Tomato on it so it could operate in station mode and graft the printer into the wifi network.
I plugged that blue Linksys box in back in 2007; it turned 18 years old this year.
It's pretty little slow by modern wifi standards, and the 2.4GHz band is much more congested than it used to be, but: It still works, and nobody seems motivated to spend money to implement a better solution... so it remains.
dzhiurgis•1mo ago
I’ve been getting SIM cards for over a decade, now even eSIMs are cheap enough for casual use.
kstrauser•1mo ago
lostlogin•1mo ago
I’m sure I could find a good all Europe card, but I need my number for work calls.
cycomanic•1mo ago
deanc•1mo ago
normie3000•1mo ago
vidarh•1mo ago
amaccuish•1mo ago
At least in Germany, none of our networks do.
vidarh•1mo ago
amaccuish•1mo ago
systemtest•1mo ago
renewiltord•1mo ago
theoreticalmal•1mo ago
WillPostForFood•1mo ago
rtkwe•1mo ago
trelane•1mo ago
neither_color•1mo ago
drnick1•1mo ago
You don't need a "travel router" for this. My phone is permanently connected to my server via Wireguard (so that I can access my files from anywhere). Adding another device just requires adding a peer in the server's config file and can be accomplished very quickly. It's not clear what problem the travel router solves, unless perhaps you travel with dozens of devices.
> no million suspicious login detected from all your social accounts,
I can personally do without those.
tstrimple•1mo ago
gradstudent•1mo ago
valzam•1mo ago
asymmetric•1mo ago
drnick1•1mo ago
sandmn•1mo ago
adammarples•1mo ago
cheeze•1mo ago
Do you need a client to be running on each device?
Even regardless "I just need to edit a config file real quick" is... Way more work than I want to do. Works for someone on hn but I'm imagining trying to show my dad how to do that.
That's the benefit of a travel router.
vidarh•1mo ago
But I value my time enough that I don't want the hassle of that for the various devices my family uses when I can just preconfigure and plug in a tiny device and not have them depend on me being in the same location all the time.
davedigerati•1mo ago
WhyNotHugo•1mo ago
renewiltord•1mo ago
kleinsch•1mo ago
hnburnsy•1mo ago
avidiax•1mo ago
Some hotel rooms (particularly older business hotels) will have an ethernet port for the guest. These work maybe 50% of the time these days. Sometimes you can find a Ruckus AP in your room at outlet level, and these usually have several ethernet ports on the bottom. These also have a working port around 30% of the time.
So, TL;DR: various ethernet ports in hotel rooms work less than half the time these days.
fastcall•1mo ago
SomeUserName432•1mo ago
At that point you're in the 0.1% that the hotel does not really need to worry about. The other >99% will still need to pay for wifi.
danw1979•1mo ago
hnburnsy•1mo ago
shibapuppie•1mo ago
kstrauser•1mo ago
wateralien•1mo ago
ei8ths•1mo ago
matt-attack•1mo ago
tstrimple•1mo ago
raw_anon_1111•1mo ago
TP-Link AC750
https://a.co/d/esxrRA4
When you are some place with a captive network and want to use devices that don’t have a browser. You connect the router to the WiFi network that has internet access and you connect the other WiFi network to a device with a browser like your phone. Every device looks like one device to the captive network and you can use them all.
Second use case, I now live in a place with a shared internet access that is shared between all of the units. Anyone can broadcast to and control our Roku device and there is no way to block it from the Roku.
We create a private network with the router
cosmosgenius•1mo ago
gruez•1mo ago
panarky•1mo ago
It's called Dual-Band Simultaneous or "STA+AP" (Station + Access Point) concurrency that can bridge an existing wifi connection to an access point to other devices via a hotspot.
dorfsmay•1mo ago
Doohickey-d•1mo ago
esperent•1mo ago
mi_lk•1mo ago
eyeris•1mo ago
einarfd•1mo ago
brewdad•1mo ago
I'd be happy to be proven wrong on this however.
jibe•1mo ago
user_7832•1mo ago
esperent•1mo ago
muppetman•1mo ago
PeterStuer•1mo ago
aembleton•1mo ago
SXX•1mo ago
SpaceNugget•1mo ago
bentcorner•1mo ago
If you don't have a wired connection then this wouldn't be any better, except for any connectivity features it might offer (probably some vpn capability).
I have a gl-inet device and it does pretty much all I need whenever I travel.
kstrauser•1mo ago
That’s the real win of a travel router, IMO.
SergeAx•1mo ago
asielen•1mo ago
SergeAx•1mo ago
guiambros•1mo ago
It's incredibly useful, with the added bonus that you don't need to install tailscale client in any of your travel devices (phone, tablet, work computer, etc).
echelon•1mo ago
It's cool to have your own network in a hotel. But it'd be nice to be able to do that on the road, away from public wifi, internationally, whenever - which hotspots do. But at the same time, it'd be nice to be able to do the WiFi thing too to cut back on data usage. I frequently blow through my hotspot data.
I'd rather this be in one device instead of two. Beggars can't be choosers, though, I suppose?
sokoloff•1mo ago
I like it enough that I might buy a second, more compact unit for when space is more a premium, but I’ve been really happy with this one.
SergeAx•1mo ago
sokoloff•1mo ago
But now that I have it, the device is handy for family travel as well. Put an unlimited data eSIM in the device and everyone has “unlimited” data n the road and when we arrive at a hotel or AirBnB, one person signs it on to wifi and everyone is connected, including tailscale connections to home.
If I was doing personal and work travel only, I’d look for a smaller unit, but still with a decent battery.
asymmetric•1mo ago
SergeAx•1mo ago
asymmetric•1mo ago
SergeAx•1mo ago
jasonkester•1mo ago
Can anybody explain what Tailscale is, does, or why everybody seems to have it?
Looking at their website, it’s just a huge wall of business jargon. Really! Read it. It’s nothing but a list of enterprise terminology. There’s a “how it works “ page full of more (different) jargon, acronyms and buzzwords, but no simple explanation of why everybody on this thread seems to be paying money for this thing?
Any help? Should I just pay them my $6/month and hope I figure it out at some point?
KnuthIsGod•1mo ago
quaintdev•1mo ago
walthamstow•1mo ago
SOLAR_FIELDS•1mo ago
konradb•1mo ago
Install it on all the machines you want. When you are running it on the machine, it is networked to the other machines that are running it. Now make an 'exit node' on one of those machines by selecting it in the UI, and all your gear can access the internet via that exit node. Your phone can run it. Your apple tv can run it. You can have multiple exit nodes. So you can have a worldwide network and not once did you have to open ports in firewalls etc.
jasonkester•1mo ago
I think I understand what it does now. So, basically you leave a computer running at home, and this thing lets you pretend to be running your internet stuff through it while you’re on the road?
omnimus•1mo ago
konradb•1mo ago
If you go to https://tailscale.com/pricing?plan=personal
The first plan on the left called 'Personal' is free.
It uses a central orchestrator which is what requires you to sign up. If you prefer to self host your orchestrator you can look into Headscale, an alternative that seeks to be compatible with the clients.
> So, basically you leave a computer running at home, and this thing lets you pretend to be running your internet stuff through it while you’re on the road?
That's one thing you can do with it, yes. You can also run custom DNS entries across it, ACLs, it is very flexible.
jasonkester•1mo ago
A less hostile website design would have (again) saved me a question.
mcsniff•1mo ago
Sorry, but try a little harder. Tailscale isn't hostile, but it seems you are -- you claim to think you need it, but don't know what it does and can't put in the effort to determine and foist those inabilities on Tailscale?
I've been using Tailscale for many years now and they have a terrific product.
flkiwi•1mo ago
barrkel•1mo ago
It's especially handy if you want a secondary way in, in case you have problems connecting using wireguard, since it supports using a relay if you're stuck in a hotel with a heavily restricted connection.
If you run DNS at home, you can even configure it to use your home DNS and route to your home subnet(s).
Tor3•1mo ago
The two problems I have with zerotier are:
1) It's supposed to let a mobile device like an Android tablet route its traffic through zerotier (functioning as a VPN to my home site, in this case). However, I've never got that to work. It's running, but doesn't affect anything network-wise for the other applications (unlike running e.g. openvpn on it)
2) On a couple of computers with specific routing set up to various destinations, when Zerotier runs it simply blocks all of that and there's no way for me to continue accessing anything else than the Zerotier network. No fiddling with routing tables etc. changes any of that. On other computers, also some running OpenVPN, Zerotier does not interfere. I've never figured out what causes this.
So, in short, I'm pondering if I should ditch Zerotier and try Tailscale instead. If it does the same - I simply want a way to connect my devices, but I also don't want to lose total control over routing. For mobile devices I would want full VPN, for computers I don't. Edit: So, I'm both after connecting my multiple networks, as well as VPN'ing certain things or devices through another location.
Thanks for any input on this.
rainsford•1mo ago
My last gripe is more niche, but I found Zerotier's single threaded performance to be abysmal, making it basically unusable for small single core VMs. My searching at the time suggested this was a known bug, but not one that was fixed before I switched to Tailscale. Not impossible to work around, but also the kind of issue that didn't endear the product to me or inspire confidence.
cassianoleal•1mo ago
Tailscale and ZT are not the same. ZT can do certain things that TS can't. One example is acting as a layer 2 bridge. Or a layer 3 bridge. TS can do neither. It can achieve mostly similar results though.
ZT can be a pain to setup. TS is a breeze. ZT's raw performance is quite poor. TS's is usually very good.
If I understood you correctly, you want both a way to access your home LAN when you're out - this is easy. Set up a node with NICs on the LAN subnets you want access to (I run it on my router), and configure the TS node to announce routes to those subnets. Install the TS client on your laptop and mobile and accept those routes. Job done.
If you also want to mask your egress - i.e. reach the Internet via your home network as if you were there - then you need a node (can be the same as above) configured to act as an Exit Node. When you want one of your devices to use this, just select the appropriate exit node. Job done.
frio•1mo ago
gertrunde•1mo ago
Encrypted overlay network based on wireguard tunnels, with network ACLs based around identity, and with lots of nice quality-of-life features, like DNS that just works and a bunch of other stuff.
(Other stuff = internet egress from your tailscale network ('tailnet') through any chosen node, or feeding inbound traffic from a public IP to a chosen node, SSH tied into the network authentication.
There is also https://github.com/juanfont/headscale - which is a open source implementation of some of tailscale's server side stuff, compatible with the normal tailscale clients.
(And there are clients for a very wide range of stuff).
jasonkester•1mo ago
arcanemachiner•1mo ago
viccis•1mo ago
It is simply a managed service that lets you hook devices up to an overlay network, in which they can communicate easily with each other just as though they were on a LAN even if they are far apart.
For example, if you have a server you'd like to be able to SSH into on your home network, but you don't want to expose it to the internet, you can add both it and your laptop to a Tailscale network and then your laptop can connect directly to it over the Tailscale network no different than if you were at home.
jasonkester•1mo ago
But notice how you just did a much better job of explaining what this thing does without using any jargon at all. The jargon helps if everyone already knows what you’re talking about. It hurts if anyone doesn’t.
That’s what I’m poking fun at. There’s a trait in lots of engineers I’ve worked with over the years to be almost afraid to talk about tech stuff in layman terms. Like they’re worried that someone will think less of them because they used words instead of an acronym. Like they won’t get credit for knowing what a zero trust network is if they describe the concept in a way that regular people might understand.
One of those guys was certainly in charge of this company’s website copy.
aembleton•1mo ago
There was plenty of jargon and acronyms like LAN and SSH. You're just used to those ones.
throw5f3d5y•1mo ago
Since this is HN, it’s almost expected the participants here would either know the terms, or at the very least be able to find out what they mean on their own and realize it’s not made up jargon but rather common industry terms.
Tailscale is not trying to sell to the average buyer, it’s trying to sell to a specific audience.
cassianoleal•1mo ago
I've been trying to get a definition of zero trust at $client from the security people who are pushing tools onto our platform, so we can have an honest conversation around threats and risks, and finding the best balance of tools, techniques and processes to achieve their desired outcomes.
Unfortunately, it seems like everybody just want "zero trust" because a vendor sold them on that idea and they gave money to the vendor, so now there's the need to justify that expense and "extract value" from the tool - even if it may in fact be worse than the controls that are already in place.
jaapz•1mo ago
PeterStuer•1mo ago
I personally use Pangolin, which is similar https://github.com/fosrl/pangolin
npodbielski•1mo ago
Lammy•1mo ago
If you want to self-host, use NetBird instead.
rynn•1mo ago
Lammy•1mo ago
They even manage to squeeze some FUD into the opt-out toggle's name.
remco_sch•1mo ago
tomjen3•1mo ago
Their personal free plan is more than enough.
davnicwil•1mo ago
[0] https://youtu.be/sPdvyR7bLqI?si=2kIpHtNuJ52jEdmm
weinzierl•1mo ago
In my mind Tailscale was primarily to expose local services but answers here sound a bit as if people used it as a VpN replacement.
If I do not want to expose local services but only protect me and hide from untrusted WiFi, would I better use a traditional VPN or Tailscale?
My thinking is that Tailscale could be the better VPN because they have a clean business model while pure VPN companies are all shady.
hhh•1mo ago
I run a tailscale exit node on an anonymous vps provider to give me a similar experience to a consumer vpn.
barrkel•1mo ago
VPN companies aren't really in the business of selling VPNs. They sell proxies, especially proxies that let you appear to come from some country, and you typically connect to the proxy using the VPN functionality (particularly if you're using a consumer device instead of a laptop), but often you can use SOCKS5 instead.
Tailscale isn't in the business of selling proxies.
__jonas•1mo ago
You might be thinking of tailscale funnel:
https://tailscale.com/kb/1223/funnel
Which is nice, but still a beta feature. Tailscale itself is indeed a mesh VPN that lets you connect all your devices together.
> If I do not want to expose local services but only protect me and hide from untrusted WiFi, would I better use a traditional VPN or Tailscale?
It does NOT by default route all your internet traffic through one of its servers in order to hide it from your ISP, like the type of VPN you might be thinking of (Mullvad, ProtonVPN etc.).
Though you CAN make it route all the traffic from one of your devices through another, which they call an 'Exit Node'. They also have an integration with Mullvad, which allows you to use Mullvad servers as an exit node. Doing that would be identical to just using Mullvad though.
rahimnathwani•1mo ago
Install the tailscale client on each of your devices.
Each device will get an IP address from Tailscale. Think about that like a new LAN address.
When you're away from home, you can access your home devices using the Tailscale IP addresses.
nottorp•1mo ago
fragmede•1mo ago
nottorp•1mo ago
So much for resilience.
als0•1mo ago
jpdb•1mo ago
nottorp•1mo ago
drnick1•1mo ago
ValentineC•1mo ago
DANmode•1mo ago
What am I missing?
ValentineC•1mo ago
I checked, and Tailscale only allows a single Owner [1], so it would still be pretty disastrous if the Owner account was suspended by the single sign-on organisation.
[1] https://tailscale.com/kb/1138/user-roles#owner
DANmode•1mo ago
So almost like SSO being the paywall for some enterprise apps.
bogwog•1mo ago
Wireguard is not that hard to set up manually. If you've added SSH keys to your Github account, it's pretty much the same thing. Find a youtube video or something, and you're good. You might not even need to install a wireguard server yourself, as some routers have that built in (like my Ubiquity EdgeRouter)
daveoc64•1mo ago
It also doesn't constantly try and ram any paid offerings down your throat.
I was originally put off by how much Tailscale is evangelised here, but after trying it, I can see why it's so popular.
I have my Ubuntu server acting as a Tailscale exit node.
I can route any of my devices through it when I'm away from home (e.g. phone, tablet, laptop).
It works like a VPN in that regard.
Last year, I was on a plane and happened to sit next to an employee of Tailscale.
I told him that I thought his product was cool (and had used it throughout the flight to route my in-flight Wi-fi traffic back to the UK) but that I had no need to pay for it!
rainsford•1mo ago
Tailscale does use Wireguard, but it establishes connections between each of your devices, in many cases these will be direct connections even if the devices in question are behind NAT or firewalls. Not every use-case benefits from this over a more traditional hub and spoke VPN model, but for those that do, it would be much more complicated to roll your own version of this. The built-in access controls are also something you could roll your own version of on top of Wireguard, but certainly not as easily as Tailscale makes it.
There's also a third major "feature" that is really just an amalgamation of everything Tailscale builds in and how it's intended to be used, which is that your network works and looks the same even as devices move around if you fully set up your environment to be Tailscale based. Again not everyone needs this, but it can be useful for those that do, and it's not something you get from vanilla Wireguard without additional effort.
ryandrake•1mo ago
aftbit•1mo ago
Tailscale is "just" managed Wireguard, with some very smart network people doing everything they can to make it go point-to-point even with bad NATs, and offering a free fallback trustless relay layer (called DERP) that will act as a transit provider of last resort.
seabrookmx•1mo ago
I like to think of it as a software defined LAN.
Wireguard is just the transport protocol but all the device management and clever firewall/NAT traversal stuff is the real special sauce.
devilbunny•1mo ago
That’s such an elegant way of putting it that they should use it in their marketing.
theshrike79•1mo ago
1) download Tailscale 2) install 3) log in with Google account
done. It doesn't matter if they're on Windows or MacOS.
QuiEgo•1mo ago
It also handles looking up the IP address of your "nodes" through their servers, so you don't need to host a domain/dns to find the WAN IP of your home network when you're external to it (this is assuming you don't pay for a fixed IP).
Most people put an instance of it on a home server or NAS, and then they can use the very well designed and easy to use iOS/mac/etc client to access their home network when away.
You can route all traffic through it, so basically your device operates as if you're on your home network.
You can accomplish all of this stuff (setting up a VPN to your home network, DNS lookup to your home network) without Tailscale, but it makes it so much easier.
ryandrake•1mo ago
QuiEgo•1mo ago
It can do way more than just being a VPN-to-home, but that's how most users use the free part.
yegle•1mo ago
If this is on Tailscale, you can just ask people to install tailscale client and login using one of the IdP, then ask them to accept the node you shared to them, and they can immediately access the server.
The alternative would be 1) sending VPN configs over and maybe also configure their VPN client for them, or 2) expose the service on the Internet protected by some OAuth proxy which really only works for web apps. Neither is easy/trivial.
QuiEgo•1mo ago
matwood•1mo ago
dxxvi•1mo ago
Tailscale allows devices that can access the Internet (no matter how they access the Internet) to see each other.
To do that, you create a tailscale network for yourself, then connect your devices to that network, then your devices can see each other. Other devices that are connecting to the Internet but not to our tailscale network won't see your devices.
AI might explain it better :-) Don't know why I wanted to explain it.
asielen•1mo ago
devilbunny•1mo ago
Nothing that a network guru or even a sufficiently motivated hacker couldn’t do on their own, except that the maintenance is practically zero for the personal user and it’s actually easy enough for a very nontechnical person to use (not necessarily to set up, but to use), perhaps with a bit of coaching over the phone. Want to use a different exit point for your traffic? It’s a dropdown list. Share a file? Requires one config step on the client for macOS, once, and then it’s just in the share menu. Windows, Android, iOS are ready to go without that. Share whole directories? Going to require some command-line setup once per shared directory, but not after that.
There are features that are much more enterprise-focused and not as useful for personal stuff, but everything above is in the free version.
I’m not in tech at all, professionally, and never have been. I’m savvy for an end user - I can install Linux or a BSD, I can set up a network, I can install a VPN myself to get back to my home network - but I would never, ever call myself anything more than an interested layman. I probably could figure most of this out on my own, if I had to. Thing is, I don’t have to. It’s more than just Wireguard in a pretty wrapper.
Try it. It won’t take long to figure out why so many people here like it, even if you may not want to use it.
gunalx•1mo ago
rpdillon•1mo ago
DANmode•1mo ago
ubittibu•1mo ago
kwanbix•1mo ago
I am sorry, this confuses me. If I don't have a lclient, for example in my laptop, how does my laptop uses Tailscale then?
Also, TailScale Personal says 3 users. Is that a problem for as we are 4? (me, wife, son, doughter).
mbreese•1mo ago
Fo example, if you have a default route back to your home network on the router, any client will also connect through that tunnel back through your home. This assumes you are using your travel router to connect your laptop as opposed to say the hotel wifi. (In this scenario, your travel router is connected to both the hotel wifi as an uplink and Tailscale.)
kwanbix•1mo ago
What about the users? Do I need 4 for my family of 4? Or are the 3 users included in the free plan just admin users?
devilbunny•1mo ago
So pretty much anyone you would trust on your LAN can be trusted with your Tailscale user. You can just log yourself into Tailscale on the kids' devices and then use the admin console to make those devices' logins never expire. They can use all the features, but they don't know your authentication method and thus can't get admin access themselves. About the only situation in which the typical home user would need multiple accounts would be if someone was physically away from you and had a new device they needed to connect to your tailnet (their term for your collection of devices, services, etc.) but you didn't want to share your password with them. If they're physically near you, you just authenticate their device and hand it back to them.
nxobject•1mo ago
master_crab•1mo ago
This is great for keeping things in a LAN, but make sure you use your network rules correctly and don’t dump everything to your home network unless you need to.
(I too have a gli slate, but I use UI at home so will consider this when it comes out)
malfist•1mo ago
Even if you don't visit any http sites, you never know what might phone home over http, so an OS level VPN provides foolproof privacy at the cost of a tiny bit of latency.
jms703•1mo ago
master_crab•1mo ago
malfist•1mo ago
kstrauser•1mo ago
brewdad•1mo ago
A few services didn't work because they required my mobile device's location services (which still showed my in Asia). I'm sure I could have found a workaround for that but wasn't properly motivated to put in the effort for a short visit.
In a similar vein, I was able to troubleshoot a problem with our NAS from a cellular connection on a boat near Bali a couple years ago. My son needed access to some files for his college homework but couldn't access it remotely. I was able to access it and reconfigure a setting that had changed during an update and restore his access.
The internet feels like magic sometimes.
password4321•1mo ago
torginus•1mo ago
TeMPOraL•1mo ago
Cynic in me thinks it's because they don't want you to buy one product and be set for a decade, like HN-er here: https://news.ycombinator.com/item?id=46373387. Older products might've been too good.
wateralien•1mo ago
upcoming-sesame•1mo ago
mmerickel•1mo ago
dalanmiller•1mo ago
figmert•1mo ago
Once the internet is active, the GL.iNet router will then re-enable things like VPN and AdGuard Home.
Since these devices are OpenWrt underneath with a pretier ui, I presume this is all possible on any OpenWrt device.
jtokoph•1mo ago
hshdhdhj4444•1mo ago
fragmede•1mo ago
SturgeonsLaw•1mo ago
hshdhdhj4444•1mo ago
threatofrain•1mo ago
hakfoo•1mo ago
I wired the desktop PCs in the house, so the only Wi-Fi users are mobiles, a smart TV, and a laptop. Everything else is already hanging off 2.5G wired switches. Pretty light duty, and I just wanted something that would provide robust routing and placeholder Wi-Fi. This does exactly that, and since it's OpenWRT based, it's probably marginally less terrible than whatever TP-Link was offering in the same price range.
It does run annoyingly hot, but I should just buy a little USB desk fan and point it at the router :P
amluto•1mo ago
That being said, for any new application, I suggest using at least an 802.11ax AP, because cheap 2.4GHz devices that support 802.11ax are becoming common and using an 802.11ac router means that your 2.4GHz devices will be stuck with 802.11n, which is quite a bit less efficient. Even if you don't need any appreciable speed, it's preferable to use a more efficient protocol that uses less airtime.
rpcope1•1mo ago
hakfoo•1mo ago
skirmish•1mo ago
[1] Daughter invited ~10 classmates to prepare for a science competition, and one of them had a virus (I assume) that hacked TP-Link's firmware to draft it into a botnet. WAN connection would drop every hour for a few minutes, plus unexplained internet traffic while nobody was using it. Resetting firmware did not help, installing DD-WRT fixed it once and for all.
georgebcrawford•1mo ago
te_chris•1mo ago
copperx•1mo ago
wateralien•1mo ago
It would also automatically log into the captive wifi which seemed to require a login every hour or so.
Another time we Ethernet into it using the cable in another hotel to bypass some ridiculous speed limitations on their access point.
I'm considering getting their model which can take SIM cards, so that we can also failover to mobile networks wherever we are.
tomjen3•1mo ago
eliseumds•1mo ago
- My wife and I travel with multiple devices (laptops, phones, Chromecast...) and when we get to a hotel/Airbnb, I simply connect my Beryl AX to their network (it deals with captive portals btw) and all of our devices automatically connect.
- I changed the `/etc/hosts` directly in the router, meaning I can test my local servers under custom domains easily on my other devices like phones/tablets without apps like SquidMan.
- I route specific domains through specific VPNs. Government websites, streaming websites, AWS services, etc.
- I can plug in a 4G USB modem into it and it can automatically fallback to it if the main connection drops.
- It has built-in Tailscale support.
forinti•1mo ago
https://www.gl-inet.com/products/gl-usb150/
I bought it for my vacations, so I wouldn't have to configure my kid's gadgets, but it is really useful as a wifi adaptor too.
And you can run it from a powerbank.
hk1337•1mo ago
RyJones•1mo ago
dwardu•1mo ago
dionian•1mo ago