Corporate VPN startup Tailscale secures $230 million CAD Series C on back of “surprising” growth
Pennarun confirmed the company had been approached by potential acquirers, but told BetaKit that the company intends to grow as a private company and work towards an initial public offering (IPO).
“Tailscale intends to remain independent and we are on a likely IPO track, although any IPO is several years out,” Pennarun said. “Meanwhile, we have an extremely efficient business model, rapid revenue acceleration, and a long runway that allows us to become profitable when needed, which means we can weather all kinds of economic storms.”
Keep that in mind as you ponder whether and when to switch to self-hosting Headscale.
Tailscale is great. The principle concern to me is that your super easy mesh network depends on Tailscale so if they want it they have control, and if they change their pricing or options you depend on them, and though they can’t see the data you send they can see the topology of your network and where all your computers/devices are.
I use Nebula, which is more work to set up and doesn’t have some of the features, not But if you slap the ‘lighthouse’ (administrating node) on a cheap VPS it works great. And it has some advantages. But Nebula also troubles me: though it’s fully open source and fully in your control, the documentation isn’t great. Instead, you can now get “managed nebula”, which puts you in the same problem as Tailscale: the company sees and controls your network topology. I fear the company (Defined Networking) is trying to push things that way. Even their android app you can’t fully configure unless you use their ‘managed’ service.
For now, Nebula is great, and my preferred mesh network (I looked into all the main ones). And for Tailscale you can run the administration server yourself with Headscale and be fully in your control.
Actually I wish Tailscale the best as a profitable business. They’ve created a fantastic service and system. But for me, I’d rather my network be in my own hands and for my own eyes. And, as is OP’s main point, once they have enough dependent users, the service might turn much worse.
Netbird seemed to go in a similar way, though still good. I want to try zrok next, looks interesting
Nice to hear your experience with Nebula. I considered it when I went with Tailscale years ago. Now you gotta migrate off of lemm.ee as it’s shutting down soon. :D
Yep. It’s on the TODO list…
Tailscale never sat right with me. The convenience was nice, but - like other VC-funded projects - it followed that ever-familiar pattern of an “easy” service popping up out of nowhere and gaining massive popularity seemingly overnight. 🚩🚩🚩
I can’t say I’m surprised by any of this.
Would you rather a difficult and hard to use program?
Easy to use means people will want to adopt it, and that’s what VC companies want. Nobody wants to pay millions of dollars to make a program that nobody wants to use.
My problem isn’t directly with the programs - my problem lies with VC funding in general. Because they will come back for their money, and the project will inevitably enshittify and shove out enthusiasts in the never-ending search for infinite money.
The solution is getting rid of VC bullshit entirely. But we all know that will never happen.
I always knew it was too nice to stay non-shitty forever.
Guess it’s time for me to pester my ISP to let me open some portsQuestion: if I setup Headscale on my network, I would have to open a port on my router to connect to it right? And also if I setup Headscale with some cloud provider, could they theoretically go and use the setup to get to my home network? I know its unlikely, I just mean if the technology is like e2e from clients to my home network, or if the cloud headscale ‘centre’ would be also an unguarded entry point (from the perspective of cloud admins). I hope I am clear 😀 Thanks (btw you probably guess why I currently use Tailscale 😀)
if I setup Headscale on my network, I would have to open a port on my router to connect to it right?
The way I understand it is:
I would have to open a port on my router to connect to it right?
Yes
if I setup Headscale with some cloud provider, could they theoretically go and use the setup to get to my home network?
If they are able to authorize their own node to your Headscale server, then their node gets on your network. If they take over the Headscale node, they might also be able to access your network, either by changing Headscale’s config to auth another node or perhaps if the Headscale node is part of the network, which it might be, I don’t recall. But I think that’s immaterial. If someone takes over the Headscale machine, they can get on your network either way.
So there has to be some trust between you and the cloud provider then. Thank you
a long runway that allows us to become profitable when needed
Switch to self-hosting headscale when they enshittify in an attempt to become profitable, duh
I mainly use Tailscale (and Zerotier) to access my CGNATED LAN, headscale will require me to pay a subscription for a VPS wouldn’t it?
I really envy the guys who say only use them because they’re lazy to open ports or want a more secure approach, I use them because I NEED them lol.
If (when?) Tailscale enshitify I’ll stick with ZT a bit until it goes the same way lol, I started using it 1st, I don’t know if ZT came before Tailscale though.
Same. I mean, I was already looking to rent a VPS, but at least there’s some time so I can save money until things get weird.
Bookmarking “headscale”!
I only recently started using Tailscale because it makes connecting to my local network through a Windows VM running in Boxes on Linux a hell of a lot easier than figuring out how to set up a networked bridge.
This sounds like a great alternative, and it looks like it can even work on a Synology NAS.
Been meaning to do this. Tailscale was just there and easy to implement when I set my stuff up. Is it relatively simple to transition?
Just use normal wireguard, why do you need tails or heads at all?
Accessing your home network that is kept inside a NAT by your ISP, without you having to acquire an online server somewhere.
You really don’t though. I use wireguard myself under the same scenario without issue. You just need to use some form of dynamic DNS to mitigate the potentially changing IP. Even if you’re using Tailscale you’ll still need to have something running a service all the time anyways, so may as well skip the proxy.
Your approach won’t work if you’re behind carrier grade NAT or you can’t open ports. My landlord provides my internet so I use tailscale (with headscale on my long distance vps) to connect everything and it works great. It uses LAN when I’m home, and NAT punches when I’m elsewhere.
Tailscale offers way more then just wireguard. ACLs, NAT traversal etc. etc.
While some use cases can be replaced with traditional wireguard, others not.
Are there better alternatives? I was planning on using tailscale until now. :P
I use Nebula. It’s lightweight, well-engineered and fully under your control. But you do need a computer with a fixed IP and accessible port. (E.g. a cheap VPS)
You can also use “managed nebula” if you want to enjoy the same risk of the control point of your network depending on a new business ;-)
A bunch really, Headscale with Tailscale client, Nebula VPN, Netmaker, Zerotier.
Yeah, I also use that, but it’s not quite as easy as the others. Either you’re open to the whole network or you need some form of external key management to add/remove peers from your network.
For me personally, the next step is using Headscale - a FOSS replacement of the Tailscale control server. The Tailscale clients are already open source and can be used with Headscale.
Someone else could give other suggestions.
I’ve been meaning to switch from Tailscale to Headscale but I have been to busy. Do you have any instructions, write-ups/walk-thrus you could recommend to set this up? I have three sites with 1GB internet I can use. One has a whole house UPS but dynamic IP, another has a static IP but no UPS, and the third is Google fiber with no UPS, but I can use the app to get the current IP anytime. I also own a number of domain names I could use.
No writeups. I tried following the Headscale doc for a test last year. Set it up on the smallest DigitalOcean VM. Worked fine. Didn’t use a UI, had to add new clients via CLI on the server. When I set it up for real, I’d likely setup a UI as well and put it in a cloud outside of the US. It would work at home too but any other connection would die if my home internet dies or the power does. E.g. accessing one laptop from another, or accessing the off-site backup location.
Wireguard if you’re just using it yourself. Many various ways to manage it, and it’s built in to most routers already.
Otherwise Headscale with one of the webUIs would be the closest replacement.
ive been eyeing up netbird but havnt got around to trying it yet. its fully open source at least, and theyre based in germany is anyone cares about that
Just looked at NetBird, it looks suspiciously similar to Tailscale in what it does except they also got an open-source control server. They have self-hosting doc right in their web site. Looks interesting. Can’t find much about the company other than it’s based in Berlin and it’s currently private - Wiretrustee UG.
What’s the difference with their open-source control server, from headscale? That it’s officially published by the company?
I use the built in wireguard VPN in my router. If you just need local network access elsewhere it’s usually really easy to setup if your router provides it. I would look into it!
Didnt even work for me, i use mullvad so if i wanted to use tailscale on my android to connect to my desktop, it wants me to disable mullvad unlike on my desktop…
Tailscale offers a paid Mullvad integration, where you can select most Mullvad servers as exit nodes. Works quite well.
I think that’s because both work on Android by being a VPN, and the system can’t handle doing two vpns simultaneously
Well not really but most people don’t like manually editing routing tables
You can do that? On ordinary, non-rooted Android?
Hmmm. I run PIA and Tailscale simultaneously on my devices. I did have to tinker around with the settings in PIA such as the VPN & Advanced Kill Switch. So, now Tailscale is for administrating remote servers, and PIA for everything else. DNS leak checks, etc all check out.
Yeah this was a deal-breaker for me too.
If I host headscale on a VPS, is that as seamless of an experience as Tailscale? And would I miss out on features, like the Tailscale dashboard? How does the experience change for me (an admin type) and my users (non-technical types)?
There are some community webUIs for Headscale, headplane in particular looks pretty good: https://headscale.net/stable/ref/integration/web-ui/
I’m not sure otherwise how different the experience would be.
Headscale is great if you like networking fun, but that aside I’m not understanding why VC funding is such a black mark to the poster. Tailscale doesn’t generate meaningful revenue streams as its early-stage, so it has to secure funding to continue operations until they achieve high enough revenue to go public. That’s pretty standard in a business life-cycle, though. It seems like the main complaint is that Tailscale is a business. And what about the Linux Foundation? They are funded through private equity. Should you consider switching away because of that?
Not that it is a business but is a specific kind of business. VC funded startups eyeing an IPO more often than not start doing things users are not happy with. Maybe tailscale won’t, but might as well be aware what kind of company they are acknowledge there is a decent chance of rugpulls
The problem, though, is that VC-funded projects bite off way more than they can chew from the start and have to enshittify to keep shareholders happy at that level.
Growth for the sake of growth is a fundamentally broken concept. Tailscale provides a free service that many use. They already offer a paid support tier for companies, like other certain FOSS projects do, so why not call it good there? Grow based on actual customer needs, instead of shareholder bullshit “needs” (line must go up 🙄).
It seems like the main complaint is that Tailscale is a business. And what about the Linux Foundation?
The Linux Foundation is not a business.
The businesses that fund the Linux Foundation through private equity are though, aren’t they?
Sure. Do you have a point?
Yeah, I think you missed that. Go back through and reread comments please. Thank you.
Yup, I don’t know if that is OP’s intention, but I would agree myself with the complaint that “Tailscale is a business”
The way I see it, if it’s a business it must generate revenue (either now or down the road), and that is enough to have me worried. I do have a Tailscale registration, and the way they approach email communication is already a yellow flag to me (too many ad emails)
yellow flag to me (too many ad emails)
Weird. I’m not saying you’re lying, but besides the registration email, and onboarding welcome email, I can’t think of any others I’ve received from Tailscale. In fact, I just did a search of my email client, and those were the only ones I’ve received.
I do believe my experience in this regard is not representative of everyone, I probably failed to untick some checkbox (regarding communications) and the “too many ad emails” are a handful (in 3 months), which to me is a handful too much (having to untick a box should not be necessary)
That’s cool. I don’t like spam either. You are correct in that you should have to opt in instead of opt out.
That’s not really a justifiable reason, though. The Linux Foundation provides grants and scholarships to the open source community, but they do that through private equity business. So transitively, many open source projects are funded by businesses looking to capitalize on that innovation. Do you consider that when pulling from a git repository? No, that’s overbearing. Additionally Headscale is in part maintained by a Tailscale employee. That would surely create a conflict of interest given Tailscale is solely interested in generating revenue.
I get your point, though Tailscale specifically crosses a line for me in this sense:
- Using code created/maintained by businesses: ok
- Relying in infrastructure maintained by businesses: not ok
I am not that big of an enthusiast, but the way I see it, if a company goes rogue and you’re using their open source code, it’s just a matter of forking it (I’m thinking about Emby/Jellyfin as an example) If you rely on their infrastructure (such as Tailscale servers) then you are at the mercy of the companies
To that end: I’d say that OP is prettt on point by suggesting Headscale, you’re still “using Tailscale” in a sense, but without chaining yourself to the business
I am not that big of an enthusiast, but the way I see it, if a company goes rogue and you’re using their open source code, it’s just a matter of forking it (I’m thinking about Emby/Jellyfin as an example) If you rely on their infrastructure (such as Tailscale servers) then you are at the mercy of the companies
🏅
That’s not really a justifiable reason, though.
To you it isn’t, but to some of us it is. For me the standard business cycle is not acceptable because I almost inevitably end up under the bus.
The Linux Foundation isn’t a comparable example for me since it’s a non-profit. As a result it isn’t subject to the same market pressures for-profit businesses do, let alone VC-funded ones.
At this point, with everything I know and have experienced about the economy, politics and the world, I am trying to avoid depending on for-profit businesses as much as I can. I know how businesses operate, I know why they operate the way they do, I know what dynamics push them in the directions they go and I’m tired of being run over by the bus. If I ever form a business myself it would either be a non-profit, or a worker co-op, or both, as this will signal everyone who knows what I know what the direction of this business would be about.
Firstly, I’m not trying to start a flame war with commenters, I genuinely just disagree on something and some people are getting a little hot under the collar by it. The Linux Foundation comment I made because ultimately VC touches more than people think. Even its something that isn’t directly tied to VC, that money filters through groups like LF which is a non-profit and most would argue a quite legitimate organization. The point is there really is no separation or clear line of demarcation on what is “good” funding and what is “bad” funding.
The point is there really is no separation or clear line of demarcation on what is “good” funding and what is “bad” funding.
I understand and I disagree. A demarcation emerges from the goal of the funding and its effects. For me, one example of bad funding is funding that drives user acquisition at unsustainable prices by a firm that is also significantly controlled by the funding source. This is predominantly what VC-funding goes to. VC-funding that goes to a non-profit that the VC has no control over, where the VC can’t and does not demand financial return from, is not bad funding in my books. Corporate funding doing the same thing is also not bad funding. Government funding often has the least strings attached as it does not demand direct return, and this also is not bad funding. To top that off citizens can exercise control over government funding via the democratic process, unlike corporate or VC funding, where the vast majority have zero control, and are owed no accountability by the businesses.
Historically, Accel has never pushed acquisition. On the contrary, they do the opposite. Its why they VC fund over 300 companies, but you’ve never heard of them. That’s not to say they couldn’t, but they haven’t ever acted in that manner previously so logically it would be safe to assume that trend continues with Tailscale. I think that’s important here: its not about ability its about intent. If as a organization you give funding to another organization (even non-profits) you exercise at least some control over them as they are dependent on that money to function. This is actually a point other commenters have made in regards to Headscale. Headscale is maintained by a Tailscale employee. As they fund him personally, they can exercise some control over him as he depends on that money/employment. Again, even their comments circle back to ability vs intent. Tailscale could influence their employee, but would they? That’s where a lot of the VC argument goes. Its just speculation as what a group could do, not what they would do.
“The trend” is making money no matter what. That means they’re gonna screw you over eventually, the countdown has already begun, and it’s just a matter of time
That’s pretty standard in a business life-cycle, though
I don’t know where people ever got the idea that normal = acceptable. I hear this used to justify all sorts of awful crap. It was only ever normalized because users were apathetic.
And what about the Linux Foundation? They are funded through private equity. Should you consider switching away because of that?
Does The Linux Foundation have complete control over Linux?
So, companies should not be allowed to invest in other companies? Who is allowed to invest in companies then? Only private individuals? But those individuals are apathetic, so they have to be made to? Or if they don’t want to, then since other companies aren’t allowed, wealthy private individuals would need to? Its not normal because its acceptable, its normal because the alternative is fantastical and unrealistic.
To the other point, does Tailscale have complete control over Wireguard? They don’t control the technology behind that. They do for their control server tech and to some extent Headscale, but that’s not what its built on anymore then what’s built on Linux.
companies should not be allowed to invest in other companies?
That’s not what I’m saying. I’m just saying you need to be wary of companies that do because the inevitable end of that train is enshittification. Every. Single. Time.
does Tailscale have complete control over Wireguard?
Who’s talking about WireGuard? We were talking about Tailscale.
Tailscale builds on top of the Wireguard protocol, LF builds on top of (through grants/scholarships) the Linux OS. You can’t argue that it doesn’t matter that LF doesn’t have control over the underlying technology, but then argue that it does matter in Tailscale’s cause.
It doesn’t matter in either case. Neither of them have control over the underlying technology.
Does The Linux Foundation have complete control over Linux?
You’re the one who said it, though.
Yes I did say that. I don’t understand what you’re trying to communicate. TLF does not control Linux, just as Tailscale does not control WireGuard. Tailscale does control Tailscale. There’s nothing wrong with using Linux and there’s nothing wrong with using WireGuard. There may be something wrong with using Tailscale. I don’t know how to be more clear about this.
I’ve realized how easy it is to just actually run a network rather than half ass it with tailscale. I recommend this, it’s fun.
What’s the benefit over just WG?
WG is worthless in a CGNAT environment… And as we are in 2025 and time doesn’t stop it will be irrelevant for everyone someday, unless they fully support IPv6 (which I don’t know if they do, if you can use WG in a CGNATED network with IPv6 I’d like to know though, I am very rusty setting it up, but it might worth checking it out).
You dont need to manually handle the WG config files. This isn’t really an issue when it’s just you and your two devices, but once you start supporting more people, like non-technical family members, this gets really annoying really quickly.
Tailscale (and headscale) just require you to log in, which even those family members can manage and then does the rest for you. They also support SSO in which case you wouldn’t even have to create new accounts.
Your tech illiterate grandma can set it up. It’s that easy.
Personally, my ISP (T-Mobile 5G) has CGNAT and blocks all incoming traffic. I can’t simply Wireguard into my network. Tailscale has been my intermediary to get remote access.
I guess it’s time to figure how how to host an alternative on a VPS (I see Headscale mentioned in these comments).
Tailscale uses WG though, so it’s fundamentally the same thing. Like you said - just do Headscale on a VPS.
Or Wireguard on a VPS
No need to port forward, almost 0 config.
Easier/zero configuration compared to manual WG setup. Takes care of ports and providing transparent relay when no direct connection works.
Tailscale is a business seeking profit? (clutches pearls gasp)
It’s one of the key reasons why everyone here hates plex too so I don’t get why you’re acting like this isn’t a valid concern
…and what are current Plex users, that don’t like the direction Plex has taken, doing ? Riding the next horse. When Tailscale gets unbearable with their business practices, there are a lot of other options. Tailscale is just easy and it flippin’ works.
What next horse? There’s plex and there’s fully self hosting with Jellyfin or similar. The gulf is very wide between plex and that.
So, I don’t run the arr stack, or any of it’'s components. In fact, I’ve never even test run Plex. However, I hear that Emby is a better replacement coupled with Symfonium to take the place of PlexAmp. That seems to be the ‘next horse’ everyone is switching to, even tho Emby does seem to have some unresolved issues.
I just find the constant grind against profitability and capitalism to be a bit worn. I guess you could say I am fully ensconced in capitalism as I run three tax paying, for profit businesses. The issues I take with capitalism is unbridled, uncontrolled greed…when we place profit over principal. By all means tho, make yo’ paper son.
These are my opinions. There are many like them, but these ones are mine.
They also had a major ass security issue that a security company should not be able to get away with the other day: assuming everyone with access to an email domain trusts each other unless it’s a known-to-them freemail address. And it was by design “to reduce friction”.
I don’t think a security company where an intentional decision like that can pass through design, development and review can make security products that are fit for purpose. This extends to their published client tooling as used by Headscale, and to some extent the Headscale maintainer hours contributed by Tailscale (which are significant and probably also the first thing to go if the company falls down the usual IPO enshittification).
Isn’t that the entire design philosophy of tailscale?: reduce friction, at the cost of some security.
If security is your main priority, you should be using more secure options, even if they are less convenient or tougher to maintain.
Headscale maintainer hours contributed by Tailscale
Could you expand on this?
There’s a disclaimer in the readme: https://github.com/juanfont/headscale/?tab=readme-ov-file#disclaimer
The maintainer Tailscale contributes happens to be the lead developer by commit count at the moment.
Thank you!
pre-emptive pikachu face strike
