Playing around with a new self-host NAS OS, finally thought about Tailscale. But, I see it wants a login to an account. Checking online, seems I have to use Google, Apple, MS, Github or OIDC (which iassume costs money based on the site).

So how tf y’all setting to your tail scale stuff? I’m not using a big brother us tech account for auth on this thing. Think I’d rather go back to regular wireguard if that’s the case.

Edit: OK I see you can use regular email. It didn’t load the webpage correctly the first time or I missed it. Odd. Anyway, I do don’t want an account add I don’t want to risk any data compromise at some point

  • Toribor@corndog.socialEnglish
    2·
    1 hour ago

    You can self host the control plane for Tailscale using a community project called Headscale. I use that along with Headplane which gives you a nice admin web UI.

    Then you just use the tailscale client on devices like normal but you authenticate new clients with your endpoint instead of the centralized one.

  • dieTasse@feddit.orgEnglish
    11·
    7 hours ago

    I will teach you a trick. Login with e.g. github. Create a tailnet. Create new user invite link, use it yourself - you can setup login with passkey to this second user. Promote to admin. Leave with your github user. Voila you have an account and tailnet with only passkey, no big brother oauth or anything.

  • DecronymBEnglish
    2·
    1 hour ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    NAT Network Address Translation
    VPN Virtual Private Network
    VPS Virtual Private Server (opposed to shared hosting)

    3 acronyms in this thread; the most compressed thread commented on today has 9 acronyms.

    [Thread #131 for this comm, first seen 3rd Mar 2026, 00:01] [FAQ] [Full list] [Contact] [Source code]

  • illusionist@lemmy.zipEnglish
    6·
    11 hours ago

    Since when can you use regular email? That’s odd. When i checked it out it wasn’t possible and there was even a post why. That tailscale is no identity provider and such things

  • nfreak@lemmy.mlEnglish
    14·
    14 hours ago

    If you have a VPS, consider setting up either Headscale or Netbird if you don’t want to use any of Tailscale’s built-in auth methods (with all necessary security precautions taken of course). If that’s not an option I’d suggest going back to Wireguard for sure.

    • frongt@lemmy.zipEnglish
      1·
      10 hours ago

      Is there a good guide? I tried setting up headscale and tailscale and I got everything running and linked, but it doesn’t pass traffic for the routes I’ve enabled and I’m not sure how to troubleshoot it.

      • stratself@lemdro.idEnglish
        1·
        6 hours ago

        most of the guides can be outdated because the software changes a lot. You’d find some better support writing on their Discord guild

  • node815@lemmy.worldEnglish
    4·
    13 hours ago

    I use Pocket-ID for my OIDC and it was easy to set up with Tailscale, you just have a custom domain which I do and I just login with my OIDC Account which is 100% self hosted on my local server.

  • irmadlad@lemmy.worldEnglish
    5·
    13 hours ago

    I don’t want to risk any data compromise at some point

    What data compromise are you worried about?

    • End-to-End Encryption: Tailscale utilizes WireGuard
    • No Centralized Servers: Tailscale creates a direct peer-to-peer connection between devices
    • Minimal Metadata: Tailscale may collect some metadata to facilitate connections, but this info does not include the content of your data.
    • User-Controlled Access: You have control over which devices can connect
    • Tailscale does not, and cannot inspect your traffic

    I’m not the Tailscale sales person. Go with whatever suites your threat model. I am just curious what data compromise you are concerned with. If it’s the metadata aspect, you already blew that away when you made the post here at Lemmy, even assuming you are using a VPN.

    • nfms@lemmy.mlEnglish
      2·
      8 hours ago

      I went with GitHub. In the end it’s just an OAuth service, to provide identity. It’s not used to gather data on you (just the same we already share by visiting regular websites).
      I’m still gonna lookup Headscale and Wireguard because It’s been on my radar.

      • u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.orgEnglish
        2·
        5 hours ago

        Problem with plain Wireguard is if you can’t open ports on some devices to get a direct connection. It should be just fine with hub and spoke model, but NAT Traversal of Tailscale makes a huge difference. I can get a direct connection between 2 devices connected to mobile data and behind CG-NAT.
        And also the config management if you have too many devices.

        Hub and spoke, you just add new devices to Wireguard on the main device, and the new peer. Full mesh, oof.

        But as far as configuring Wireguard goes, that’s pretty simple. And then there’s the weird stuff with MTU and fragmentation… but that’s not something Wireguard-specific.