Headscale includes and embedded DERP server but you need to run it. Their example yaml does have it disabled by default though.
- 0 Followers
- 0 Following
- 3 Posts
I avoided tailscale for so long because I was already using wireguard and I didn’t know you could self-host with headscale. But once I started using it with headscale the mesh design really is a big improvement to usability. I don’t miss having to carefully manage my config files and ip route rules.
I need to get setup with app connectors and then I think it’ll finally be a high enough wife-usability factor for me to remove some things I still have exposed over the internet.
DERP is the service that actually relays packets between tailscale connected devices when they are crossing a NAT (leaving one private network and going across the internet to another private network).
If you host headscale (the self-hosted community version of the tailscale control plane) and use it with tailscale, by default it will still use the public Tailscale DERP servers. Your traffic is still encrypted and not visible to them, but it does still rely on their centralized architecture even though you are hosting the control plane yourself.
That being said, you can also just selfhost DERP or use the embedded DERP that ships with headscale, although there are some other considerations when doing that because it will need to be publicly on the internet, probably with a proper domain name and publicly trusted certificate.
You can self host the control plane for Tailscale using a community project called Headscale. I use that along with Headplane which gives you a nice admin web UI.
ICE is using Palantir data to target neighborhoods, which is purchased directly from “advertising” data brokers. So “advertising” is only part of the story. It’s always been about delivering a surveillance state, it’s just not evenly distributed.
I usually miss the tiny text that says “includes a side” and then I panic when I need to make a decision while the waiter lists off all 14 sides including something incomprehensible like “Potato dunklets” and I have to ask them what that is even though everyone else knows that’s what the place is known for and now I’m the idiot that is taking forever to order and keeping everyone from their dunklets or whatever.
When I was a kid I used to say to my dad “Dad” and he would go “Yes sir Michael Caine” and I would just open my mouth and point in it and wait for him to pour beans in there.