Hi @Ekwus 

Thanks for posting in our business forum.

Ekwus wrote

Just another up vote for supporting Tailscale.

 

The arguments being put against supporting it don't stack up. Saying it's not secure, costs money, increases support issues is just nonsense - you already support WireGuard and that's 95% of what TailScale is, most VPN solutions are some form of paid solution and everyone that has ever used it, says it's much simplier to use than any of the others!

 

Sounds more like that it doesn't support the Omada SDN architecture OR more likely, it's too similar to what TP-Link are trying to do themselves.

Ha. I use Tailscale as well.

• If you are a consumer, you don't even pay for its enterprise stuff. It has a business plan that charges you. You just use the personal version for free services.
• Not to mention, if you are in a location where there is no proper Tailscale server, you will buy a server to relay.
• Maintenance takes security measures to avoid others taking up your bandwidth.
• Domain is needed. SSL cert is required and you have to own enough knowledge for auto update SSL if you use a free 30-day cert. Or pay for the domain.
• Even if you use WRT, you gotta find a proper repo for the update Tailscale. If it does not update, the programmer, you will lose security fixes.
• If we natively support it, we will need to adjust and maintain. Don't you agree? Tailscale got updates frequently. We have a cycle of a minor fix quarterly. Major firmware update and adaptation every 6 months.
• Wireguard is the foundation of the Tailscale. Tailscale is not a protocol but a software. What we offer, as the WireGuard VPN, is the service based on the WG protocol.
• It would not be hard to get a computer in your network to use "--advertise-routes" on one of the computers in the LAN.

Of course you can crack the system and install WRT to gain freedom to install Tailscale on it. And as said before, your update is not under your control. 

Not to mention that avoids both warranty as well as the Omada integration.

Hi @saidearly

saidearly wrote

  @Clive_A 

 

Well, alot being said on this specific feature.

 

And you trying to justify why it shouldn't be added for some reasons, security, your brand reputation...etc.

 

Its just plain from this thread that alot of users are facing a challenge specially with CGNAT, wheb they want to get access to some home server or business.

 

With the limited IPv4 availability this CGNAT issue is only going to increase rather than reduce.

 

So instead of just ruling this feature out completely, why not provide a solution to include Zero trust tier of some form, be it any other party you deem reliable or one that is inhouse build?

 

That at least will provide an alternative and serve a need that is becoming necessary. Give user and your brand a win-win situation. Because zero trust tier are increasingly becoming a big need.

 

Just giving my cross thought on this issue.

Thanks for the insight. The dev did not think this is needed for our business users where public IPv4 is commonly used by our business users. They actually rejected requests like this before, or considered that this is not a priority to do in the long run. 

I did not say it explicitly. But let you know about what it is like on other open-source platforms. Now, here it is. I will not provide any further explanation or join the discussion. You can still upvote this thread.