How is Tailscale better than Zerotier?

Being VC funded & having a serious marketing budget?

Tailscale's insistence on using third party auth is an absolute PITA. With the withdrawal of GMail's free email to a custom domain/workspace product, our org switched email provider. The pain that then followed with TS support to switch auth providers was bad. TS don't have familiarity with the auth services they are promoting, all of the options available add at least $5/user to the bill, and it was a massive timesink for a 'just works' service to switch configs. All because TS don't want to manage their own auth infrastructure (I don't buy the marketing BS around this).

Headscale (see github) looks like a good way of taking back control of the auth side-of-things, and if we go that route, tailscale will lose the revenue they could have otherwise retained if they were more on the ball.

GekkePrutser

I agree. I won't use any VPN that isn't completely self-hosted. I don't trust external auth providers (including when it's the provider themselves like with zerotier). It's like giving Microsoft or Google the keys to my house :/

But I think with headscale it can be fully self hosted: https://github.com/juanfont/headscale

I have yet to try it out but it looks pretty good.