Have you used their product? It’s a gd joy to use. In casual use, I haven’t run into any bugs at all. It took me all of about ten minutes to get set up, it just works, and I didn’t have to think too hard about it.
What’s their secret? A great product that people want to talk about.
What does it offer over plain wireguard? WG is just so simple and easy to set up that I don't see the point at all.
If it was _only_ for my use, I might consider that option. However, my wife would laugh at me if I asked her to set up wireguard on any of her devices. Yes, it's documented. Yes, she could probably figure it out. But why should she have to when there's an even easier option? And why should I have to administer a Wireguard server somewhere when I could just not do that?
Not everybody needs/wants to do things manually. It's literally the reason for the existence of paid services.
I get your point - most people just don't like using computers and networking is scary (but are non-technical people part of the customer base here?). I'm just not convinced that the amount of work to set up wireguard is more than the amount of work to install and set up tailscale. Copy-paste IP and public key vs. download and login.
I don't see much value-add when I'm already going to be running servers anyway - wireguard is basically free as it's in-kernel everywhere. What's the argument for increasing my attack surface and introducing a centralized failure point and new recurring payment?
Yes and also I don't want another thing to maintain.
> but are non-technical people part of the customer base here?
Yes. I'm 100% sure that there are companies that use Tailscale that employ nontechnical people who need access to resources only available on the VPN.
> I'm just not convinced that the amount of work to set up wireguard is more than the amount of work to install and set up tailscale. Copy-paste IP and public key vs. download and login.
For you, maybe it's so simple it's not worth thinking about different options. For me, it doesn't make much sense. I've made a concerted effort to remove publicly accessible, self-managed infrastructure from my network. I just don't want to deal with it. I do not have a VPS to install a Wireguard server on, I'm not interested in setting one up, and I really don't need it in the first place (especially if Tailscale gets me into my home network).
> wireguard is basically free as it's in-kernel everywhere
Not everyone runs Linux. There is a time cost for user set up as well - even if I wanted to run my own wireguard server, I'm probably not going to hand out access to people to SSH in and do a self-service type signup. Therefore, it falls on me. With Tailscale, I (or somebody else) can just add a Github user to an org and the rest can be done by an end user. The majority of the people who I'd want on my Tailscale network are already in a Github org that I control, so I usually don't even need to do that.
> What's the argument for increasing my attack surface and introducing a centralized failure point and new recurring payment?
The same as it is for any other paid service: running this myself requires more time and effort than it's worth (not just setup -- end user support, maintenance, upgrades, etc factor in too) + I'm willing to let somebody else take care of it for me. For my uses, Tailscale is actually free but I'm thinking about switching away from the Github Community Plan to a paid plan specifically because the product is good enough that I want to pay for it.
Also: if you're more inclined to self-host your stuff, you can get the best of both worlds via https://github.com/juanfont/headscale