Interesting. I would never use a hosted VPN service because I want to be the only one who controls access. For this reason I don't use something like ZeroTier either (even though that can technically be self-hosted, it's not easy). But Mesh VPN is a great option.
I wonder if Headscale can also use internal credentials? As far as I remember with tailscale you had to log in with Google or Microsoft which is another total deal-breaker. But I haven't looked at it in ages as the hosted variety was a non starter anyway. Edit: Indeed they now have local logins, but still I would want to be the only one who controls access :)
I don't have a problem with paying for a good product, it's just the control that's an issue for me. For something as crucial to security as this, it needs to lie with me alone. Though I do prefer to just buy software outright instead of subscription models. Since I will do my own hosting, I don't think this is too much to ask. Perhaps they could offer a paid tier for people using headscale.
from the project page:
https://github.com/juanfont/headscale
>Node registration
> • Single-Sign-On (via Open ID Connect)
> • Pre authenticated key