I've never used Tailscale, but I want to highlight specifically for working with AWS, you could consider using AWS Systems Manager to access machines that are in private VPCs[1][2]. This has the advantage of reusing the same credentials used already for AWS, as well as being able to further restrict exactly what can be done with them.

[1]: https://aws.amazon.com/premiumsupport/knowledge-center/syste... [2]: https://medium.com/hackernoon/ditch-your-ssh-keys-and-enable...

Tailscale is insanely easy, simple, and pleasant to setup/manage compared to AWS anything. The thought of using a cloud-specific solution is kind of disgusting in comparison.

If Tailscale-the-product ever goes rogue or evil, I can always self-host wg or a full on tailscale-equivalent mesh myself. I sleep well knowing this.

https://github.com/juanfont/headscale

If you were looking for an open source, self-hosted implementation of the Tailscale control server (as far as I know, that is the only portion of tailscale that tailscale keeps proprietary, and this is the best open source implementation of it).

Edit: wow, this project has really grown from when I last saw it. It is able to configure the vast majority of tailscales base featureset such as ACLs, magic DNS, taildrop file sharing, and so much more. Incredible.

Thanks for pointing this out, going to give it a whirl! Does this solve the thing about having to login using one of Google, Microsoft or Github accounts?

Headscale seems to have experimental support for OpenID, so if you plonk it down next to a simple OpenID server for authentication you should be good. You should be okay with anything from SimpleID to Keycloak as long as it supports the right endpoints.

I have no idea how the official clients will deal with that, though, but I've never used tailscale myself.

> plonk it down next to a simple OpenID server for authentication

Could you please elaborate on this solution? I'm not sufficiently knowledgeable about OpenID to quite understand what you mean, but I'd like to avoid any of the mentioned SSO providers, as they're all blocked on my systems for personal use.

Added: Found these as per mention in your post:

[0] https://openid.net/connect/

[1] https://simpleid.org/

[2] https://www.keycloak.org/

... so I assume you mean that I could install one of [0-2] along with Headscale [3] to get the similar effect of installing Tailscael, just without those annoying SSO providers? I will see if I can find the time for examining that solution. Anything that can keep MS and Goog away is most welcome

[3] https://github.com/juanfont/headscale