I just got an email about this and here’s what they say:
> Your plan is unaffected and you can continue to use the Personal Pro plan as you normally do. However, Tailscale's new Free plan includes nearly everything that Tailscale has to offer for up to 3 users on a custom domain and 100 devices. This plan may be more aligned with how you use Tailscale. Go to the Billing page in the admin console to review your options.
So I’ve been paying them for a while now but now they’re telling me I could just get the same functionality with the free plan. I really like what this company is doing! Thank you Tailscale, I’ll just keep paying to show my appreciation!
Amazing. Was just discussing this with a friend yesterday as a way to build loyalty. I have so many subscriptions I pay for but rarely if ever use (often forgotten). How refreshing it would be to receive an email to the effect "hey we notice your paying but not using product X. Here's some ideas of how you could use it, otherwise consider downgrading to free plan". May be at odds with short term revenue, but I'd then be a brand advocate.
This is what github did a while ago, no? I was paying for some enterprise-y features that they added to the free plan and then stopped billing me. I know there's lots of MS hate here, but this was pretty unique IME
Love tailscale, but here's a company on the up, bouyed by the renewed impetus all around for zero trust, with its do no evil, free lunch for all, growth mindset. Comparing it with companies that have switched to rent-seeking is ironic, because if history is any indicator, most Day 1 companies of today will Day 2 out, eventually (not to say that being a Day 1 company is in anyway easy).
I think the point of free plans is that no money changes hands so there's no support or SLA, while base paid plan gets now more expensive.
So if you didn't need those, you save money now, but if you do, you have to pay up to get the same features (going from $50/year up to $200+/year if you are just using it alone). So it's not all pure altruism.
But I'm not a Tailscale user, this is just from what I see looking from outside.
I just got the opposite treatment from another service a couple of days ago. The API endpoints failed silently without an error, and when I logged in on the dashboard it said that my current plan was replaced. They didn't even sent an email.
They said he should reconsider if the free plan covers his usage, not that he'd get the same features. Which could be true if e.g you were only paying so you could get more than one user.
> we’ll bill you retrospectively each month for the number of users who actively used Tailscale [...] More importantly, it aligns our incentives. [..] With this change, we don’t get paid for a user in your tailnet until that user is getting value from Tailscale. That means it’s not just our job to sell seats, but to help you succeed.
Trust is one of the most valuable things in a brand seeking long-term relationships. But so many brands optimize for short-term metrics in ways that damage trust. E.g., places that make it much harder to close an account than open one. (NYT, GFY.) One I really dislike is subscription-based businesses that care more about getting signups than delivering value. It has made me deeply suspicious of joining anything with a subscription model. [1]
So I'm very glad to see Tailscale, whose product is great, taking such a thoughtful approach here. I think it's especially important for them, as trust is deeply necessary for them to succeed. I hope some other people learn lessons! E.g., I'd sign up for more streaming subscriptions if I were sure they'd not bill me a month where I didn't watch anything.
This is a really intelligent move on tailscales part. Yes, there are a few hobbyists who paid for the personal pro plan, I'm sure. But at $50 a year it's not exactly going to change the companies economics a lot. Then the next step was jumping into "Team" level which would actually be a major step down for a small hobbyist who wanted a lot of devices (Personal was 20 devices, Personal Pro was 100 devices, Team was 5x the use count. So 2 users... 10 devices). Realistically hobbyists are not going to be the bread-and-butter of Tailscale's business, so why not let them go crazy.
Looking at https://tailscale.com/pricing/ one of the other major changes that has been made, is the free plan now provides access to almost every feature. Going up to the $6/mo/use "Starter" plan actually loses you some features. So if you've had a taste of the good life, and want to keep it, but have more than three users… You are going to need to go to the premium or enterprise plans. Probably makes their sales process, super easy, since they don't need to give out trials to companies anymore, "free plan for a few users and try it out".
I see a lot of love for Tailscale, but I'm curious what people use Tailscale for? Is it mostly to access services running on an internal network? Do you use it for work or for fun?
The use case I can see is streaming from my personal Plex server from anywhere outside my home, but maybe I'm not thinking big enough.
- I have a bootmod3 WiFi adapter plugged into my street/track car with a combo 5G/Linux unit in the car connected to my Tailscale that streams continuous telemetry about the car whenever its turned on. I could in theory re-flash the ECU via this.
- Using https://tailscale.com/kb/ondemand-access/ alongside node/subnet grouping to create a very neat first step towards auditing access to sensitive production services/environments.
- I use server-based dev environments to keep my portable laptop as clean as possible with no source code on it. VS Code remote + Coder server are fantastic over Tailscale.
+ others. Tailscale I think solves the problem of node-to-node-to-subnet connectivity at a convenient and flexible layer.
"- I have a bootmod3 WiFi adapter plugged into my street/track car with a combo 5G/Linux unit in the car connected to my Tailscale that streams continuous telemetry about the car whenever its turned on. I could in theory re-flash the ECU via this."
Do you have a writeup or more details you can share around this? This sounds interesting.
> Entire site-to-site tunneling/routing. I didn't have to do anything for my parents I just dropped a subnet router at their place.
Can you elaborate? What do your parents need tailscale for? I mean my parents have internet purely by the telco dropping a router at their place and it just works, what is my family missing?
Tailscalar here. One of the main things I use Tailscale for is accessing my development box from anywhere in the world. I can't really develop on Windows so I'm used to ssh-ing into a NixOS machine that runs all my compilers. Tailscale makes accessing it so easy that I can just leave hundreds of emacs buffers open in various tmux panes and reconnect back when I want to do development again.
I also run some internal services over Tailscale, a lot of my personal projects have tsnet embedded into them so that my Prometheus machine can scrape and monitor them. My husband also uses one of those services daily to monitor some information that I publish there.
I also run the development instance of my blog over Tailscale and use Funnel to share it with people to review my writing before it goes live.
At work we use it a lot to let people poke around with changes to development instances of websites (like https://tailscale.dev) without having to push them to the cloud and wait for preview deploys. It is _stupidly convenient_.
Turns out you can do a lot of things with networks when you don't have firewalls making everything complicated.
Now that I think about it, there's also some other things I use it for. I embedded the Tailscale API into my VM manager waifud (https://github.com/Xe/waifud) so that I can pass a `--join-tailnet` flag to `waifuctl create` and plunk new virtual machines onto my tailnet with Tailscale SSH enabled. It makes testing things on arbitrary versions of Ubuntu so easy that it feels like I'm cheating.
My hypervisors are also subnet routers so my VMs can connect to eachother like they're on the same network. All the fun of static routing without any of the "fun" of static routing!
Speaking of Funnel, a holy grail use case is to be able to host one-off game sessions to an untrusted stranger who do would not trust this "Tell-scale thing" you require him to install or register an account for. Most frequently these kinds of spontaneous interaction happens over Discord, where perhaps you want to quickly show someone what you're building in Minecraft and have him make some suggestions in-game or something. Is there any possibility that Tailscale can improve on reducing friction for some of these more "social" use cases where the target demographic is not tech-savvy and distrustful?
As a consumer, I use it for two things and it does it well and very simply across all platforms:
1) When traveling, you can use one of your home computers as an "exit node" so you can watch Netflix, etc. abroad very easily. Much more reliable than using VPNs which can be blocked.
2) Accessing your internal network from wherever you are for Plex, Homebridge, IP cameras, or whatever.
I don’t have space for servers at home, so I use Tailscale to expand my home lab with a couple of VPS; the nice thing is that I can just block all ingress traffic in my provider’s control panel (Hetzner in my case) and just use these machines as they were part of my LAN, and I don’t have to worry about things like Docker exposing stuff to the public internet
Personally:
- I have a few raspberry Pis and PCs around the house. This lets me SSH into them for maintenance/etc. It’s also good for projects and stuff to use their DNS. Eg I can use “http://nas/photos” to get to my photo library instead of an IP address. No TLD is kinda cool (it’s just a net search group afaik so reproducible without them) but very memorable for the family. I’ve also gone as far as to embed their library in a go project I made - it means the same IP address and host name regardless of where the binary is running which is cool. This also means the binary knows who is who when accessing the website it hosts. The ease of doing this makes me feel like projects like OpenZiti bay be the future of zero trust and networking - embed the security into the code via a library and get all the global routing you need for free.
Work:
I work at a tiny company (5 of us). We do IOT stuff, and we have a lab with a bunch of equipment, mostly controlled by Raspberry Pis or similar. We’re small so we work in a private room in a coworking space. We use tailscale to manage the RPIs and keep consistent IP addresses when we don’t have control over the overall network. We also run some internal stuff in AWS over tailscale (eg our staging servers etc). It’s hands down the easiest option to onboard people too. It lets us access equipment from home if needed, and it’s super lightweight compared to other VPNs I’ve used.
I have my first year Pi running Diet Pi with Adguard Home and was just happy that I found a use for such an old machine that I was considering throwing.
The speed test in Diet Pi said that the latest Pis can complete them in a few seconds versus the minutes it took mine to setup, so figured it would be useless but had been working flawlessly as a dns at home and blocking all ads on all devices.
Adding Tailscale took it to the next level and now all my devices have ad blocking on LTE, public wifi, friends houses, everywhere.
I subnet advertise my entire home network, which I consume from my phone and laptop on the go. Primarily to access home assistant, plex and SSH without advertising any of those to the internet - people can and do get hacked both via plex and SSH :)
When travelling internationally, I use the exit node functionality to optionally switch on and off sending all my traffic back home to either work around geo-blocks for my home streaming services or as a pseudo-vpn replacement for particularly dodgy networks.
Accessing servers without the need to open their ssh port to the public internet. This is the main point for me. Such functionality could be achieved with other means of course but tailscale makes it so easy and reliable that I don't think any other solution can compete with it.
After I install the tailscale client on the server and do some very simple configuration on the tailscale web app to identify the new node I know I'll be able to access it no matter of any firewalls the node may be behind!
Standard VPN stuff really. Set it and forget it. Accessing my NAS and home machine without opening them up to the world mostly.
The most specific use aside from "it's my network, wherever" I've got is setting it up with NextDNS for adblocking no matter where I am in the world and regardless of what network I'm on https://tailscale.com/kb/1218/nextdns/
I am doing a lot of what people here said they are doing with tailscale but I just use plain wireguard. As I understand it tailscale makes various configurations automatic, management easy and provides features like authentication that wireguard does not have. But for a small number of hosts, it's fine to run wireguard itself and manage manually.
I have a NAS in my home, and my parents have a NAS in theirs. Everything is on Tailscale and I can SSH into either machine whenever I need. I've needed to do this a few times when I am on the road, but more commonly when I use Tailscale when I do a little remote tech support for my parents.
I don't expose anything to the internet and use it to access my Synology or my Unraid NAS, to stream Plex music to Plexamp, to check my home network when I am away, and in some cases I have used it to circumvent filtering Proxies by tunneling HTTP/HTTPS.
I found Tailscale for a specific reason, having a network where my various services can talk to each other without going thru HTTP for everything, i.e. ssh, scp, direct schemas for DBs.
And I use it for screen sharing my mac computers over the internet while traveling.
We use it at work. All our services run on private IPs on our own vnets, and we access them with Tailscale. We don't need to run a VPN tunnel, or manage public IPs and firewall rules.
Technically maintaining your Tailscale ACLs is the same as maintaining “firewall rules”. If you’re allowing any-any on your tailnet you are in a world of hurt if any endpoint gets compromised by e.g. ransomware.
We use Tailscale at $dayjob and the fact that we can ensure that marketing machines can’t access any engineering resources is the big win. And it “just works” through NAT.
Plex provides remote access without needing any additional services. Just enable it in the settings and you can access your library anywhere when you log in to plex.tv.
I'm a big Tailscale proponent, implementing it at work in early 2020. But for us I'm not sure this is great news. We have a small Tailnet of 5 users, paying $30 for the Team plan. If we went for Starter we'd save $18, but loose a lot of cool things Tailscale has come out with recently that we have been looking at, like user/group level ACLs, ACL Gitops,Tailscale SSH and Tailscale Funnel.
Alternatively we'd pay $36 for (3 free, 2 * $18) for Premium, which doesn't sound too bad. But the cost for each new user would be three times higher than it currently is (and Tailscale our most expensive SAAS product per person).
Or we stick to legacy pricing for now, and live with things like the Subnet Router limit which makes e.g. connecting home VoIP phones to the Tailnet price prohibitive.
So they used to have a $6/month/user plan that included Funnel and SSH, but now they moved those to the $18/month/user plan? That doesn't sound great, and it's disappointing that that's not even mentioned in the article
Yeah. I had a feeling of dread when I saw the "Changes to your Tailscale plan" email subject, but then was positively surprised by many of the changes. For smaller companies, getting the first three users for free will also be nice.
Previously almost all features were available [0] on all plans, though with certain restrictions that made sense (and some that didn't). I was hitting those limits and wanted to get approval for us to purchase the Team plan.
But now I see that features have been stripped out of the "new" Team plan — and was also frustrated that I couldn't find any information on this. I guess overall the pricing structure makes sense for them, but it's frustrating to not have this clearer in their article.
I suppose I can live without things like Funnel and SSH, and don't need Okta etc., but paying the new ACL tax for Starter to Premium (a $12 jump per user) is more painful.
Overall a positive, but with rough edges which unfortunately hurt me. But perhaps there'll be some tweaks in future, and perhaps again the opportunity to pay for individual feature upgrades.
Yeah, I'm in the same boat. I'm kinda confused about things like SSH and Funnel being moved to the Premium tier.
It feels a little odd that the Free tier lets you use Premium features indefinitely, but as soon as you get more colleagues onboard, you lose those features.
Unless you're looking carefully at the pricing page, you'd miss that Starter has many fewer features compared to Free.
Yeah, I thought the webpage was broken when I saw it! :D
I can understand that things like SSH and Funnel cost more, since they actually interact with their server infrastructure… but the removal of features and ACLs from Starter wasn't well communicated.
This is weird, currently I'm using the Free plan but I always wanted to upgrade to financially help Tailscale, but now that the Starter plan doesn't have SSH and Funnel, it would make more sense to stay on the Free plan instead.
It doesn't even make any sense, if it is available on the Free plan, why not give it to the Starter plan too?
Also, I may be misunderstanding the billing page, but it looks like Tailscale removed soft limits? On my billing page, it shows "Your tailnet has 3 more users than you are paying for. That’s fine, we have soft limits. Play around and upgrade your plan before April 30th 2024."
I use the free plan to access a little raspberry, opened the link with a bit of fear... Read the first phrase "The free plan....." :CRY: "....is expanding from one to three" NIIICE don't need any more user but I am happy that it's staying
I would love to see expanded personal options. The new free tier with 3 users is great, but trying to Tailscale for personal use for a family of more than three users while still using advanced features like Funnel is $18/user/mo, which is too high for personal/family use.
If anyone from Tailscale is around, would you consider a family or advanced personal tier for primarily non-commercial use, perhaps a moderate user limit, but more advanced features and lower pricing than Starter?
Readit News
> Your plan is unaffected and you can continue to use the Personal Pro plan as you normally do. However, Tailscale's new Free plan includes nearly everything that Tailscale has to offer for up to 3 users on a custom domain and 100 devices. This plan may be more aligned with how you use Tailscale. Go to the Billing page in the admin console to review your options.
So I’ve been paying them for a while now but now they’re telling me I could just get the same functionality with the free plan. I really like what this company is doing! Thank you Tailscale, I’ll just keep paying to show my appreciation!
I agree, this is a good way to treat customers (even small ones) and seems to be a rare occurrence!
So if you didn't need those, you save money now, but if you do, you have to pay up to get the same features (going from $50/year up to $200+/year if you are just using it alone). So it's not all pure altruism.
But I'm not a Tailscale user, this is just from what I see looking from outside.
> we’ll bill you retrospectively each month for the number of users who actively used Tailscale [...] More importantly, it aligns our incentives. [..] With this change, we don’t get paid for a user in your tailnet until that user is getting value from Tailscale. That means it’s not just our job to sell seats, but to help you succeed.
Trust is one of the most valuable things in a brand seeking long-term relationships. But so many brands optimize for short-term metrics in ways that damage trust. E.g., places that make it much harder to close an account than open one. (NYT, GFY.) One I really dislike is subscription-based businesses that care more about getting signups than delivering value. It has made me deeply suspicious of joining anything with a subscription model. [1]
So I'm very glad to see Tailscale, whose product is great, taking such a thoughtful approach here. I think it's especially important for them, as trust is deeply necessary for them to succeed. I hope some other people learn lessons! E.g., I'd sign up for more streaming subscriptions if I were sure they'd not bill me a month where I didn't watch anything.
[1] And I'm apparently not the only one: https://www.wsj.com/articles/people-are-sick-and-tired-of-al...
Looking at https://tailscale.com/pricing/ one of the other major changes that has been made, is the free plan now provides access to almost every feature. Going up to the $6/mo/use "Starter" plan actually loses you some features. So if you've had a taste of the good life, and want to keep it, but have more than three users… You are going to need to go to the premium or enterprise plans. Probably makes their sales process, super easy, since they don't need to give out trials to companies anymore, "free plan for a few users and try it out".
…and do the marketing for you. (Every other sysadmin is probably a hobbyist.)
The use case I can see is streaming from my personal Plex server from anywhere outside my home, but maybe I'm not thinking big enough.
- Access my services/servers at home from anywhere in the world. Friendly mobile apps as well that allow the same.
- In cloud environments (for work and fun), don't even bother provisioning public IPs and having to deal with those firewall rules, just use Tailscale
- https://tailscale.com/blog/tailscale-auth-nginx/ describes how you can integrate nginx proxying with Tailscale auth to both leverage SSO and the authenticated endpoint
- I have a bootmod3 WiFi adapter plugged into my street/track car with a combo 5G/Linux unit in the car connected to my Tailscale that streams continuous telemetry about the car whenever its turned on. I could in theory re-flash the ECU via this.
- Using https://tailscale.com/kb/ondemand-access/ alongside node/subnet grouping to create a very neat first step towards auditing access to sensitive production services/environments.
- I use server-based dev environments to keep my portable laptop as clean as possible with no source code on it. VS Code remote + Coder server are fantastic over Tailscale.
+ others. Tailscale I think solves the problem of node-to-node-to-subnet connectivity at a convenient and flexible layer.
Do you have a writeup or more details you can share around this? This sounds interesting.
Can you elaborate? What do your parents need tailscale for? I mean my parents have internet purely by the telco dropping a router at their place and it just works, what is my family missing?
I also run some internal services over Tailscale, a lot of my personal projects have tsnet embedded into them so that my Prometheus machine can scrape and monitor them. My husband also uses one of those services daily to monitor some information that I publish there.
I also run the development instance of my blog over Tailscale and use Funnel to share it with people to review my writing before it goes live.
At work we use it a lot to let people poke around with changes to development instances of websites (like https://tailscale.dev) without having to push them to the cloud and wait for preview deploys. It is _stupidly convenient_.
Turns out you can do a lot of things with networks when you don't have firewalls making everything complicated.
My hypervisors are also subnet routers so my VMs can connect to eachother like they're on the same network. All the fun of static routing without any of the "fun" of static routing!
There is so much more you can use it for though: - https://tailscale.dev/blog/funnel-101 - https://tailscale.com/blog/tsnet-virtual-private-services/ - https://tailscale.com/kb/1137/minecraft/
The cloud's the limit!
1) When traveling, you can use one of your home computers as an "exit node" so you can watch Netflix, etc. abroad very easily. Much more reliable than using VPNs which can be blocked.
2) Accessing your internal network from wherever you are for Plex, Homebridge, IP cameras, or whatever.
Personally: - I have a few raspberry Pis and PCs around the house. This lets me SSH into them for maintenance/etc. It’s also good for projects and stuff to use their DNS. Eg I can use “http://nas/photos” to get to my photo library instead of an IP address. No TLD is kinda cool (it’s just a net search group afaik so reproducible without them) but very memorable for the family. I’ve also gone as far as to embed their library in a go project I made - it means the same IP address and host name regardless of where the binary is running which is cool. This also means the binary knows who is who when accessing the website it hosts. The ease of doing this makes me feel like projects like OpenZiti bay be the future of zero trust and networking - embed the security into the code via a library and get all the global routing you need for free.
Work: I work at a tiny company (5 of us). We do IOT stuff, and we have a lab with a bunch of equipment, mostly controlled by Raspberry Pis or similar. We’re small so we work in a private room in a coworking space. We use tailscale to manage the RPIs and keep consistent IP addresses when we don’t have control over the overall network. We also run some internal stuff in AWS over tailscale (eg our staging servers etc). It’s hands down the easiest option to onboard people too. It lets us access equipment from home if needed, and it’s super lightweight compared to other VPNs I’ve used.
I have my first year Pi running Diet Pi with Adguard Home and was just happy that I found a use for such an old machine that I was considering throwing.
The speed test in Diet Pi said that the latest Pis can complete them in a few seconds versus the minutes it took mine to setup, so figured it would be useless but had been working flawlessly as a dns at home and blocking all ads on all devices.
Adding Tailscale took it to the next level and now all my devices have ad blocking on LTE, public wifi, friends houses, everywhere.
When travelling internationally, I use the exit node functionality to optionally switch on and off sending all my traffic back home to either work around geo-blocks for my home streaming services or as a pseudo-vpn replacement for particularly dodgy networks.
After I install the tailscale client on the server and do some very simple configuration on the tailscale web app to identify the new node I know I'll be able to access it no matter of any firewalls the node may be behind!
The most specific use aside from "it's my network, wherever" I've got is setting it up with NextDNS for adblocking no matter where I am in the world and regardless of what network I'm on https://tailscale.com/kb/1218/nextdns/
It took minutes to set up - dead easy.
And I use it for screen sharing my mac computers over the internet while traveling.
We use Tailscale at $dayjob and the fact that we can ensure that marketing machines can’t access any engineering resources is the big win. And it “just works” through NAT.
Alternatively we'd pay $36 for (3 free, 2 * $18) for Premium, which doesn't sound too bad. But the cost for each new user would be three times higher than it currently is (and Tailscale our most expensive SAAS product per person).
Or we stick to legacy pricing for now, and live with things like the Subnet Router limit which makes e.g. connecting home VoIP phones to the Tailnet price prohibitive.
Previously almost all features were available [0] on all plans, though with certain restrictions that made sense (and some that didn't). I was hitting those limits and wanted to get approval for us to purchase the Team plan.
But now I see that features have been stripped out of the "new" Team plan — and was also frustrated that I couldn't find any information on this. I guess overall the pricing structure makes sense for them, but it's frustrating to not have this clearer in their article.
I suppose I can live without things like Funnel and SSH, and don't need Okta etc., but paying the new ACL tax for Starter to Premium (a $12 jump per user) is more painful.
Overall a positive, but with rough edges which unfortunately hurt me. But perhaps there'll be some tweaks in future, and perhaps again the opportunity to pay for individual feature upgrades.
[0]: https://web.archive.org/web/20230417141600/https://tailscale...
It feels a little odd that the Free tier lets you use Premium features indefinitely, but as soon as you get more colleagues onboard, you lose those features.
Unless you're looking carefully at the pricing page, you'd miss that Starter has many fewer features compared to Free.
I can understand that things like SSH and Funnel cost more, since they actually interact with their server infrastructure… but the removal of features and ACLs from Starter wasn't well communicated.
It doesn't even make any sense, if it is available on the Free plan, why not give it to the Starter plan too?
Also, I may be misunderstanding the billing page, but it looks like Tailscale removed soft limits? On my billing page, it shows "Your tailnet has 3 more users than you are paying for. That’s fine, we have soft limits. Play around and upgrade your plan before April 30th 2024."
If anyone from Tailscale is around, would you consider a family or advanced personal tier for primarily non-commercial use, perhaps a moderate user limit, but more advanced features and lower pricing than Starter?