I'm a fan of TS and have been a paying customer for work infra for almost a year now. It really is well put together and easy to use, but I do run up against some issues/complaints when diving deep that I hope they can work out:
* The pricing tiers and included features by tier penalizes you in frustrating ways. The base plan is a reasonable $6/user/m, but if you want to use ACLs to control anything in a workable way, it jumps 3x to $18/u/m. Better solutions are available for that kind of money, and I shudder to imagine what the next tier ('call us') costs.
* Subnet routing broke on Ubuntu (maybe other distros) recently, and there were no alerts, communication from TS, or TS tools to pinpoint/figure out what was going on. I stumbled on a solution (install subnet router on a Windows box), and from there I searched and found others with that issue. Lost half a day in emergency mode over that!
* Better tooling to determine why it's falling back to DERP instead of direct for remote clients. DERP relays should be an absolute last resort to provide connectivity for Business-plan-level customers (very slow), and the way TS works just assumes any connectivity is fine.
Overall, the simplicity and abstraction of complex VPN networking is wonderful, but if you have issues or advanced needs, you are immediately thrust into the low-level UDP/NAT/STUN world you were trying to avoid. At that point, you're better off using a traditional VPN (WG, OpenVPN, or heaven forbid, IPSec), because it ends up being more straightforward (not easier) without the abstractions and easy-button stuff.
> * Better tooling to determine why it's falling back to DERP instead of direct for remote clients. DERP relays should be an absolute last resort to provide connectivity for Business-plan-level customers (very slow), and the way TS works just assumes any connectivity is fine.
Tailscale touts all the perf benefits of the wireguard protocol but in practice between the userland wireguard that seems to be used all the time on all platform (even linux) and the over reliance on DERP, it has none of the performance benefits of the real thing.
> I shudder to imagine what the next tier (cal us') costs.
There is no enterprise tier, instead you pay for any additional features you need. I.e. log streaming is 2$/month/user and SSH recording is 3$/month/user.
>$6/user/m, but if you want to use ACLs to control anything in a workable way, it jumps 3x to $18/u/m.
It's market segmentation, needing ACLs is a sign you're at least an SMB, and to a business of nearly any actual size, the difference between $6/user and $18/user is 0.
I wouldn't go that far. Big companies put a lot of effort into saving $12/seat.
But, if you can convince them they get >$18 of value from it they're usually happy to pay. With hobbyists it's more emotional. $6 is "just a coffee" and can be justified just to try it out. At $18/m is one of your household bills, and many will decide they enjoy watching Netflix more than messing around with Tailscale.
Uh I work for an enterprise of tens of thousands of users and $18 a month is not nothing for us. In fact considering the discounts we get at our size that would be so high we'd never consider it.
We don't even use windows enterprise for the same reason, we have legacy office 365 plans and lifetime windows licenses without the M365 addons because it saves is a few bucks per head. At our size, a few bucks a head quickly add up to millions per year. Microsoft keeps trying to dissuade us and they even pretend office 365 plans don't exist anymore ("office 365 is now microsoft 365") but they do: https://www.microsoft.com/en-us/microsoft-365/enterprise/off... . The same with their Copilot stuff. 30$ is a non starter. Our users want it but nope (and we did a trial in one big team and only 10% actually bothered to use it after the first month so I think it's more the idea of it that want rather than the actual product)
We don't use Tailscale but $6 would be feasible where $18 would be a complete nonstarter.
In fact our company is a lot more cost conscious than I am as a consumer.
Um, it's 3x the cost to get one feature. By your logic they should be charging $100/user/mo for the feature since that must also be the same. This is typical "enterprise" nonsense pricing and it will absolutely drive some adopters to look elsewhere.
It's zero for small businesses with a dozen employees. The moment you have a large business you run into an obvious problem: only a subset of your employees actually use the software, but if even a single user needs a higher tier you have to upgrade all users.
I really hope with this funding they can improve observability and give more love to power users who occasionally need to dig deeper without going full bare metal
The clean way to build this is with firewall configuration, opening ports, and static IPs. NAT/STUN and dynamic IPs are just a hack and I don't understand why people pretend this is an acceptable solution for professional networking. Working around an infrastructure that isn't a natural law but can be changed at our will seems like a big waste of time.
> I don't understand why people pretend this is an acceptable solution for professional networking
Because it IS acceptable for many cases.
Many businesses don't operate in such a way as to have centralised infrastructure solely for providing internal networking, nor would they want to add the additional administrative or unnecessary routing overhead.
Even locations that would traditionally be considered highly centralised often have some form of dynamic network fabric as an overlay. Pretty much the entirety of cloud infrastructure runs on such systems, and they seem to do OK.
> Overall, the simplicity and abstraction of complex VPN networking is wonderful, but if you have issues or advanced needs, you are immediately thrust into the low-level UDP/NAT/STUN world you were trying to avoid.
This is my experience too.
I actually came to believe the TS dream of device based VPN as opposed to AP or router based is the wrong thing because it gets confused by subnets and subnet routing so often, but also that the big security problem on networks is bad devices which it's not going to help you with unless you can wrap them up anyway.
That's one of the reasons I started playing with AP to AP real time video like https://github.com/atomirex/umbrella which is a nightmare case from the TS pov. The intention is to eventually wrap clients up on separate networks so they can only see each other via the (locally run) relay.
Agreed. This is why imho Tailscale does not scale very well. Awesome for home labs and small orgs as a VPN replacement, but not enterprise scale with abstrations that actually remove complexity. I wrote about it in this blog - https://netfoundry.io/vpns/tailscale-and-wireguard-versus-ne...
When I saw the new round, I was instantly worried about change in direction that will most likely come with this, and effectively drive away regular users from a tool that seems universally loved.
Similar sentiment can be seen in the discussion from three years ago [1] when they raised $100M.
When they raised the 100M three years ago, I'm pretty sure they said they didn't need it and were saving it for a rainy day (or words to that effect), always seemed very odd at the time. Two q's for anyone who cares to speculate: have they burnt the original investment already? And if not, why would they need more funding? AFAICS there's no real competition in the market place for their product today, the only thing I can conceive is that they have a secret 'tailscale 2' project in the wings which is massively developer or capital intensive. Let's hope it is nothing related to AI band wagoning :-)
Hm OK well thinking out loud, $100M / 3 is $33M / year?
I don't know much about Tailscale, nor about how much it costs to run a company, but I thought it was mostly a software company?
I would imagine that salaries are the main cost, and revenue could cover salaries? (seems like they have a solid model - https://tailscale.com/pricing)
I'm sure they have some cloud fees, but I thought it was mostly "control plane" and not data plane, so it should be cheap?
I could be massively misunderstanding what Tailscale is ...
There might be other things going on in the US that you could maybe possibly have heard about, and investors are looking for different places other than the US stock market to invest their money, and Tailscale is looking to have a war chest because of the exceedingly possible case that we're headed into a global recession.
> AFAICS there's no real competition in the market place for their product today
What does this mean? They are competing with regular legacy VPNs for sure. Despite tailscale existing for the last 4 years, none of the large corporate clients even got closed to it. They were all on junk from Cisco, Palo Alto, to connect employees to corp net. A “cutting edge” one might use cloudflare warp.
You might be right that there isn’t much competition for pure distributed, but it turns out the market for that is actually quite small and it’s for people who can’t afford dedicated IPs or cloud instances.
Raising money here is a bad sign IMO unless it’s for a completely new product that requires servers at exchanges to eat CDNs like cloudflare’s lunch.
There is tons of competition for Tailscale. Its 'just' an easier to use VPN with a great GTM exceution. I think they need more money as they need to fundamentally re-architect their solution to sell into enterprise use cases they their valuation requires.
There are plenty of enterprises that will pay them to run their services and provide better integrations while allowing open source users to continue. Now people will get upset because some of these things will be for those customers only but it is very hard to keep developing these things and give them out for free. Partially open source still allows those to extend the work they give to the community and they will probably still continue to have a free tier to get more enterprise customers in the end.
This is mostly so that the founders can take some money off the table. The founders probably have $10 million cash after this and don't have to worry about rent ever again.
Tailscale is a great. I think of it as a swiss army knife for easier routing and connectivity.
I use it in projects to stream internet / connectivity from my phone to the NVIDIA Jetson line, making my robotics projects easily accessible / debuggable:
That was our initial use case for Tailscale as well. May 2020 we started growing a team and needed a really smooth remote access solution for a bunch of Xaviers... and we weren't allowed to be in the same room together :)
How is Tailscale going to achieve at least $1B in annual revenue? That’s the kind of promise that would have to be made to investors in order to raise funding of this magnitude.
$1B annual revenue is ~4m business users. This is considerably smaller than e.g. Zscaler or Okta. It's a big goal, but achieving it does not require them to sign a majority of businesses or build a monopoly.
As someone who currently has their photo on a company's 'About Us' page, I hate it. Why does anyone care who the nth developer is? Let me just do my job without forcing me to be publicly listed for spammers and scammers to target me.
It's super useful to potential hires about the kind of team you're building. Especially if there's some kind of niche you're in (product, tech, region, whatever). There are people who I would climb mountains to work with, and others within a niche whose very presence in a company is enough to steer me away. Another signal for me is the fraction of xooglers in the engineering team.
I agree it's silly, but worth noting is that the target audience for those pages are usually:
1. Potential customers
2. Potential investors
Both groups are a lot more swayable by social proof from seeing the "investors" than the devs as they infer a lot of credibility based on who has funded you. Similarly that's why you often see big company logos on marketing pages because it makes other customers more likely to buy. "<xyz> is too big to be wrong about this product"
I think my employer decided to remove all non-executives at some point to ward off headhunters. Not sure how much it helps considering everyone's on LinkedIn.
TBF, the folks who get actual value out of knowing who works at Tailscale already know who works there :)
They're not exactly secretive, there's just little value to have it on the main company page. (And if you just want pictures, https://tailscale.com/careers has that too.)
I think they might be operating at a scale that breaks those kinds of pages at this point? Not literally, of course, just they're past the point where the page makes sense.
Eh. Investors/advisors don't change that frequently. And often people will go "oh? Sequoia generally invests in good companies, the invest in X? They might be worth while to buy/work for".
Putting people on the website is, very variable. Do you update the website every week or two when someone comes or leaves? Well that's awkward if someone is fired.
You get to 100 people, then 200 people. Now what do you do? Remove everyone? Only put people on above a certain level? What do you do when someone asks you not to be listed. Or when John becomes Jane, but doesn't want to be super duper public about it?
Or, when your company gets media attention and now the moment you add/remove someone from the website you get news or social media posts about it?
This is a press release targeted by rapacious capitalists. By mentioning other big named investors, you keep the grift going and continue securing future funding until IPO.
When we started Tailscale in 2019, we weren't even sure we wanted to be a venture-backed company. We just wanted to fix networking. Or, more specifically, make networking disappear — reduce the number of times anyone had to think about NAT traversal or VPN configurations ever again.
I just this past weekend was looking into setting up a personal networking solution- and looked hard at TailScale and their competitors. I do not like- that Tailscale has chosen to only allow SSO sign-in - as that forces one to have a Microsoft,Github[MS], Google, or Apple account- and I presume that leaves one at the mercy of those companies for the free option.
I will probably eventually cave and use my main account from one of those companies since creating true secondary accounts can be difficult(they end up tied back to your main account on the backend usually, So if something happens to one or the company does something- it'll affect everything and building separation is not easy.) - But I dislike that sort of design.
t weekend was looking into setting up a personal networking solution- and looked hard at TailScale and their competitors. I do not like- that Tailscale has chosen to only allow SSO sign-in - as that forces one to have a Microsoft,Github[MS], Google, or Apple account- and I presume that leaves one at the mercy of those companies for the free option.
It is commendable that TS has created a market in an already crowded marketplace of VPN tools. They're competing with Palo Alto, Netskope, Check Point, and Cisco, to name a few.
One key understanding from my brief market experience is that you must build a firewall or router if you really want to own the VPN market. The way the sale is done is that the vendor goes in with the firewall, router, and switch, offering office space connectivity with the infrastructure and various network locations and upselling the VPN. This often accounts for the subpar quality of VPN software. There is a trend called SASE, which includes technologies like TS; people are questioning the enterprise value of SASE. Netskope and Cato Networks are some examples.
I believe that their enterprise journey will be challenging, given the player's extensive experience in upmarket sales. Although TS appears appealing and has potential for improvement, the GTM is entirely unique for enterprise. You need to build reseller network, System integrator partners, high value customizations, etc.
If you decide to embrace the security positioning, you must have a diverse portfolio of products. If you model the org. around Palo Alto et al., you need a huge diversity of products, VPN, hardware, cloud security tools, app security tools, etc., as the ICP (CISO) is trying to optimize their allocated budget. People in enterprise are ok with good enough products as long as they meet compliance standards, fit the budget, and does not disrupt operations.
It could be that they might acquire bunch of companies with this capital.
Readit News
* The pricing tiers and included features by tier penalizes you in frustrating ways. The base plan is a reasonable $6/user/m, but if you want to use ACLs to control anything in a workable way, it jumps 3x to $18/u/m. Better solutions are available for that kind of money, and I shudder to imagine what the next tier ('call us') costs.
* Subnet routing broke on Ubuntu (maybe other distros) recently, and there were no alerts, communication from TS, or TS tools to pinpoint/figure out what was going on. I stumbled on a solution (install subnet router on a Windows box), and from there I searched and found others with that issue. Lost half a day in emergency mode over that!
* Better tooling to determine why it's falling back to DERP instead of direct for remote clients. DERP relays should be an absolute last resort to provide connectivity for Business-plan-level customers (very slow), and the way TS works just assumes any connectivity is fine.
Overall, the simplicity and abstraction of complex VPN networking is wonderful, but if you have issues or advanced needs, you are immediately thrust into the low-level UDP/NAT/STUN world you were trying to avoid. At that point, you're better off using a traditional VPN (WG, OpenVPN, or heaven forbid, IPSec), because it ends up being more straightforward (not easier) without the abstractions and easy-button stuff.
Tailscale touts all the perf benefits of the wireguard protocol but in practice between the userland wireguard that seems to be used all the time on all platform (even linux) and the over reliance on DERP, it has none of the performance benefits of the real thing.
https://tailscale.com/blog/more-throughput
Not sure if the kernel implementation pulled ahead again, I don't really follow these things.
Also not defending tailscale, I respect them but I agree they are a one size fits some solution.
There is no enterprise tier, instead you pay for any additional features you need. I.e. log streaming is 2$/month/user and SSH recording is 3$/month/user.
It's market segmentation, needing ACLs is a sign you're at least an SMB, and to a business of nearly any actual size, the difference between $6/user and $18/user is 0.
I wouldn't go that far. Big companies put a lot of effort into saving $12/seat.
But, if you can convince them they get >$18 of value from it they're usually happy to pay. With hobbyists it's more emotional. $6 is "just a coffee" and can be justified just to try it out. At $18/m is one of your household bills, and many will decide they enjoy watching Netflix more than messing around with Tailscale.
We don't even use windows enterprise for the same reason, we have legacy office 365 plans and lifetime windows licenses without the M365 addons because it saves is a few bucks per head. At our size, a few bucks a head quickly add up to millions per year. Microsoft keeps trying to dissuade us and they even pretend office 365 plans don't exist anymore ("office 365 is now microsoft 365") but they do: https://www.microsoft.com/en-us/microsoft-365/enterprise/off... . The same with their Copilot stuff. 30$ is a non starter. Our users want it but nope (and we did a trial in one big team and only 10% actually bothered to use it after the first month so I think it's more the idea of it that want rather than the actual product)
We don't use Tailscale but $6 would be feasible where $18 would be a complete nonstarter.
In fact our company is a lot more cost conscious than I am as a consumer.
Do you have more infos on this one? I use Debian and that would be a major problem for me.
The clean way to build this is with firewall configuration, opening ports, and static IPs. NAT/STUN and dynamic IPs are just a hack and I don't understand why people pretend this is an acceptable solution for professional networking. Working around an infrastructure that isn't a natural law but can be changed at our will seems like a big waste of time.
Because it IS acceptable for many cases.
Many businesses don't operate in such a way as to have centralised infrastructure solely for providing internal networking, nor would they want to add the additional administrative or unnecessary routing overhead.
Even locations that would traditionally be considered highly centralised often have some form of dynamic network fabric as an overlay. Pretty much the entirety of cloud infrastructure runs on such systems, and they seem to do OK.
This is my experience too.
I actually came to believe the TS dream of device based VPN as opposed to AP or router based is the wrong thing because it gets confused by subnets and subnet routing so often, but also that the big security problem on networks is bad devices which it's not going to help you with unless you can wrap them up anyway.
That's one of the reasons I started playing with AP to AP real time video like https://github.com/atomirex/umbrella which is a nightmare case from the TS pov. The intention is to eventually wrap clients up on separate networks so they can only see each other via the (locally run) relay.
Similar sentiment can be seen in the discussion from three years ago [1] when they raised $100M.
[1] https://news.ycombinator.com/item?id=31259950
If you raise $100M you have to put $100M to work or you'll hear constant shit from your board over it.
If they raised $160M they're going to spend $160M on something. My guess would be a lot of enterprise features and product integrations.
I don't know much about Tailscale, nor about how much it costs to run a company, but I thought it was mostly a software company?
I would imagine that salaries are the main cost, and revenue could cover salaries? (seems like they have a solid model - https://tailscale.com/pricing)
I'm sure they have some cloud fees, but I thought it was mostly "control plane" and not data plane, so it should be cheap?
I could be massively misunderstanding what Tailscale is ...
Did the product change a lot in the last 3 years?
What does this mean? They are competing with regular legacy VPNs for sure. Despite tailscale existing for the last 4 years, none of the large corporate clients even got closed to it. They were all on junk from Cisco, Palo Alto, to connect employees to corp net. A “cutting edge” one might use cloudflare warp.
You might be right that there isn’t much competition for pure distributed, but it turns out the market for that is actually quite small and it’s for people who can’t afford dedicated IPs or cloud instances.
Raising money here is a bad sign IMO unless it’s for a completely new product that requires servers at exchanges to eat CDNs like cloudflare’s lunch.
Would this service be comparable to Headscale[0]?
[0] https://github.com/juanfont/headscale
I was about to slog through AI search results looking for an alternative.
I use it in projects to stream internet / connectivity from my phone to the NVIDIA Jetson line, making my robotics projects easily accessible / debuggable:
https://github.com/burningion/bicyclist-defense-jetson?tab=r...
They've since raised more funding recently, and have larger use cases in mind for robotics: https://rerun.io/blog/physical-ai-data
I've spoken with members of the team, and they're all great. Wouldn't hesitate to use the product / work with them anywhere.
Please no.
That said, Tailscale is one of the products that just works.
Maybe a slight bias on my part as I'm a developer and not an investor.
And not that funding or advising is less important, but it's a nice feeling connecting a product I like to faces who make it happen.
1. Potential customers
2. Potential investors
Both groups are a lot more swayable by social proof from seeing the "investors" than the devs as they infer a lot of credibility based on who has funded you. Similarly that's why you often see big company logos on marketing pages because it makes other customers more likely to buy. "<xyz> is too big to be wrong about this product"
They're not exactly secretive, there's just little value to have it on the main company page. (And if you just want pictures, https://tailscale.com/careers has that too.)
https://www.cloudflare.com/people/
Putting people on the website is, very variable. Do you update the website every week or two when someone comes or leaves? Well that's awkward if someone is fired.
You get to 100 people, then 200 people. Now what do you do? Remove everyone? Only put people on above a certain level? What do you do when someone asks you not to be listed. Or when John becomes Jane, but doesn't want to be super duper public about it?
Or, when your company gets media attention and now the moment you add/remove someone from the website you get news or social media posts about it?
https://github.com/tailscale/tailscale/tree/main/logtail
https://apenwarr.ca/log/20190216 / https://archive.vn/xlsA1
I will probably eventually cave and use my main account from one of those companies since creating true secondary accounts can be difficult(they end up tied back to your main account on the backend usually, So if something happens to one or the company does something- it'll affect everything and building separation is not easy.) - But I dislike that sort of design.
https://tailscale.com/kb/1240/sso-custom-oidc
What is going on with your sentences man.
One key understanding from my brief market experience is that you must build a firewall or router if you really want to own the VPN market. The way the sale is done is that the vendor goes in with the firewall, router, and switch, offering office space connectivity with the infrastructure and various network locations and upselling the VPN. This often accounts for the subpar quality of VPN software. There is a trend called SASE, which includes technologies like TS; people are questioning the enterprise value of SASE. Netskope and Cato Networks are some examples.
I believe that their enterprise journey will be challenging, given the player's extensive experience in upmarket sales. Although TS appears appealing and has potential for improvement, the GTM is entirely unique for enterprise. You need to build reseller network, System integrator partners, high value customizations, etc.
If you decide to embrace the security positioning, you must have a diverse portfolio of products. If you model the org. around Palo Alto et al., you need a huge diversity of products, VPN, hardware, cloud security tools, app security tools, etc., as the ICP (CISO) is trying to optimize their allocated budget. People in enterprise are ok with good enough products as long as they meet compliance standards, fit the budget, and does not disrupt operations.
It could be that they might acquire bunch of companies with this capital.