Tailscale is not only running Wireguard on background, which is faster, lighter and well maintained than OpenVPN's, it also improves connectivity options for no cost at all until enterprise levels of infrastructure. I highly recommend it. The company also received its Series A investment recently, so they're scaling up faster and being able to experiment with new, very interesting features is a part of the experience that has a negative note to me, but not this time.
Unique Features- Tailscale has two unique features where I didn't seem to find anywhere else. First, it creates a network between devices that allows to call all of them by their hostname. This is important because of the second most important unique feature.
- It allows you to broadcast your VPN to a subnet providing acces to your Tailscale network in scenarios where this wouldn't be possible, since accessing the VPN would require it to be installed on some sort. This allows me to bypass and at the same time fix a lot of security issues.
All these changes would result in a diagram like this one
And that's even more important to my workflow, as the way I manage IAM and connect to each pod is through a central pod deployed to Kubernetes using this broadcast mode, whereas I only transmit to the subnet pods use. This allows me to call Kubernetes pods by their hostname outside the cluster without having to use any other tool, such as Telepresence, for example. As they have clients for all OSes's, I avoid exposing my cluster to the internet and enjoy Tailscale's capabilities of enhancing my infrastructure security and accessibility. (Disclaimer: I don't work for Tailscale nor know someone who does.)