This is all great stuff, and reasons to respect Tailscale, but honestly the killer feature for their big-money customers, and the reason I have such strong feelings about it, is much simpler: Tailscale does SSO login, and does it extremely well. If you're running a security practice for a growing tech company, one of the most important early jobs you have is getting all your services migrated to SSO. VPNs are notoriously annoying to SSO (I have seen some janky Okta integrations for OpenVPN).
It’s atrocious. We are using OpenVPN with Okta LDAP and you have to type “password,totpcode” as your password. Alternatively you can type just your password and wait for it to send a push to your phone while OpenVPN is completely blocked waiting. You have a yubikey? That’s a damn shame.
Training and support for this for our entire company was a pain in the ass. I also felt embarrassed having my name on rolling out something so janky.
We are trialing Tailscale now and onboarding is two minutes and practically doesn’t need a guide (Download the app. Click login. Okta auth however you want). Our OpenVPN guide is like 8 pages.
