Just started using Tailscale, super cool! Only issue so far is that one of my linux desktops is not evaluating the DNS correctly, but otherwise it’s working very well out of the box. I was planning on running Wireguard on a server in my home network to use as a VPN, but after learning about Tailscale exit nodes I’m considering whether that is necessary.
My question: an exit node functionally does the same thing as a VPN with less setup and hassle, but is it as secure? Would my internet traffic be more secure against Tailscale, my ISP, nosey people, etc if I used a VPN on top of Tailscale? Or is it just unneeded complexity?
You mean a privacy vpn like mullvad?
If you want to access your home network, the exit node is as secure as a Wireguard VPN you setup.
This is assuming you set up your Wireguard correctly. Otherwise, Tailscale exit nodes are more secure, since no ports are open and they know how to configure it.
Also, keep the following in mind:
VPN = Virtual Private Network. Tailscale is VPN
Using another host in VPN as an exit node is a secondary feature for VPN, actually optional.
So the question is simply incorrectly posed, the author fundamentally doesn’t understand the terms and words being used, therefore one can only answer by reading tarot cards or by observing the plumpness of geese flying over the Shire.
Why would do you think you need more ‘security’?
HTTPS is pretty good as it is!
let me rephrase my question then. Is it more secure to run another VPN on top of Tailscale, or the same amount of secure?
No, there won’t be any increased security. Moreover, if there’s a VPN connecting to an external server, there will be a single point known to the provider where the traffic goes, while Tailscale works through its derp servers which are used by different people. So in fact, Tailscale better conceals traffic direction than just having your own server to connect to.
Where are you using the VPN? On your client device that is connecting to the exit node, or on the exit node itself? You flat out can’t use an exit node and another full tunnel VPN at the same time on the same client as far as I am aware.
Nah because normally for peak performance it negotiates a direct connection