Tailscale has raised $160M
When I saw the new round, I was instantly worried about change in direction that will most likely come with this, and effectively drive away regular users from a tool that seems universally loved.
Similar sentiment can be seen in the discussion from three years ago [1] when they raised $100M.
Tailscale is a great. I think of it as a swiss army knife for easier routing and connectivity.
I use it in projects to stream internet / connectivity from my phone to the NVIDIA Jetson line, making my robotics projects easily accessible / debuggable:
https://github.com/burningion/bicyclist-defense-jetson?tab=r...
How is Tailscale going to achieve at least $1B in annual revenue? That’s the kind of promise that would have to be made to investors in order to raise funding of this magnitude.
Off-topic, but it makes me laugh that companies will list their “investors”, “advisors”, etc. on their company page, but not the people working there.
That said, Tailscale is one of the products that just works.
I just this past weekend was looking into setting up a personal networking solution- and looked hard at TailScale and their competitors. I do not like- that Tailscale has chosen to only allow SSO sign-in - as that forces one to have a Microsoft,Github[MS], Google, or Apple account- and I presume that leaves one at the mercy of those companies for the free option.
I will probably eventually cave and use my main account from one of those companies since creating true secondary accounts can be difficult(they end up tied back to your main account on the backend usually, So if something happens to one or the company does something- it'll affect everything and building separation is not easy.) - But I dislike that sort of design.
It is commendable that TS has created a market in an already crowded marketplace of VPN tools. They're competing with Palo Alto, Netskope, Check Point, and Cisco, to name a few.
One key understanding from my brief market experience is that you must build a firewall or router if you really want to own the VPN market. The way the sale is done is that the vendor goes in with the firewall, router, and switch, offering office space connectivity with the infrastructure and various network locations and upselling the VPN. This often accounts for the subpar quality of VPN software. There is a trend called SASE, which includes technologies like TS; people are questioning the enterprise value of SASE. Netskope and Cato Networks are some examples.
I believe that their enterprise journey will be challenging, given the player's extensive experience in upmarket sales. Although TS appears appealing and has potential for improvement, the GTM is entirely unique for enterprise. You need to build reseller network, System integrator partners, high value customizations, etc.
If you decide to embrace the security positioning, you must have a diverse portfolio of products. If you model the org. around Palo Alto et al., you need a huge diversity of products, VPN, hardware, cloud security tools, app security tools, etc., as the ICP (CISO) is trying to optimize their allocated budget. People in enterprise are ok with good enough products as long as they meet compliance standards, fit the budget, and does not disrupt operations.
It could be that they might acquire bunch of companies with this capital.
When we started Tailscale in 2019, we weren't even sure we wanted to be a venture-backed company. We just wanted to fix networking. Or, more specifically, make networking disappear — reduce the number of times anyone had to think about NAT traversal or VPN configurations ever again.
Investors expect that Tailscale will extract many multiples of their contribution from users.
If you'd like to avoid this extraction, you can fork their command line client code (along with the open source headscale server) and run a mesh network across your linux machines with all the magic DNS and userspace-TCP/IP-stack goodness that you're used to. Tailscale has given away a lot of the engineering for free.
However, as soon as your fork becomes incompatible with Tailscale's stack, you lose a massive value-add: proprietary platform support. Today, you can add the sale's guy's iPhone to your tailnet in seconds. If Apple's capricious automated AppStore security pulls the Tailscale app from the AppStore, Tailscale Corp is big enough to get Apple's attention. A small FLOSS group with some forked clients on github won't be able to provide this same operational stability.
I've got conflicted feels about Tailscale. I love their product and a bunch of the people I know use their free tier, including myself.
But their enterprise strategy destroys their good will. I can only assume it's focused on killing old school VPN products. The free tier that we love is a marketing expense. And it’s not even a conversion play.
People are complaining about ~10/user/month -- add basic things that you'd need to manage more than 10 peeps (SAML/SCIM support) and you're talking ~20/user/month. For us, a small sub 200 person company, they immediately lost their chance. We have lots of problems in the security space, some we're willing to spend more than 20/user/month to solve. Legacy network access is not one of them.
Good. This lets them receive some of the value they’ve created (they should get paid!) and gives certainty they won’t go out of business. Which means more Tailscale now and in future!
If they turn evil (unlikely with the current folks there) they’ve written up / open sourced plenty of what got them to this point.
Don’t capture all the value you create. But you should try to capture some.
Still can't wrap my head around that TS does not allow to signup with your custom email/password combination but forces you to use bigtech (GitHub, Apple, Meta etc.) to login. Running your custom OIDC provider as a small, private person does not make any sense either.
If they had taken just say $40 million would they be able to sustain their project for the foreseeable future and perhaps not yield as much future product direction and equity?
I honestly don't know how this big dealmaking works but it strikes me that when you take out this big of an obligation that the obligation has a gravity that may drag you in a direction you (or consumers) do not want to go.
Love Tailscale as a product (as does everyone I talk to) but genuinely want to learn more about the trade-offs as usually when we see big dollar signs all we do is celebrate.
it is a nice that they're a bit embarrassed about it and spend much of the post explaining why they took more money.
overall, they still seem to have their heads screwed on straight and have an actual business model, that is also pretty fair - charge enterprises per seat to solve their network identity problems.
anyway, keep up the good work, Avery and co.
Does anybody encounter issues with DNS after installing tailscale with it's MagicDNS enabled? It drives me nuts because my entire network just stops working. I removed tailscale but still won't be able to connect to my Ubuntu server.
Hope this means headscale involvement doesn’t get 86’d.
As I recall, a few tailscale folks contribute to this open source implementation of the “coordination server”. Apparently tailscale management approved it. So this means management at any time can revoke it, and possibly kill off self hosting of the coordination server as the open source clients become incompatible.
I don't probably use Tailscale to it's full potential but I love this tool. We have our small servers at our offices across the world and it has give us so much flexibility to access some of the files via shared drives or try out installing / testing stuff. Me and my wife also drop each other pictures of our kids using tailscale now.
Depressing news, I have no hope that the countdown to Tailscale being unusable subscription trash has not started with this announcement.
I realize this is a very ironic place to make this statement, but I am utterly exhausted by VC money destroying all of the services I enjoy, like a slow disease spreading through a herd of livestock.
Start looking for alternatives already. Nothing good came out of VC rounds and private equity for the end consumers ever.
Entshittification incoming?
This sort of thing tends to trend bad for users.
>Connecting GPUs across clouds, securing workloads across continents, migrating between cloud providers — it’s messy, it’s hard, and it breaks all the time.
Is the new fund raise to enable Tailscale perform these complex tasks or for scaling it?
I've once read few years back that seamless and secure cloud independent computing or cross-cloud system is the next frontier, and it seems it's a legit problem and a business opportunity for security company like Tailscale and Crowdstrike (investor). The record breaking acquisition of Wiz kind of cemented this problem space and the pain points, and it seems that Tailscale is riding on the opportunity [1].
[1]Google to buy Wiz for $32B (845 comments):
You are still trusting the tailscale coordination server for proper key exchange. Yes, traffic is end-to-end encrypted and the private keys stay on the device but there's no way to verify that tailscale is negotiating keys for the machine you asked for
Glass half full customer: great, the service I rely on is going to persist!
Glass half empty customer: OMFG, this is the minimal amount they are going to bleed from us over the next 5 years!
Based customer: this is just a half filled glass, full or empty is just your projection.
Tailscale deserves it. They have produced excellent software.
Funny how, as soon as I hear about a big new funding round, my reaction is sadness because I assume the product is going to start being bad and user-hostile in about 6 months. It shouldn't be that way, but it's just a reflex after seeing it happen so often.
The shift toward identity-first networking is also super interesting. Feels like we're finally moving past the idea that IPs = trust, and into a world where access control actually maps to human (or service) intent
Congrats to the tailscale guys. I remember when tailscale was not a networking company. Amazing to see where it's ended up and obviously having bradfitz onboard is useful too. I'm always curious to know what the internals of a company looks like with a lot of ex-googlers running it. Does it look like a mini Google or something else? Not sure if apenwarr is here but always interested to learn more.
Everyone is commenting on the HN headline, no one on the actual post:
> Building the New Internet
(Insert mandatory reference to Silicon Valley here :))
> We think there’s a better way forward. We're calling it identity-first networking.
I would love to see this. Every day I have to stare at YAML files with IP addresses in them is a day I will never get back. I wish cjdns[0] had succeeded already but oh well, now I hope the Tailscale guys will!
I just wished their server side was open source also
I like Tailscale and we pay for it at work but it has a number of serious bugs that affect our work that they seem to lack the resources to fix. Hopefully this helps.
As an alternative there's https://github.com/tonarino/innernet
Good call, I started using it a few months ago, and now it is something I can't live without.
Tailscale was invaluable for connecting my remote offices together. Long gone are the days of openvpn configs
What's the difference between this and say azure vent and configuring that with private endpoints
What are the failure points of hosted solutions like Tail scale versus self hosted options?
woot, woot, happy for the team. I love tailscale and can't stop singing praises.
anyone care to share how they are spending money? labor, operations (training, transfer fees), marketing & business development. It's different than industries I'm more familiar with.
Fingers crossed they’ll finally enable sending files to people
What is their use case in an IPv6 internet? Or is this another company with a vested interest in stopping IPv6 from happening?
Congrats TS. You deserve this.
congrats to the tailscale team
Even if it could mean Tailscale enshittifies eventually, this is probably a good thing for the ecosystem. As one example, the bigger they get, the more likely operating systems will build better APIs to support what they do (for example maybe Apple will provide a way to do mDNS over Tailscale), and those APIs can be used by all.
There are plenty of open source alternatives cropping up[0]. I'm curious to see what Tailscale can do with a lot of resources.
[0]: https://github.com/anderspitman/awesome-tunneling?tab=readme...
Tailscale not having reached profitability yet and having to raise more is bad news, as it increases the odds of future enshitification.
$33m/year burn accelerating to $50m+/year
Profitability and exit math just got harder
I love the service and am rooting for them - I just don’t get this cash outlay
I can’t wait to learn what I’m missing here
Enshittification will start in 3... 2... 1....
IMHO they should be a good steward and toss the Wireguard guy a mil considering Tailscale is pretty much Wireguard with a GUI on top.
[dead]
[dead]
[flagged]
[flagged]
so tailscale is selling out
that was disappointing
at least the current software is open source, so others can fork it before it closes down on itself and enshittifies.
Oh no. That's really too bad. Fingers crossed they'll beat the VC curse because it is so close to perfect as it is right now.
Tailscale just got a lot of money to keep growing. But what they are doing is more important than the money. They are helping computers talk to each other in an easy and safe way.
Before, the internet was built to connect places, not people. That made things messy. People had to set up tricky stuff like VPNs and firewalls. Tailscale makes this much easier by using your name or account, not just numbers like IP addresses.
Now, big companies and people at home use Tailscale to keep their computers and apps connected. It works without a lot of setup, and it’s safe. Even people building smart robots and AI are using it.
What’s really good is that Tailscale still helps small users for free, and they try hard not to break anything when they update their tools. If they keep doing that, they can become a very important part of how the internet works in the future.
I'm a fan of TS and have been a paying customer for work infra for almost a year now. It really is well put together and easy to use, but I do run up against some issues/complaints when diving deep that I hope they can work out:
* The pricing tiers and included features by tier penalizes you in frustrating ways. The base plan is a reasonable $6/user/m, but if you want to use ACLs to control anything in a workable way, it jumps 3x to $18/u/m. Better solutions are available for that kind of money, and I shudder to imagine what the next tier ('call us') costs.
* Subnet routing broke on Ubuntu (maybe other distros) recently, and there were no alerts, communication from TS, or TS tools to pinpoint/figure out what was going on. I stumbled on a solution (install subnet router on a Windows box), and from there I searched and found others with that issue. Lost half a day in emergency mode over that!
* Better tooling to determine why it's falling back to DERP instead of direct for remote clients. DERP relays should be an absolute last resort to provide connectivity for Business-plan-level customers (very slow), and the way TS works just assumes any connectivity is fine.
Overall, the simplicity and abstraction of complex VPN networking is wonderful, but if you have issues or advanced needs, you are immediately thrust into the low-level UDP/NAT/STUN world you were trying to avoid. At that point, you're better off using a traditional VPN (WG, OpenVPN, or heaven forbid, IPSec), because it ends up being more straightforward (not easier) without the abstractions and easy-button stuff.