Alternative to Headscale? - eviltoast

Hi all,

I very briefly kicked the tires on Headscale, and whilst it certainly seemed very impressive, I did have a few concerns.

Primarily, that non-admin users don’t seem to need to consent to having config changes applied to their devices. Whilst it’s assumed admins are trustworthy (I’d like to think so!), it just struck me as not the way I’d want something to function when it comes to direct access between devices, routes etc. It also doesn’t seem like it logs and tells users when something has changed, so shenanigans could occur, and the user would be unaware of it, especially if it got put back to its prior state of config.

Also seems to lack a self-service aspect to it, where if a user got a new device or had to reinstall their OS and had no backups then they’d need to ask me to be added back to the mesh. Ideally, a user would be able to add their own devices to their own group and allow interoperability between their own devices, but selectively open up access to specific devices to others not owned by them without me needing to configure it for them.

Ideally, I’m looking for something that’s equally performant, available on plenty of different OS, allows users to understand and consent to config changes, and also manage their own devices.

Our primary usage scenario is working remotely together via a few bits of software that don’t have WAN features or servers and only allow real-time collaboration via LAN.

There’s every chance I’m completely wrong about all the above too!

  • Reverent@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    sounds like you just want wg-easy.

    Most of what people consider essential features to scale an organisational VPN you have listed as a detraction, so just keep it simple and hand out wireguard configs.