[Solved] Tailscale alternative recommendation

fdauti · January 5, 2025, 1:33am

I was looking for a way to quickly access the router from the phone either web or ssh. I tried Wireguard but the peer was never able to connect. My IP is CGNat'ed so port forwarding form WAN is no go either. I tried tailscale and was pleasantly surprised how easy it was to get it up and running though you are limited to 3 devices for the Free plan. What i didn't like is the high RAM usage at almost 50MB and 30MB of disk space with all the relevant dependent packages. The disk space is not yet a problem but the RAM is.

I wonder if anyone who has tried this package get similar RAM usage more important if there is an alternative package (hopefully near as simple) that you would recommend for the above.

How does it compare to ZeroTier in this regard?

slh · January 5, 2025, 3:44am

If you have IPv6 connectivity, that might already be good enough to run plain wireguard over IPv6(-only as the tunnel endpoint/ gateway address). This approach works (well enough) for me, national 4g/ 5g services do have IPv6 (around here), international roaming might not - guest WLANs/ hotspots generally do not.

Vorpal · January 5, 2025, 9:04am

I haven't tried it myself, but there is an open source re-implementation of Tailscale called Headscale. I also can't find definite information if it works on OpenWRT, if you have a spare Pi around it will definitely work on that. I don't know if you still need at least once device that has a public IP running it, the documentation isn't too clear.

enmaskarado · January 5, 2025, 2:38pm

Headscale is great, but only replaces the propietary control panel from Tailscale.
You will need to use the same client.

greem · January 5, 2025, 2:43pm

You are limited to 100 devices and 3 users on the Free plan.

enmaskarado · January 5, 2025, 2:54pm

I had the same problem with mem consumption. Tailscale is the only one that can open connections through NATs without many problems.
You can replicate something similar using Netbird + upnpc, which will save memory (Netbird uses kernel wireguard), but Netbird is still a heavy Go binary.

If your router has at least 256MB RAM, I recommend editing /etc/init.d/tailscale to add the GOGC env var, which makes Tailscale consume less RAM.
Example:

  # Starting with v1.48.1 ENV variable is required to enable use of iptables / nftables.
  # Use nftables by default - can be changed to 'iptables' in tailscale config
  procd_set_param env TS_DEBUG_FIREWALL_MODE="$fw_mode" GOGC=10

fdauti · January 5, 2025, 5:08pm

Lots of interesting info in the comments for every scenario, thanks everyone. Seems like the GOGC=10 option can also squeeze some MBs

BlueHaze · March 25, 2025, 5:43pm

If you have an external host such as a homelab or a VPS then you can use the WireGuard client to establish a session with the external host.
Your phone is then able to access the openwrt lan via ip forwarding on the external host.

Darin755 · March 25, 2025, 6:35pm

Netbird?

No matter what you do it will need ram

sppmaster · March 25, 2025, 6:52pm

I use zerotier and it requires little flash space but RAM usage is big - maybe 30-40 MB.

egc · March 27, 2025, 2:36pm

How about cloudfared zero trust?

I do not have experience with it but looks promising.

I have a VPS (Oracle Cloud free tier) on which I have setup WireGuard which can act as the man in the middle

lndlw · March 27, 2025, 3:04pm

You have two options which will work with cgnat but both require a vps to run and wireguard on your router.

Netmaker. It provides native wire guard config and can be setup on any device which can run wire guard.
Pangolin. This provides reverse proxy with wireguard.

egc · March 27, 2025, 3:18pm

Check if you have an IPv6 address, if so you can use this and there is no need to involve any third party
Nowadays many providers which are handing out a GNAT IPv4 address will hand out an IPv6 address and IPv6 PD