VPN made simple

VPN made simple

The name “virtual private network” sounds quite complex: it’s virtual, it’s private, there’s a network—and it’s protecting you.

For us end users, the “VPN” is typically just a simple “secure tunnel.”

Through this tunnel, we can communicate. Because we’re inside the tunnel, the only visible thing to an observer is that a tunnel exists and when we use it. The observer cannot read or see the content being transferred in the tunnel.

If multiple tunnels come into play and you can hop from island to island—even into the internet—then we’re talking about a real VPN setup.

In many cases, VPNs designed for end users have a “star” architecture, where all users connect to a single hub. To gain resiliency and offer service closer to the user, companies often provide multiple hubs. Proximity matters, even on the internet.

I stumbled upon a service that makes setting up VPNs amazingly simple, which is not typically the case by default. Managing internet (or general network) connectivity and routing is logical but requires a lot of knowledge and time. It’s easy to overlook something and end up with an insecure or non-functional setup.

Because VPNs (or secure tunnels) are temporary and the endpoint is often in an uncontrolled network—for example, a public Wi-Fi—authentication and access control require significant attention, too.

Eventually, the end user enters the picture. They will only adopt a solution if it doesn’t impede their ways of working—at least not too much.

If you run services in your home network, you might want to access them when you’re away. At the same time, you don’t want to expose those services to everyone on the internet. If you do, you can be 100% sure that people will try to access or breach your service (or break it, just for fun).

I wanted to access my home assistants, which I use for myself and for family members’ apartments. Out of curiosity, I typed “vpn” into the embedded app store, and up came: Tailscale.

When I looked into Tailscale, I saw it’s a front end for WireGuard, a VPN tool I’ve always wanted to try (I’m currently using OpenVPN).

My trial with Tailscale was bliss. Signing up took seconds, integrating my server, adding the home assistants, my laptop, and our mobile devices took just a few minutes—instead of the hours or days it would take to set up everything myself.

Because Tailscale creates a mesh network (as opposed to a star network), all devices can communicate with each other. And because the Tailscale team seems to think everything through to the end, you can even use your devices as internet breakouts. That means you can surf the internet through any connected (non-mobile) device with the flick of a switch in the easy-to-grasp user interface.

Tailscale offers a basic service for private use for free, and even the packages for small groups are more than fairly priced when you consider the effort saved compared to setting up a VPN yourself. Plus, setting up the VPN is just the start—Tailscale also takes the ongoing network maintenance off your shoulders.

In conclusion, I have yet to see another VPN service that’s both so supportive of open source and so ready for the enterprise. If you run Apple, Google, or Microsoft environments, your user management ties right into Tailscale’s integrations—lovely.