Yeah it’s wireguard under the hood iirc, so you probably could put in effort in order to achieve roughly what tailscale does, if you have the knowledge and time involved in doing that. I don’t think there’s any secret sauce that would be impossible to someone to DIY.

I don’t blame people for being skeptical, especially those of us in the Linux, FOSS, and self-hosted world. I was skeptical too, because part of the reason I wanted to self-host was to move away from a dependency on companies, and I’m weary of the mere possibility of tailscale’s eventual capitalist enshittification. But after trying it, I have to admit that it’s been a game changer for me.

For me personally, tailscale is just an easy out-of-the-box solution that works well for what I want it to do (give me encrypted access to my server from anywhere in the world). I’m not so good at networking that I could get anywhere near the level of convenience that tailscale affords me, and I have too many other projects that I want to do before reinventing tailscale for myself. So instead I have a small free tailnet with all of my devices (and a couple other users’ devices), and it has totally changed my relationship with self-hosting and my server.

In my view, It’s a pretty good deal, for now at least.

Do you actually want to expose the things to “the internet”, or do you just want yourself (and an approved set of other users) to be able to access them from outside of your network?

If it’s the former, you’re going to want to learn about DNS, NAT, exposing ports, firewall settings, and network monitoring.

But if it’s the latter, then I recommend checking out tailscale because that gives you and some friends LAN-like access with a great internal DNS and it works really well.