What's the main differentiator between Tailscale and Netrinos?<p>Edit: Just found this post <a href="https://netrinos.com/blog/tailscale-alternatives-2025" rel="nofollow">https://netrinos.com/blog/tailscale-alternatives-2025</a>, so it looks like main differentiator is pricing right now.
Well, I wish you the best with this - but I really don't understand the target market.<p>The obvious competitor here is Tailscale. But let's say, reasons, and Tailscale isn't an option. Then you go down the path... TwinGate, Teleport, Netbird, Pomerium, Netmaker, ZeroTier, etc...<p>Even the initial pricing and free tier are you're up against are going to mostly be a deal breaker compared to what's out there.<p>Trusting a VPN provider is a lot. If you're running the control plane - why should I trust Netrinos?
"Well, I wish you the best with this - but I really don't understand the target market."<p>"After years of SSH tunnels, IPsec headaches, and the ssh log horror movie, I wanted something simpler: install, sign in, get work done."<p>"Target market" could be the author<p>There's no good reason to discourage people from writing overlays, unless one is doing so for commercial (i.e., anti-competitive) reasons<p>A more interesting question might be, "In your opinion, what is unsatisfactory about XYZ that does essentially the same thing"<p>For example, one might be a Layer 2 overlay whilst the other is Layer 3<p>Maybe we'll never have web browser diversity (or meaningful competition) as the web browser has become an instrument of surveillance and advertising controlled by "Big Tech", but overlay diversity (and competition) is still a possibility<p>If everyone thought IPsec and OpenVPN was "good enough" then Wireguard and Tailscale would not exist<p>I still use an unpopular non-commercial L2 overlay from before Wireguard existed that is smaller and faster than anything else I have ever seen<p>IMHO, the more overlays that exist, the better
Isn’t that true for any new service out there? What’s the market for a search engine? And yet kagi.com is a thing.
Kind of confusing to expect zero competition for a valid opportunity, then you're a category founder with an uphill battle to educate the customer for free, fail, and let the next co swoop in.
The "No IT Department" part of your marketing immediately turns me off because that's actively encouraging "shadow IT".<p>We all get that sometimes companies have IT policies which are outdated and get in the way, but that's a problem for someone up the chain to solve. A team or department deciding to just start doing their own thing with something like this which isn't managed by or even known about by the official company IT is at best a path to future problems if not an immediate compliance problem.
Compliance, "up the chain", "department", "the official company IT", etc...<p>These are all things that the target audience either doesn't have, or doesn't want. If the above words are important to you, then you're probably not in the target market.
Or it’s a small enough company without an IT department.<p>Think of an SMB where you might know you need to do something (like connect a new store location to the server in your main location’s closet), but don’t know how or can’t afford to hire an IT person full time. This is probably the main market for this. Then once you get more buy in, experience, and reputation, this VPN could stay to see larger clients. That’s at least how I’d expect to see this grow.
IT is sometimes dysfunctional and management doesn't care.
[dead]
I really like your fair differentiation and feature comparison vs Tailscale, netbird etc.<p>Love to see the ecosystem of wireguard based services growing into different business segments, i.e. you targeting SMBs/small teams.<p>Not for me, but legitimate use case and product :)
The GitHub link on your website is 404 (<a href="https://github.com/netrinosnetwork" rel="nofollow">https://github.com/netrinosnetwork</a>)
Yep. Stating Github and providing a non existent Github link is a serious redflag which brings trust issues.<p>Either provide the Github (for whatever reasons) or remove the link from your website. I am assuming it is closed source.<p>Personally I don't trust new VPN solutions without published source code!<p>Alternatives: Tailscale with Headscale or better Self-hosted Netbird if one is a itty-bitty IT savvy.<p>Netbird (self-hosted) offers a lot lot more with the self-hosted solution.
- SSO
- Independent networks
- Superb policies / ACLs
- Keybased onboarding
- auto-expiration and a lot more like integrations and what not!<p>Tough to beat the Netbird Open source offering if one tends to spent a little time and effort (though not everyone's cup of coffee!)<p>Such can look at tailscale's offering since the free version of Tailscale offers more than what is offered here and all the client applications are open source and constantly updated.<p>If pricing is going to the only difference, (at a high level, everything under the hood looks similar - wireguard based, zero config, p2p mesh, port forwarding etc etc.,) bring a lot more trust by offering an open source version like others.
Can anyone explain to me (someone not so network security savvy) if there are any privacy or security concerns using a wire guard provider like this?<p>As I understand it, with traditional VPNs, you basically have to trust third-party audits to verify the VPN isn't logging all traffic and selling it. Does the WireGuard protocol address theses issues? Or is there still the same risk as a more traditional VPN provider?
This is not providing the same functionality as a "traditional VPN," in the sense that it does not do anything to your traffic going to the wider internet. With popular VPN services, they are an encrypted tunnel for all your internet traffic (some use the same protocol, WireGuard), but at the end of the tunnel they decrypt the message and send it to whatever website you requested, which is exactly what can cause those privacy issues you describe.<p>In this case, though, it creates an encrypted tunnel _only between your own devices_. This allows you to connect to all your devices, home desktop, phone, laptop, as if they were on the same network, allowing you to do fairly sensitive things like remote desktop without having to expose your machine to the public internet or deal with firewall rules in the same way.<p>Assuming this project is legitimate, then the only traffic this service would even touch would be those between your own devices, nothing related to public internet requests. And, on top of that, the requests should be encrypted the entire way, inaccessible to any devices other than the ones sending and receiving the requests.<p>There are many caveats and asterisks I could add, but I think that's a fairly straightforward summary.
To clarify, one of the big advantages of a Mesh VPN is that the traffic does not flow through the VPN provider at all. WireGuard encrypts the traffic from device interface to device interface. The connections are point-to-point and not hub-and-spoke. This is both faster and more secure.<p>If a direct connection cannot be established due to a very restrictive firewall or a messed-up ISP modem, it will fall back to a relay server. But in that case, the relay relays the traffic, but it does not have the keys to read it.<p>You can learn more here:
<a href="https://www.wireguard.com/" rel="nofollow">https://www.wireguard.com/</a><p>TL;DR WireGuard itself is a relatively small project at roughly 4,000 lines of code. It has been thoroughly audited and is even built into the Linux kernel.
Naive question here: with WireGuard VPN, does all traffic route through the VPN or only those packets bound for the other devices in the mesh?
WireGuard itself can be configured to work either way.<p>Our target market is smaller teams and people with limited IT skills. So, we chose not to send all traffic through the vpn. The only traffic going through the VPN is traffic to and from your other devices (in your account). Internet access is still through your default network.<p>In the Pro version, you can route specific destinations through other peers, also belonging to you. An example use case here would be accessing your web banking while on vacation in a distant country. You would route your bank website through your home connection.<p>Similarly, our access control is only restricting traffic that comes from your devices on the wireguard network. We do not interfere with the settings of your own personal firewall.
For WireGuard in general, you provide it an AllowedIPs config which is a list of CIDR ranges that should be routed across the link. That could be `0.0.0.0/0` (aka everything), a single subnet, a union of several, or even individual IPs. This config is technically symmetric between the endpoints, though a prototypical implementation of "individual clients enable the VPN to access the internal network" may limit the "client" AllowedIPs to an individual address.
Any plans for Exit Node capability (traditional egress VPN)?
Seems similar in purpose to <a href="https://vpncloud.ddswd.de/" rel="nofollow">https://vpncloud.ddswd.de/</a>
>We use STUN-style discovery and relay fallback<p>How does your relay compare to Tailscale's (DERP)?
We use a different approach than DERP.<p>Netrinos uses a central rendezvous server that participates in WireGuard handshakes solely to collect the public endpoints of your devices and share that information with your other devices. When a device roams to a new location, the server learns the new endpoint and updates the other devices in your account.<p>The server cannot route or forward WireGuard traffic. Its sole purpose is endpoint discovery.
Full disclaimer: huge Linux fanboy here.<p>Not really related to the product itself, but your landing page design looks close to the official Microsoft style which I dont have the best memories of..<p>It might be intentional to show the "seamless integration" to Windows users but my penguin loving soul got scared!
Thanks for that feedback. I share your feelings about Linux. It never occurred to us that it would be reminiscent of old MS days. We were going for "clean and uncluttered".<p>If it makes you feel better, all core development for Netrinos is done on Linux. Then, the code is adapted to work on macOS and Windows. Almost all of the code is cross-platform, including the UI. Only the implementation details are platform specific.<p>e.g. Linux uses nftables. MacOS uses pfctl. Windows, we had to write our own packet filter to avoid touching the often misconfigured Windows Firewall.
I use Twingate both for personal use (my home) and to access AWS EC2 servers (no public ips) and really love it. Very polished, easy setup. How does Netrinos compare?
[dead]
[dead]
[dead]