I use Headscale, but Tailscale is a great service and what I generally recommend to strangers who want to approximate my setup. The tradeoffs are pretty straightforward:

• Tailscale is going to have better uptime than any single-machine Headscale setup, though not better uptime than the single-machine services I use it to access… so not a big deal to me either way.
• Tailscale doesn’t require you to wrestle with certs or the networking setup required to do NAT traversal. And they do it well, you don’t have to wonder whether you’ve screwed something up that’s degrading NAT traversal only in certain conditions. It just works. That said, I’ve been through the wringer already on these topics so Headscale is not painful for me.
• Headscale is self-hosted, for better and worse.
• In the default config (and in any reasonable user-friendly, non professional config), Tailscale can inject a node into your network. They don’t and won’t. They can’t sniff your traffic without adding a node to your tailnet. But they do have the technical capability to join a node to your tailnet without your consent… their policy to not do that protects you… but their technology doesn’t. This isn’t some surveillance power grab though, it’s a risk that’s essential to the service they provide… which is determining what nodes can join your tailnet. IMO, the tailscale security architecture is strong. I’d have no qualms about trusting them with my network.
• Beyond 3 devices users, Tailscale costs money… about $6 US in that geography. It’s a pretty reasonable cost for the service, and proportional in the grand scheme of what most self-hosters spend on their setups annually. IMO, it’s good value and I wouldn’t feel bad paying it.

Tailscale is great, and there’s no compelling reason that should prevent most self-hosters that want it from using it. I use Headscale because I can and I’m comfortable doing so… But they’re both awesome options.

I started using my own WireGuard config instead of using tail scale. Works great for me, though it does take more work up front.

I use Tailscale as is. Mainly to connect to my devices but also for fancy stuff like this:

Some of my servers are only available via Tailscale. They don’t have any open ports to the internet. Even authentication to these servers via SSH is handled by Tailscale SSH.

I have some SMB shares on my local server and I gave access to it to some friends via Tailscale by sharing said server and lock it down ACLs. So people that have “shared” access can only access the server via SMB’s ports.

One more thing I wanted to use but then stopped screwing around with it: Tailscale Funnel. I wanted to access some local webservices on my server via the internet without connecting to Tailscale first but also without opening ports on my local router. The downside of Funnel: no custom domains (yet). This means I would have to use their Tailnet name instead. Instead I went with Cloudflare Tunnel.

One more thing that was annoying with Funnel: I wanted to use tsnet for quick file shares via a very basic HTTP server. Tsnet created “virtual” machines within mail Tailnet which I could then funnel to the internet. Unfortunately, Tailnet DNS propagation is absurdly slow. It’s not really made for on-demand funnel usage. It would work just fine while being connected to the Tailnet via Tailscale, but not via Funnel over the internet.

All in all, I’m super happy with Tailscale. Setting things up was so absurdly easy and it just works.

Honestly the main reason to use Tailscale for me is that it handles all the setup itself.
I don’t really see the point in Headscale. If I wanted to worry about hosting and configuring I’d prolly just setup regular Wireguard.

If you want to really get into it, you can just hose a wireguard instance in a LXC then use iptables for all your routing.

Relies only on FOSS software and gives you a pretty high level of control, but obviously is less intuitive

How does it compare to ZeroTier?

I am using headscale without any issues

Hosted headscale for quite a while, it works great and there is plenty of help in the discord if you need it.

use installed on edgerouter-x, no problem, efficient and functional

I’m a newbie in self-hosting and Tailscale is super powerful for me. Everything at home is accessible on my phone, mainly music server and radarr/sonarr for watching show on the go. No need for subdomain or reverse proxy.

I’m new with Tailscale. I understand that they don’t manage accounts and require another service like google or apple. That initially turned me off. Then I set up via my sso provider and works great.

Tailscale just works, I recently tried netbird and netmaker. I did not manage much with the first but netmaker instead seemed even easier to manage than tailscale, being faster at the same time. Unfortunately it failed with peers behin my corporate NATwhich tailscale can bypass with its own relays. But for others it can work very well.