On Wireguard and Tailscale

VPNs are pretty neat. To many peoples surprise they are useful outside of torrenting the last movie or circumventing a streaming services region lock. Maybe you like to ruin your evenings with tech support - aka homelab - and want to access your services nicely hidden away from the big bad Internet. Maybe you have a few servers in a data centre but prefer to not expose management interfaces without a second layer of authentication. Or you just want to connect to your NAS to create a backup of your camera roll. Remembering the old days when you tried to make sense of IPsec, we came a long way.

One of the questions I have seen a lot but not very well answered is what the performance and battery impact on mobile devices is using Wireguard. Especially always-on. I waited with this post a bit to have some longterm usage experience. A bit over two years. And I can say both can be neglected from my experience. I have configured the Wireguard app on my phone to be always on if I am not connected to my WiFis SSID. There is a small moment when using the phone and leaving the WiFI range, but otherwise it is not notable at all. And I have not seen any significant battery drain on iOS.

Tailscale is easy to setup and provides a ton of neat features such as Taildrop or the partnership with Mullvad. It is also by far the most user friendly VPN I can think of. Which is something that comes in handy if you want to bring non-tech enthusiasts on the network. Install the app, authenticate and you are basically done. If you for some reason do not trust Tailscale but still want to use their clients for convenience or you want to save some dollars you can even self-host an Tailscale control server and they seem to be okay with that.

If you like to tinker it is not too troublesome to configure a Wireguard network from scratch. Router software like OPNsense and some commercial routers slowly start to have support built in.

Wireguard is one of the technologies I configured once and stopped thinking about. Which is exactly what I want and expect from software. And the convenience of having access to my local infrastructure including DNS based adblocking while on the go is very welcome.