Tailscale users: "Cool, you do Wireguard!" @Tailscale in reality looking like: 95% NAT traversal & other packet routing, 4% oauth/2FA stuff, 1% WireGuard on top. (And the 95% part ain't done yet.)

That's just because the WireGuard part already works. :) And the IAM part has certainly been more than 4% of the time so far. More to do too.

"Never let the truth get in the way of a good story!" The IAM/2FA/SSO/ACL/etc stuff might be tedious but it's at least not full of surprises? Mostly just work, no?

We get to integrate with a ton of systems that break each of those specs in their own unique way. Certainly more mundane than kernel NAT machinery arcana, but very time consuming.

What is certain is 95% isn’t done yet.

this reminds me, please LMK when employee-only Tailscale swag is available so I can grovel for it / add it to my swag collection list

Strictly speaking I think they are all spec compliant because the oauth2 spec left out so much stuff. Same net result, except this way all the providers have the moral high ground.

IPv6 needs to be our future. Tired of NAT already

IPv6 will be but one of the tools in our connectivity arsenal.

X.25 over barbed wire?

Don’t worry! IPv6 is already our future. Always will be.

libp2p for hole punching?

I was about to ask the same