I recently switched to Tailscale, and it was magic.
It's very easy to recommend it to any non-tech user as well who wants to "connect to home". Well worth paying for in those cases.
But, Tailscale had so much magic, that I didn't want to be solely dependant on it, remembering how Docker is turning out.
Finding Headscale was a great discovery, and nice that the Tailscale clients already maintained can connect to a separate open-source project that lets you run your own server.
I would love and pay for Tailscale if they could solve the battery consumption issue on iOS. The bug report has been open for years now, they created a special TestFlight version with logging enabled for them to track it down, and no news since. If I forget to turn it off, I'm down to 0% battery in 12 hours of standby.
The drain is not because of Wireguard. It's because it's a mesh. Anything peer to peer or mesh has battery consumption issues on mobile, and it's very hard to get around it. Tailscale, ZeroTier, and any other mesh VPNs all have this problem. If Netbird is a mesh it will have this problem too.
The reason is that we've broken the Internet such that all connections require keepalive about every 30 seconds. Otherwise NATs and stateful firewalls "forget" the connection and it dies and must be renegotiated. So if you have, say, 10 actively linked peers on your network you must send 10 packets every 30 seconds to keep links open.
Then you have all the other peers constantly sending keepalives to you. Since clocks are not globally synchronized it means you are constantly transmitting and receiving.
Phones can only seem to have long battery life due to aggressive power saving measures including turning off radios when not in use. Constant P2P traffic prevents the radio from sleeping and consumes background CPU. On devices with large batteries like laptops it's barely noticeable. On desktop and cloud it doesn't matter at all.
Mobile devices are really only suited to be dumb terminals to access the cloud. The problem is mostly in the architecture of the network. It can't easily be fixed in software.
Edit: one conceivable fix would be the introduction of an ultra low power side channel specifically for small and sparse "control" messages, but I don't see mobile carriers working on such a thing. For 99.9% of mobile users the use case is to scroll TikTok.
The other fix would be a protocol to tell NATs and firewalls about active connections, but that would also require cooperation across vendors and so it won't happen. People who think NAT matters for security would freak out too.
No. Usually there's a stateful firewall on at least one side that requires keepalive.
IPv6 does massively help in the area of P2P connection setup since usually there is either no NAT or 1:1 NAT (no port remapping). Connection setup works virtually 100% of the time, but you still need keepalive.
Basically we broke the Internet as an end-to-end network because endpoint devices were not secure and it was easier and faster to stuff middle boxes into the network than secure them. Today the situation is better but there are still enough misconfigured and old systems and grossly insecure IoT devices on modern networks that we can't really take away firewalls.
The Internet is unplanned development. It looks like the wiring in a third world slum, not like an orderly planned system where engineers designed things up front.
You can experiment with "network nudism" as I've heard it called, but first you have to make sure everything on your network is up to date and not running any services that you don't need or aren't secure. This involves nmapping your network, cataloguing everything on it, etc., and is beyond what most people can do. Even most network admins would have a tough time fully cataloguing all devices on a corporate network. It's tough to keep track of.
At least for me, it's even worse. It's not enough to disconnect on the app, as it's still connected as far as iOS is concerned (check Settings -> VPN). I tried many things to fix that - force-closing the app, switching it off multiple times in settings, etc. The only thing that actually makes the VPN to disconnect and the battery drain to stop is to choose a different VPN profile in Settings.
That's progress but I'm not sure how that helps much unless I select "Do Nothing" on Wifi and Mobile, and set to "detect Magic DNS", but that will only do me any good if I use magic DNS which I don't.
It's very easy to recommend it to any non-tech user as well who wants to "connect to home". Well worth paying for in those cases.
But, Tailscale had so much magic, that I didn't want to be solely dependant on it, remembering how Docker is turning out.
Finding Headscale was a great discovery, and nice that the Tailscale clients already maintained can connect to a separate open-source project that lets you run your own server.