P2P networking solutions
Why this now?
I spend quite some time manually configuring wireguard networks. Exchanging keys, being frustrated at NAT setups, etc. So the idea of p2p networking (encrypted obviously) holds a certain appeal. Every once in a while I return to this subject, investigate my options and stay with wireguard.
Candidates
I gathered a number of candidate options in no particular order, mostly by searching online. Maybe reading some discussion forums, etc.
Tailscale
Tailscale is basically spicy wireguard. To me the added value is the fact that it can do hole punching, and nothing else. There is an open-source implementation of the closed-source control server called headscale.
Actual Tailscale
It's nice, but it's not open. And I'm not comfortable with that ideologically, ethically and objectively. The latter because without any insight of what goes on in that control plane I simply have no guarantee things are going to be going well. The client for windows is also closed source, which is similarly not great. But if the control plane and other clients are open, maybe I can make peace with the fact that windows is once again kind of shit. Maybe route things through WSL or something. I don't know.
Headscale
I was initially pretty excited about this but the project has an impressively long backlog of pull requests, of which a significant fraction appear to be AI assisted or even entirely AI produced. On top of that, there are some serious open unresolved problems (for example related to performance). I did not investigate it further than that.
Zerotier
It's not open source, but there is a super old fork (from 2019) from before it switched to a closed license that may still be usable. I did not yet have the energy to figure out if there were any inherent issues solved in the intervening 7 years.
Nebula
Slack has made this and it's pretty baroque to use (with a CA and everything). Kind of a pain in the ass to set up, the license is bad and there's a ton of open issues and pull requests. In that sense the problems are similar to headscale.
Yggdrasil
Conceptually exactly what I want, but the windows client had esoteric connection issues and even on the platforms where it did seem to work the internal routing does not appear to actually make my traffic go to where it needs to go. I've been following this project for a while, I hope it eventually gets there.
Concluding
I'm inclined to still say wireguard is the go-to platform. Tragically that leaves a serious lack of NAT hole punching (that's applicable between every platform I'd use it on - linux, windows and android). I guess I'll have to learn to live with that.