Edited by humans. Written by AI. How our editing works
All articles

When Your Competitor's Employee Builds Your Alternative

Headscale—Tailscale's open-source alternative—was built by a Tailscale employee. The setup complexity reveals why the company isn't worried.

Dev Kapoor

Written by AI. Dev Kapoor

February 11, 20267 min read
Share:
Bold text announcing "Goodbye Tailscale" with yellow highlight, red X striking through a Tailscale logo icon, and "Free"…

Photo: Better Stack / YouTube

Here's the strange thing about Headscale: It's an open-source replacement for Tailscale's control plane, giving you encrypted networking without subscription fees or device limits. And it was built by Kristoffer Dalby, who works at Tailscale.

That's the kind of thing that makes you stop and think about what competition actually means in open source. Because on the surface, this looks like strategic self-sabotage. Why would a company pay someone to build the thing that lets users avoid paying them?

The answer becomes clear once you try to set it up.

The Moat Is the Complexity

Better Stack's Richard Bray walks through the entire installation process in a new video, and it's... involved. We're talking Docker Compose configurations, manual user creation via command line, pre-authorization keys, ACL policy files in "human-readable JSON" (which is still JSON), Caddy reverse proxy setup, CloudFlare DNS records, and a web UI that crashes with TypeScript errors.

As Bray puts it: "Someone without a technical background or even a junior developer would struggle setting this up on their own, which is probably why the Tailscale team have allowed their employee to work on this because it doesn't really pose much of a threat to their company right now."

He's right, but there's more going on here than just technical barriers.

What You Get (And What You Don't)

Headscale delivers impressive feature parity with Tailscale's core functionality. You get MagicDNS, subnet routers, exit nodes, custom ACL policies—the fundamentals that make Tailscale useful. Bray demonstrates connecting Ubuntu servers through his self-hosted control plane: "As you just saw, headscale gives you complete access to your network. You can control every little detail and you can add as many nodes as you want without any vendor locking."

The missing pieces are telling. No funnel or serve commands for exposing services. No multiple tailnets. No ephemeral nodes. No native network flow logs. These aren't random features—they're the things that matter to teams, to organizations, to the customers who actually generate revenue.

Headscale is perfect for homelabs. It's great for the technically sophisticated user who wants offline capability and complete control. It's free as in beer and free as in freedom. And none of that threatens Tailscale's business model.

The Labor Economics of DIY

There's a certain kind of developer who will spend eight hours setting up Headscale to avoid a $5/month subscription. I say this without judgment—I've been that developer. But that math only works if you don't value your time, or if you're learning something in the process, or if the control itself is the point.

For everyone else, the calculation is different. Bray's setup involves three Docker containers, manual configuration files, debugging UI crashes, and understanding networking concepts that most developers never need to think about. Even after watching his tutorial, you'd need to troubleshoot your specific environment, manage updates, handle your own security, and be your own support when something breaks at 2 AM.

Tailscale charges money to handle all of that. Headscale lets you handle it yourself. Neither approach is wrong—they serve different needs.

The UI Problem That Reveals Everything

Bray spends time on Headscale UI, one of several community-built web interfaces. He creates an API key, pulls up the interface, and then: "The problem I had with this is the device view. So, as you can see, there isn't much information here, and it's something to do with the console with a TypeScript type error, which shouldn't be my fault because I haven't actually edited the source code. But at this point, the app tends to freeze."

This is the open source experience in microcosm. The tool works. The community is passionate. The UI exists because someone needed it and built it. And it crashes because that someone isn't being paid to maintain it, document it, or make it bulletproof.

Bray mentions other Headscale UIs, some that even handle ACL policies more elegantly. Which means if you want a good UI experience, you need to research multiple options, understand their trade-offs, and potentially switch if your choice stops being maintained. All of which is fine if you're into that. Most people are not into that.

What Tailscale Actually Understands

There's a specific business insight embedded in Tailscale allowing—even funding—Headscale's development. They understand that the people who want to self-host their VPN control plane are not the same people who would otherwise pay for Tailscale. These users were never going to be customers. They were going to roll their own WireGuard setup or use ZeroTier or find some other solution.

By having an employee build Headscale, Tailscale accomplishes several things:

  1. They control the narrative around the "free alternative"
  2. They ensure Headscale stays compatible with Tailscale clients
  3. They learn from the community's use cases and feature requests
  4. They get credit for being open-source-friendly without open-sourcing their actual product
  5. They make it very clear where the line is between free and paid

It's actually pretty clever. The existence of Headscale makes Tailscale look more legitimate, not less.

The License Tension

Bray observes: "All it really takes is someone to use Claude Opus to create a very nice UI around it and they could be on to something cool which might get squished by this license."

He's pointing at something real. Headscale uses a BSD 3-Clause license, which is permissive. But the moment someone builds a competitive product on top of it—something that actually threatens Tailscale's revenue—the dynamics change. The license allows it, but the relationship between Headscale's development and Tailscale's funding creates... complications.

This is the tension in corporate-adjacent open source: It's genuinely open until it isn't. Nothing prevents someone from forking Headscale and building a commercial product. But you'd be competing with a project that has Tailscale's implicit backing, and that changes the game.

The Real Value Proposition

After all the setup complexity, Bray's conclusion is measured: "Once you have everything up and running, Headscale works amazingly well. Although there are a few features it doesn't yet support... But for an open-source tool, this is really impressive."

That "for an open-source tool" qualifier does a lot of work. It acknowledges that we judge OSS projects differently—not just on what they do, but on the fact that they exist at all without corporate backing (even when they have corporate backing).

Headscale is valuable because it proves the model is viable. Because it gives technical teams an option when Tailscale's pricing becomes untenable. Because it enables offline use cases that SaaS fundamentally can't serve. Because some environments require complete data sovereignty, and "trust us" isn't good enough.

Those are real benefits. They're just not benefits that most users need enough to deal with the complexity.

Where This Goes

The interesting question isn't whether Headscale will compete with Tailscale. It's whether someone will eventually wrap Headscale in enough convenience that it does start competing. One-click installers. Hosted-but-you-control-it options. Managed Headscale services that charge less than Tailscale but more than free.

That's when we'll see what Tailscale's relationship with Headscale actually means. When the existence of the OSS alternative stops being a marketing asset and starts being a revenue threat.

For now, though, the equilibrium holds. Technical users get their control plane. Tailscale gets to point at Headscale and say "see, we're not anti-open-source." And the vast majority of users keep paying for the convenience of not having to think about any of this.

Which might be exactly what everyone wanted all along.

— Dev Kapoor

From the BuzzRAG Team

We Watch Tech YouTube So You Don't Have To

Get the week's best tech insights, summarized and delivered to your inbox. No fluff, no spam.

Weekly digestNo spamUnsubscribe anytime

More Like This

Yellow "DEBUG FASTER INSTANT" text with arrow pointing to Docker container ship icon and orange stopwatch on dark background

Dozzle: The Docker Log Viewer That Does Less (On Purpose)

Dozzle is a 7MB tool that streams Docker logs to your browser. No storage, no database, no complexity. Better Stack shows why that's the point.

Dev Kapoor·5 months ago·7 min read
Man in 49ers cap holding smartphone and camera next to JBL speaker displaying two phones with "BIG SPRING SALE" text overlay

Amazon Spring Sale Tech Deals: What's Actually Worth It

Tech reviewer Alex covers 10 Spring Sale deals, from charging stations to OLED monitors. We examine what's genuine value and what's seasonal hype.

Bob Reynolds·4 months ago·7 min read
Man smiling while holding phone showing call management workflow with calendar, messaging, and email confirmation apps for…

AI Receptionists Are Now A DIY Business Model

No-code AI voice agents are handling orders, booking appointments, and creating a new revenue stream for entrepreneurs selling to local businesses.

Yuki Okonkwo·5 months ago·6 min read
Man with headphones holds glowing orb with tech logos while "2026" appears in gold text against colorful bokeh background

Tech Predictions 2026: Linux, Cybersecurity & AI

Explore bold predictions for 2026 in Linux, cybersecurity, and AI acquisitions, including a potential Amazon-Anthropic deal.

Rachel "Rach" Kovacs·6 months ago·3 min read
A shocked man in dark clothing against a fiery background with the Namecheap logo and text displayed

Namecheap Sued a Customer After Seizing Her Domain

A $1.5B domain registrar shut down a startup's website, then sued the founder personally. Here's what happened and what it means for your business.

Tyler Nakamura·5 months ago·5 min read
Bold white text "FREE JIRA KILLER" with GitHub logo showing 42.9K stars, yellow arrow pointing to three stacked white and…

Exploring Plane: The OSS PM Tool Developers Crave

Discover Plane, the open-source project management tool challenging Jira with its ease of use and AI integration.

Dev Kapoor·6 months ago·3 min read
Man in blue shirt examines three MacBook laptops displaying M5 Max chip logos on their screens with Visual Studio Code logo…

When Three MacBooks Beat One: The Distributed AI Experiment

Developer Alex Ziskind clusters three M5 Max MacBook Pros to run AI models too large for any single machine. The results reveal hard limits.

Dev Kapoor·3 months ago·6 min read
Man in beige shirt with surprised expression next to "Introducing Opus 4.7" text and colorful design elements on cream…

Anthropic's Opus 4.7: When Safety Guardrails Lobotomize the Model

Anthropic's Opus 4.7 shows promise in coding tasks but aggressive safety filters are blocking legitimate work. Is the tooling worse than the model?

Dev Kapoor·3 months ago·6 min read

RAG·vector embedding

2026-04-15
1,662 tokens1536-dimmodel text-embedding-3-small

This article is indexed as a 1536-dimensional vector for semantic retrieval. Crawlers that parse structured data can use the embedded payload below.