Work remotely or want to access your home lab from anywhere securely? Unsurprisingly, Tailscale is the top recommendation for peer-to-peer VPN to juggle containerized servers and self-hosted apps back home. No one wants to take chances when sharing such resources with family, friends, or a small team. While Tailscale is amazing, Twingate lets you employ layers of user authentication and device verification to access resources from any location.
You can use Twingate to temper down the laissez-faire approach of others and station layers of authentication. I know that Twingate is a closed-source option compared to Tailscale, yet it offers features that can speed things up with finer controls. While I am an overzealous DIY enthusiast and a tinkerer, I sometimes favor convenience. So, I tried Twingate to implement a security layer for my home lab. Let me present a few reasons why Twingate might be the best alternative to Tailscale.
4 In the search for speed and performance
Your mileage may vary
Many users praise Tailscale's readiness to be fast, but I had a better experience with Twingate. After creating a network (or organization) name, as Twingate calls it, I created remote networks, added resources, and installed software connectors on different devices. The admin controls the structure and management of the different users and resources quite straightforwardly.
When using self-hosted apps and services remotely, Twingate offers speeds and performance slightly better than Tailscale. Of course, this could also be sheer luck or a good internet connection. However, considering several other factors that might have played a role, the experience of using services and apps on Twingate was visually easy to understand.
3 Relatively better view of recent activity
The devil is in the details
In Twingate, you get the recent activity log and chart on the default Network Overview dashboard. It's quite convenient to get the lay of resource usage land. Further, you can navigate to devices, remote networks, or resources to examine the activity logs closely. Each log entry carries more details, like relay address, protocol, client device IP, event ID, user, duration, etc. Such a detailed log is quite helpful in learning usage patterns and scrutinizing the traffic activity further.
On the other hand, Tailscale offers a standard log, but it doesn't include many details. If you want to stream them in real time, you'll have to make additional arrangements and configurations to set it up. Furthermore, digging through machine names to discover the machine-specific activity is tedious.
2 Setting device-specific trusted profiles
Fine-tune the security checkpoints
Twingate's free start plan supports adding up to 5 users and doesn't limit the number of devices you can link up. That said, it offers better granularity for trusted profiles for the safety of your resources. You can configure device-specific security requirements that a user's device must pass before they access the resources. Further, you can adjust sliders for the trusted device profiles with platform and version-specific restrictions. That way, you can set up tokenized and frequent verification checks so that no one takes security lightly.
Twingate lets you harden security by setting up Trusted Profiles with minimum requirements for devices to meet. Otherwise, those devices can't access the remote network and resources. For example, you can adjust the minimum verification requirements through device authentication and layers of device-specific verification through tools like Crowdstrike, Kandji, Intune, 1Password, etc. Don't want devices from Windows, Android, iOS, or macOS on your network? You can put a platform-level block. That gives you peace of mind that no legacy device with potential vulnerabilities accesses your NAS or other self-hosted apps.
1 Adding Multifactor Authentication for better access control
Don't go overboard with 2FA
Both Tailscale and Twingate follow the Zero-Trust Network Architecture design principles. So, every device needs authentication to access the other predefined devices and services. The Access Control Lists help you to decide which authenticated devices can and should talk to each other. Twingate offers a mix of Multifactor Authentication (MFA) and tokenized verification approaches, which allow direct usage and support Identity Providers like Okta, Google, Microsoft, and others.
Twingate is a step ahead with the flexibility to set up and customize granular controls. You can define access policies and set a direct MFA for users or groups to authenticate with biometrics or authenticator apps to access specific resources. If you are the admin, you can have a centralized MFA policy per user, per device, and per resource for confidential or sensitive resources. However, setting 2FA requirements for logins and accessing resources together can wear you down slowly.
Is Tailscale the safest way to access your home network remotely?
Tailscale is easy to set up, but is that trading off your security?
Twingate can be a worthy alternative to Tailscale
If you are also building a home lab or already have one, give Twingate a try. Unlike Tailscale, Twingate manages the controllers to tunnel the traffic from your installed connectors. It handles user authentication, access policies, registering and authenticating connectors, and managing the rules for which devices and users to provide access or ban. Biometric authentication is a nifty way to motivate other users to take security more seriously. Also, Twingate offers an intuitive interface that makes it easier to understand and manage the permission models.
You can glimpse enterprise-grade security features while working on the next best app or service on dedicated computers and servers. Most importantly, the capability to set up Twingate quickly and granular access controls allows you to focus on your self-hosting journey for your home lab.