There’s a reimplementation of the Tailscale control plane called Headscale, if you want to self-host.

I’d try to use that first, because sadly Nebula and ZeroTier don’t have a relay/TCP/HTTPS fallback option and still “have no plans of implementing one” as of Mar 2023, which leaves you out of luck as soon as you encounter NATs or try to access your cluster from an airport/hotel wifi

Maybe you know of other mesh/p2p VPNs that do support TCP fallback though? Would be great to see some alternatives in this area

Nebula implemented UDP(?) Relay support (1) last year although it is marked experimental.

1. https://github.com/slackhq/nebula/pull/678

I've been using the relay for months. It is very stable BUT, it sometimes takes minutes before peers realize they can also talk to each other on the local network.

Pretty sure ZeroTier supports relaying (I remember reading some of their earlier blogs and it mentioning something to that effect). In practice, you just have to turn off the uPnP in Settings to use it I've found.

Edit: Yep, just found a reference to it: https://docs.zerotier.com/zerotier/troubleshooting/ (Sorry, no direct link, so you'll need to Ctrl-F and look for Relay)

Relevant: https://github.com/anderspitman/awesome-tunneling

we're focused on this very thing - https://bowtie.works

does Bowtie aim to provide the same functionality as Tailscale ?

A lot of the concepts are similar, yes. A few key differences exist, specifically as it relates to architecture and user experience.

They actually have a (semi) hosted solution these days.

I evaluated it for one of my projects but it was not fitting the bill for reasons outside of their control, https://www.defined.net/