When I set out to secure remote access to my homelab, I wanted a solution that was both secure and private. Traditional VPNs were cumbersome, and I needed something that could seamlessly connect my devices without exposing my network to the internet. That’s when I discovered Tailscale and NetBird, two WireGuard-based tools that promised easy, secure connectivity.
At first glance, both seemed similar, but as I explored further, I realized they represented fundamentally different approaches to security and privacy. Here’s why I ultimately chose NetBird—and why open-source and self-hosting made all the difference.
Tailscale: Easy to Use, but at What Cost?
Tailscale is undeniably convenient. Setting it up took minutes, and I could connect my devices without worrying about manual key management or firewall configurations. For many users, this ease of use is a major selling point.
However, I quickly realized there were trade-offs:
- Closed-Source Control Plane: Tailscale’s coordination server—the core of its infrastructure—is not open-source. This means users can’t audit it for security vulnerabilities or backdoors.
- US-Based Infrastructure: Tailscale’s servers are hosted in the US, subject to laws like the CLOUD Act, which could compel them to hand over user data.
- Metadata Collection: While Tailscale doesn’t log content, it does collect metadata (like IP addresses and connection times), which still passes through their servers.
For someone who values transparency and data sovereignty, these were significant concerns.
NetBird: Open-Source, Self-Hosted, and Privacy-Centric
NetBird offered everything Tailscale didn’t:
- Fully Open-Source: NetBird’s code is publicly available under the Apache 2.0 license, meaning I could review, modify, and even fork it if necessary.
- Self-Hosting Capability: I deployed the coordination server on a German VPS, ensuring my data stays under EU jurisdiction and GDPR compliance.
- No Third-Party Dependencies: With NetBird, I didn’t have to trust a third party with my metadata. My traffic stayed entirely within my control.
Setting it up required more effort—configuring Docker, adjusting firewall rules, and troubleshooting iOS DNS issues—but the control and transparency were worth it.
The iOS Challenge: Apple’s DNS Restrictions
One unexpected hurdle was iOS’s aggressive DNS policies. Even with NetBird properly configured, my iPhone refused to respect the VPN’s DNS settings due to Apple’s „privacy features.“ Ironically, these features made it harder to use a self-hosted, privacy-focused VPN.
My solution was to use a DNS Override app, which forced DNS queries through my AdGuard Home instance. It’s not a perfect fix, but it ensured my traffic remained private.
(Tip: If you’re on iOS, try disabling „Limit IP Tracking“ in Wi-Fi settings or use a DNS profile to enforce your preferred DNS server.)
Why Open-Source and Self-Hosting Matter for Security
| Aspect | Tailscale | NetBird |
|---|---|---|
| Open-Source | ❌ Closed-source control plane | ✅ Fully open-source (Apache 2.0) |
| Data Sovereignty | ❌ US-based (CLOUD Act risk) | ✅ Self-hostable (EU/Germany) |
| Privacy | ❌ Metadata passes through Tailscale | ✅ No third-party metadata collection |
| Auditability | ❌ Cannot audit control plane | ✅ Full code transparency |
| Long-Term Viability | ❌ Vendor lock-in risk | ✅ Can fork and self-host indefinitely |
For me, open-source and self-hosting aren’t just preferences—they’re essential for any tool handling my network traffic. NetBird gave me the control, transparency, and security I needed, while Tailscale’s closed-source model left too many questions unanswered.
The Benefits of European Hosting
By hosting NetBird on a €5/month VPS in Germany, I gained:
- Full GDPR compliance and adherence to European data protection laws.
- No risk of US surveillance (CLOUD Act, FISA, etc.).
- Low latency (sub-20ms) for my homelab access.
- True ownership of my network—no third party can monitor my metadata.
Which Solution Is Right for You?
Choose Tailscale if: You prioritize ease of use and don’t mind trusting a third party with your metadata.
Choose NetBird if: You value open-source transparency, self-hosting, and data sovereignty.
Final Thought:
In an era where data privacy and security are under constant threat, tools like NetBird offer a rare combination of open-source transparency, self-hosting flexibility, and strong encryption. For my homelab—and for anyone serious about information security—it was the clear choice.
What’s your experience with zero-trust networking? Do you prioritize convenience or control? Share your thoughts in the comments!