If you do not trust Tailscale as a company, here is an open source re-implementation of the server called headscale. Some/all clients are open source as well. So, you can review all components yourself or pay for a professional third-party review.
Otherwise, if you take a binary blob from any origin, including Tailscale, and have it run with privileges on your server, there are few limits on what this blob can do. Yes, backdoors are technically possible, but probably bad for Tailscale’s business if that ever came to light.
I’ve always wanted to do this however do I understand it correctly that I need to host headscale on a vps server that is not in my tailnet/home network?
If you do not trust Tailscale as a company, here is an open source re-implementation of the server called headscale. Some/all clients are open source as well. So, you can review all components yourself or pay for a professional third-party review. Otherwise, if you take a binary blob from any origin, including Tailscale, and have it run with privileges on your server, there are few limits on what this blob can do. Yes, backdoors are technically possible, but probably bad for Tailscale’s business if that ever came to light.
I’ve never heard of professional third-party review of open source code. That’s a service people offer?
I’ve heard of it, but I didn’t think it was financially viable for an individual to pay for though.
I’ve always wanted to do this however do I understand it correctly that I need to host headscale on a vps server that is not in my tailnet/home network?
It can be on your home network, but it needs to be reachable via HTTPS through the internet. So yeah, a vps is probably the best option.
I dont think so. It would just require some ports open.