Yep it doesn't work on iOS, hopefully the Tailscale team add a similar debug menu that they added on Android and make the login server URL configurable through there, or a working configuration through a .mobileconfig would also be fine!
I wonder why they don't open source the iOS client like they do Android. There is precedent for open source iOS apps still available on the App Store, so that's not a limitation. I would gladly dedicate some time to adding this as a PR (as I'm sure a million others would, too).
> I wonder why they don't open source the iOS client like they do Android.
Mostly because developing for iOS and macOS is terrible, especially when your app needs to have "entitlements". Tailscale uses a "Network Extension entitlement" which is linked to our corporate Apple account. Even onboarding new employees and getting them up to speed on xcode/macOS/iOS development is painful. It often requires a bunch of messing around with Keychain and random reboots (not just Xcode restarts!) because something in the macOS kernel gets confused. For some development we also need to disable System Integrity Protection. And make sure there aren't duplicate copies of certain files between /Applications and ~/Library/Developer/whatever.
And then once you get it all working, some cert or login or something in Xcode or Keychain expires in a few months and you have to re-learn the whole esoteric dance once again.
The whole process of developing Network Extensions is pretty terrible.
Even if we open sourced it, you couldn't just git clone it & hit play in Xcode. Even if you paid Apple $100/year, you still couldn't, because your Apple account isn't blessed enough with the right to use a Network Extension.
It's hard enough for us to support Apple platform development internally without helping the world learn Xcode/code signing/entitlements/Keychain.
I've been and remain a huge open source fanboy for about 25 years now. If I thought we or the community would benefit from it being open source, I'd argue for us open sourcing it. But it just doesn't seem worthwhile. Or maybe I'm just still angry at the platform.
Definitely appreciate the reply, and I don't mean to trivialize network extension development on iOS. You may still be angry at the platform, and on the other side of that coin, I'm a fan of yours who just wants to use this same feature on iOS that Android got. But again, I appreciate being a small team and wanting to focus on dev experience. If there's any hope to prioritize custom endpoint config on iOS, that would be great, and I'd be quick to use it!
For what it's worth, my want is to use Tailscale (or similar) for a family setup, which ends up feeling like enterprise to me as a tech guy, but without the pricing of it. Things like SSO are big to me, but I can't justify paying enterprise pricing for it. If there was such a plan, I'd be your first customer.
That is totally fair. I will say that I got quite a lot of value from being able to see how tailscale-android works when building my own gioui app[0]. I suspect that being able to see the same thing for a modern iOS app would be useful to some small set of developers, even if they couldn't produce a fully working tailscale binary on their own dev machines.
It really does feel like Apple just doesn't care that their app policies are hostile to developers because they have such a strong monopoly on mobile app distribution.
Keep in mind that for security sensitive applications, being open source isn't necessarily solely about me wanting to build and run my own copy, it’s also about verifying the code yourself. I know that breaks down because without verified/reproducible binaries (impossible with app store distribution afaik) you could still publish malicious nonsense, but assuming that you publish what’s in the repo, being able to verify the code functions how you say it does is not nothing.
I have dealt with mac/iOS network extension BS before too so I feel you there. But, on that front, it also means I’d know a bit about what’s going on and find the code insightful.
Then, as a Tailscale customer for business, it'd still be great if you would prioritize the MDM stuff for my personal uses. Or just expose a field in the settings, even if it's behind some hidden menu.
That makes sense and seems like a legitimate line to draw. Being a little bit of a pain, I would point out that the Google Play store and Google's components for Android are not open source. If you're willing to make Tailscale available via Google Play, and open source the client, maybe iOS can as well? And while we're at it, macOS apps can be installed out of band of an app store, so maybe that can be open, too. It could even share a codebase these days.
I'm not a Tailscale employee, but Tailscale works on FireTV, so it is clearly not reliant on Google-provided services. They also provide a build for F-droid from the same code base that doesn't use any external services. https://github.com/tailscale/tailscale-android/blob/main/and...
As far as I can tell, the only Google Play Services API the app distributed on the Play Store uses is Google account authentication via the Play Services Google account picker.
(Personal opinion here) Keep in mind that we're still a relatively small (but growing) team, and I think that a big part of not open sourcing everything is a simple matter of having the capacity to properly engage with the community.
For now, we've optimized for doing that for operating systems where users most expect it.
