Pritunl vs. Tailscale
A common issue with the traditional VPN is its inability to scale well: usually, a remote user needs to be connected to a central VPN concentrator, which can create a bottleneck. This is why newer VPN solutions focus on improving connectivity and speed, in addition to shifting to identity-based security, allowing single sign-on and user group-based security policies. These new features help to speed things up, while securely bypassing the rigidity of old VPNs.
Both Tailscale and Pritunl have created VPNs that advance the usability of remote access VPNs in the modern work environment. Here, we’ll compare the two, and outline each one’s unique advantages.
Pritunl features
Pritunl was originally built on the OpenVPN protocol and now supports a WireGuard implementation. Pritunl connects clients by routing communications through a server, rather than just a mesh network. These replicated VPN servers have automatic routing and fail for both the OpenVPN and the WireGuard implementations.
Comparison matrix
| Tailscale | Pritunl | |
|---|---|---|
| Open source? | Yes (clients but not coordination server) | Yes |
| Integrates with identity providers for single sign-on? | Yes (Google, Office 365/Azure AD, Okta, etc.) |
Yes |
| Mesh VPN | Yes | No |
| End-to-end encryption? | Yes | Proxy forwards between users and apps |
| Connection latency | Minimal (point-to-point mesh) | Depends on nearest proxy location |
| ACLs and security policies? | Yes (central ACL policy) | Yes |
| Forward all traffic through gateway? | Optional (exit nodes) | Enabled by default, can be configured |
| Pricing | Free for individuals. Paid plans for teams and enterprise. | Free version with limited functionality. Paid plan for enterprise features. |
Tailscale advantages
Management of database and servers
Pritunl requires setting up your own MongoDB instance and user-manage Pritunl Servers. Pritunl does not offer a fully managed service. This makes the initial setup and continued maintenance of these servers the responsibility of the users. Once the server is set up, administrators can configure the organization’s SSO identity provider, allowing existing users to log into Pritunl on their devices.
Tailscale makes connecting devices straightforward. Simply install and log into Tailscale on each device using your organization’s SSO identity provider. Tailscale manages key distribution, key rotation, machine certificates, and all configurations for users, which is very useful if any of the devices on the network belong to non-technical users.
Meaningful Feature Distribution Across Plans
While Pritunl and Tailscale have many similar VPN features, Pritunl’s best features are restricted to their paid plan. Tailscale, alternatively, allows free users to access powerful features. For example, Tailscale includes single sign-on with our free version, while Pritunl restricts this.
A Mesh Network with True Peer-to-Peer Communications
While Pritunl virtually facilitates client-to-client communications, they aren’t true peer-to-peer connections like with Tailscale. While Pritunl’s connections pass through a server, Tailscale uses a coordination server only for sharing keys and connecting devices. Tailscale acts only as a control plane which does not intercept traffic.
The bottom line
Pritunl relies on self-hosting and a more complex setup. Tailscale simplifies the setup and management of secure networking with seamless SSO integration and encrypted Wireguard protocols. Tailscale's focus on ease of use and strong free tier makes it a more accessible choice for many users.
