Tailscale vs. ngrok

Ngrok is a developer-oriented tunnelling product that shares a few use cases with Tailscale. In this article, we’ll compare Tailscale to ngrok for some of these use cases.

Access your web service from anywhere

With ngrok you can access a local dev server from any device on any network. Ngrok does this by giving you a public URL (eg. https://45361aec75d9.ngrok.io) and then handling routing incoming traffic from this address to your local machine.

With Tailscale you can do the same with no additional setup required! Just make sure your device is connected to your Tailscale network, and then you can connect to your service from any other Tailscale device in your network.

For example, to show off the feature you’ve been building locally to your remote colleague who lives in another city:

  1. Start your development server. Let’s say your server starts up on port 3000.
  2. Tell your colleague to point their web browser to 100.x.y.z:3000 (100.x.y.z is the Tailscale IP of your device).
  3. Magic! Your colleague can securely view the website.

Another common use for this functionality is mobile app development where your dev client and server may be on different devices.

Security

With ngrok, by default the URL address they give you is public and visible to anyone on the internet. Anyone who has URL can access your service. If you want more security around this, you can upgrade to their paid plans to use IP whitelisting. This allows you to specify exactly which IPs should be able to see the service but requires manual configuration steps for each new IP.

With Tailscale, everything is private. There are no public addresses exposed ever on any of our plans. The only people who can access your local service over Tailscale are people in your Tailscale network or people you’ve explicitly shared your device with.

Domain customization

Remembering IP addresses is hard. It can often be easier to type or remember human-readable domain names.

With ngrok, by default the URL address they give you is randomly generated each time you want to expose a service. Their paid plans allow you to create static custom subdomains that are easier to remember when sharing out your local web servers, such as https://myapp.ngrok.io.

With Tailscale, our Magic DNS feature automatically registers human-readable names to your Tailscale devices. If you enable Magic DNS, you can use your device’s DNS name to access your services from other machines.

Suppose your device’s name is “happy-mac.” With Magic DNS enabled, your colleague can just visit happy-mac:3000 in their browser to view your website. No need to type out the Tailscale IP. Your DNS name doesn’t change, so you don’t have to share new URLs each time you restart your server.

Support for other types of services

With ngrok you aren’t limited to web services. Ngrok allows you to configure other TCP service types over TLS tunnels to allow you to access other services from remote devices. Again, you get a randomly assigned public address or can pay for a personalized one.

With Tailscale you are not limited to TCP. Tailscale supports any IP protocol (TCP, UDP, etc), whereas ngrok only supports TCP. Users often use Tailscale to share other services between their different devices. One example would be sharing an IP camera over Tailscale, streaming RTSP video over UDP.

Or another example, you can use SSH to access your work computer (let’s call it “happy-mac” again) from your personal computer:

  • ssh user@happy-mac (or ssh user@100.x.y.z if Magic DNS is not enabled)
  • Enter the password for user and you’re in.

Last updated