Tailscale

mid_gen · 2025-11-29T11:42:43+0000

Slowly building up infrastructure for getting my studio off the ground. Today was 'sort out remote access' day for my self-hosted services.

Just had to say what an awesome product Tailscale is. I was dreading faffing around with routing and VPN servers and the like.....but to be able to just install an app on my phone and servers and be BAM done, got a secure VPN using oauth.

Now I can shut down the port forwarding I was using to access my Synology DSM while out of the house....vast improvement. And properly free for 3 users.

Tested out granting access to my CI server to another dev I'm working with....just generate a link and bam done, controlled access for an external client to just my server.

Super cool product, and reasonably priced when I do need to scale.

ChrisD. · 2025-11-29T12:40:17+0000

I'm slowly moving over to Headscale (a FOSS version) from a standard Wireguard VPN, I had a few issues setting it up but I'll get there with a bit more time.

Bluecube · 2025-11-29T12:51:59+0000

What's the advantage in using Tailscale or equivalent? Security? I have a Wireguard VPN at router level which I use to dial into my home network which works fine. For Tailscale it seems I'd have to install it on all my devices in order to use which would be a bit time consuming and some devices don't have Tailscale apps either

ChrisD. · 2025-11-29T12:57:00+0000

Bluecube said:
What's the advantage in using Tailscale or equivalent? Security? I have a Wireguard VPN at router level which I use to dial into my home network which works fine. For Tailscale it seems I'd have to install it on all my devices in order to use which would be a bit time consuming and some devices don't have Tailscale apps either

With your setup (which is what I use), first your router has an open port (for the Wireguard server). Then anyone with the right cert has access to your entire LAN (or subnets you define). There's no lateral movement control, it's all or nothing. With Tailscale you can control who access what on a device by device basis, and there's no requirement to have any open ports. You can also set up a node for you, and grant yourself access to everything.

mid_gen · 2025-11-29T14:14:30+0000

Bluecube said:
What's the advantage in using Tailscale or equivalent? Security? I have a Wireguard VPN at router level which I use to dial into my home network which works fine. For Tailscale it seems I'd have to install it on all my devices in order to use which would be a bit time consuming and some devices don't have Tailscale apps either

As mentioned, the advantage is that I don't need to open any ports on my router to the internet....I've never been comfortable about the port I had open to my NAS for DS camera assistant. Now I can keep my home network secure and have tailscale punch through the NAT.

Got tailscale clients installed on my desktop, server, NAS, phone, mac air. Probably do my HomeAssistant box too (seems to be an addon for it).

lsg1r · 2025-11-29T15:32:19+0000

Yeah Tailscale is pretty good. Built into Unraid so I can specify own tailscale ips for each docker such as jellyfin, allowing access ONLY to jellyfin etc if I decide to share access to someone.

lmfy2k · 2025-11-29T16:43:58+0000

I prefer good old WireGuard for VPN into home network. That way can access all my services/dockers via ip in browser. Easy to setup. No faff. I have been wanting to setup tailscale as backup, part of unraid now I believe.