Comment by guiambros
17 hours ago
Same! And the best thing is that you can install Tailscale, so you can connect to your tailnet, and exit all traffic through one of your nodes (e.g., your home/office network).
It's incredibly useful, with the added bonus that you don't need to install tailscale client in any of your travel devices (phone, tablet, work computer, etc).
I’m seeing a lot of this same comment here, so I went to check out this tailscale thing, which clearly I must need.
Can anybody explain what Tailscale is, does, or why everybody seems to have it?
Looking at their website, it’s just a huge wall of business jargon. Really! Read it. It’s nothing but a list of enterprise terminology. There’s a “how it works “ page full of more (different) jargon, acronyms and buzzwords, but no simple explanation of why everybody on this thread seems to be paying money for this thing?
Any help? Should I just pay them my $6/month and hope I figure it out at some point?
It's a wrapper around Wireguard that lets you use common SSO providers (Apple ID, Google, etc) to manage access.
It also handles looking up the IP address of your "nodes" through their servers, so you don't need to host a domain/dns to find the WAN IP of your home network when you're external to it (this is assuming you don't pay for a fixed IP).
Most people put an instance of it on a home server or NAS, and then they can use the very well designed and easy to use iOS/mac/etc client to access their home network when away.
You can route all traffic through it, so basically your device operates as if you're on your home network.
You can accomplish all of this stuff (setting up a VPN to your home network, DNS lookup to your home network) without Tailscale, but it makes it so much easier.
TS makes it super easy to use a VPC I have in the US as my VPN exit while I live in other parts of the world. Apps that work on phones, computers, and my AppleTV are big pluses over Wireguard which I have also used.
I was still completely mystified until your last sentence. And now I'm just mostly mystified. I, too, keep hearing Tailscale Tailscale Tailscale from HN commenters but have no idea why I'd need it. For anything I need to access on (or from) my home network I just use a VPN I've hosted in my home for the last decade or so.
1 reply →
For me: it's a way to access services I host on my homelab LAN from 3000 miles away. Having a router that automatically logs into that and routes TS addresses properly allows you to use all your devices connected to that router to access TS services with no further configuration. I host Kiwix, Copyparty, Llama.cpp, FreshRSS, and a bunch of other services on my homelab, and being able to access all of those remotely is convenient.
Not sure if anybody gives you the answer to "what is tailscale?". So, this is my answer (hopefully it's correct and simple enough to understand).
Tailscale allows devices that can access the Internet (no matter how they access the Internet) to see each other.
To do that, you create a tailscale network for yourself, then connect your devices to that network, then your devices can see each other. Other devices that are connecting to the Internet but not to our tailscale network won't see your devices.
AI might explain it better :-) Don't know why I wanted to explain it.
Basically it is managed Wireguard. Tailscale does say it, but it is buried under marketing speak.
It's also P2P mesh rather than hub and spoke which is quite important
1 reply →
This. People are doing the same thing that OP mentioned in this thread.
Basic version is it's a sort of developer focused zero trust network service.
Encrypted overlay network based on wireguard tunnels, with network ACLs based around identity, and with lots of nice quality-of-life features, like DNS that just works and a bunch of other stuff.
(Other stuff = internet egress from your tailscale network ('tailnet') through any chosen node, or feeding inbound traffic from a public IP to a chosen node, SSH tied into the network authentication.
There is also https://github.com/juanfont/headscale - which is a open source implementation of some of tailscale's server side stuff, compatible with the normal tailscale clients.
(And there are clients for a very wide range of stuff).
I can’t tell if you’re trying to help, or just getting into the spirit of the website’s “how it works (using ten pages of terminology and acronyms we just made up)” page.
6 replies →
Sign up for free using Google Sign In.
Install the tailscale client on each of your devices.
Each device will get an IP address from Tailscale. Think about that like a new LAN address.
When you're away from home, you can access your home devices using the Tailscale IP addresses.
So basically wireguard, but you have to pay for it, and you have create an account through Google/Apple/Microsoft/whatever.
Wireguard is not that hard to set up manually. If you've added SSH keys to your Github account, it's pretty much the same thing. Find a youtube video or something, and you're good. You might not even need to install a wireguard server yourself, as some routers have that built in (like my Ubiquity EdgeRouter)
6 replies →
They still tie you to Google?
5 replies →
I don't think you need to pay $6 a month to try it out.
Install it on all the machines you want. When you are running it on the machine, it is networked to the other machines that are running it. Now make an 'exit node' on one of those machines by selecting it in the UI, and all your gear can access the internet via that exit node. Your phone can run it. Your apple tv can run it. You can have multiple exit nodes. So you can have a worldwide network and not once did you have to open ports in firewalls etc.
How does it compare to Zerotier? The way I understand it it's kind of overlapping functionality but not necessarily everything. What I want from Zerotier is basically what you described about Tailscale.
The two problems I have with zerotier are:
1) It's supposed to let a mobile device like an Android tablet route its traffic through zerotier (functioning as a VPN to my home site, in this case). However, I've never got that to work. It's running, but doesn't affect anything network-wise for the other applications (unlike running e.g. openvpn on it)
2) On a couple of computers with specific routing set up to various destinations, when Zerotier runs it simply blocks all of that and there's no way for me to continue accessing anything else than the Zerotier network. No fiddling with routing tables etc. changes any of that. On other computers, also some running OpenVPN, Zerotier does not interfere. I've never figured out what causes this.
So, in short, I'm pondering if I should ditch Zerotier and try Tailscale instead. If it does the same - I simply want a way to connect my devices, but I also don't want to lose total control over routing. For mobile devices I would want full VPN, for computers I don't. Edit: So, I'm both after connecting my multiple networks, as well as VPN'ing certain things or devices through another location.
Thanks for any input on this.
1 reply →
So, somewhere on that website, there’s a free version that can be downloaded onto a desktop and run without signing up for their service?
I think I understand what it does now. So, basically you leave a computer running at home, and this thing lets you pretend to be running your internet stuff through it while you’re on the road?
6 replies →
A system by wich you can expose things on your private network (e.g. your home lan) so you can selectively and securely make them accesible from other places (e.g. over the Internet). You can do all this without tailscale by just configuring secure encrypted tunnels (wireshark, traefic, ...) yourself, but services like tailscale provide you with easy gui configuration for that.
I personally use Pangolin, which is similar https://github.com/fosrl/pangolin
Extending the question:
In my mind Tailscale was primarily to expose local services but answers here sound a bit as if people used it as a VpN replacement.
If I do not want to expose local services but only protect me and hide from untrusted WiFi, would I better use a traditional VPN or Tailscale?
My thinking is that Tailscale could be the better VPN because they have a clean business model while pure VPN companies are all shady.
> In my mind Tailscale was primarily to expose local services
You might be thinking of tailscale funnel:
https://tailscale.com/kb/1223/funnel
Which is nice, but still a beta feature. Tailscale itself is indeed a mesh VPN that lets you connect all your devices together.
> If I do not want to expose local services but only protect me and hide from untrusted WiFi, would I better use a traditional VPN or Tailscale?
It does NOT by default route all your internet traffic through one of its servers in order to hide it from your ISP, like the type of VPN you might be thinking of (Mullvad, ProtonVPN etc.).
Though you CAN make it route all the traffic from one of your devices through another, which they call an 'Exit Node'. They also have an integration with Mullvad, which allows you to use Mullvad servers as an exit node. Doing that would be identical to just using Mullvad though.
Tailscale can tunnel all your traffic through a chosen exit node so you browse the web and whatnot as if you were at home (or wherever the exit node is), so in this way it's a bit like a VPN from a VPN company, but it doesn't give you a list of countries to select from.
VPN companies aren't really in the business of selling VPNs. They sell proxies, especially proxies that let you appear to come from some country, and you typically connect to the proxy using the VPN functionality (particularly if you're using a consumer device instead of a laptop), but often you can use SOCKS5 instead.
Tailscale isn't in the business of selling proxies.
Tailscale is an enterprise vpn, connecting multiple of your networks, where as consumer vpns just make your network traffic exit from their network.
I run a tailscale exit node on an anonymous vps provider to give me a similar experience to a consumer vpn.
Also the free tier is sufficient for basically anything non power-user or enterprice.
It's a virtual network switch/router with DHCP, DNS, and lots more enterprisey features on top. You 'plug' devices into it using a VPN connection.
It's a cryptographic key exchange system that allows nodes to open Wireguard tunnels between each other. They have a nice product, but I don't like how it spies on your “private” network by default: https://tailscale.com/kb/1011/log-mesh-traffic
If you want to self-host, use NetBird instead.
Where spies == logging and they tell you, and provide clear opt out instructions
1 reply →
they have an excellent set of short intro videos [0] on youtube, that's what I used to get an overview and get set up.
[0] https://youtu.be/sPdvyR7bLqI?si=2kIpHtNuJ52jEdmm
You don't need to get too far down the page to see "VPN", which is what it is. But on top of that primitive, it's also a bunch of software and networking niceties.
It just virtual private network.
It’s a point to point vpn that works between devices even without a direct network connection.
Their personal free plan is more than enough.
We’re from the US but were recently in Germany. Sometimes we were completely exhausted after a long day and just wanted to rest in our room a little before going to sleep. Our motel had like 2 English speaking channels and both sucked. We watched a lot of German TV because it was interesting, even if we could barely understand what was going on. After some time doing that, it was a pleasure watching some Hulu, courtesy of connecting to WireGuard back at our house in California so that we had an American IP.
I do want to point out that dumping all of your traffic through a home/office network is not always a good idea. YMMV, but if you are in, say, LA, and pushed your 0.0.0.0 traffic through your home in NY, you just added quite a bit of latency.
This is great for keeping things in a LAN, but make sure you use your network rules correctly and don’t dump everything to your home network unless you need to.
(I too have a gli slate, but I use UI at home so will consider this when it comes out)
I disagree. DNS is generally unencrypted and leaking that over whatever open wifi you're on is generally worse from a privacy perspective than the latency you add bouncing through your home where you probably have encrypted DNS setup.
Even if you don't visit any http sites, you never know what might phone home over http, so an OS level VPN provides foolproof privacy at the cost of a tiny bit of latency.
Using encrypted DNS doesn't necessitate routing all your traffic through your home network. You can still encrypt all your traffic by using an encrypted DNS service or, if you really want to, a VPN service. But moving everything through your home network is not necessary, especially if you have any kind of usage caps.
2 replies →
> with the added bonus that you don't need to install tailscale client in any of your travel devices (phone, tablet, work computer, etc).
I am sorry, this confuses me. If I don't have a lclient, for example in my laptop, how does my laptop uses Tailscale then?
Also, TailScale Personal says 3 users. Is that a problem for as we are 4? (me, wife, son, doughter).
If Tailscale is installed on your router, then any client will also be able to connect to Tailscale networks.
Fo example, if you have a default route back to your home network on the router, any client will also connect through that tunnel back through your home. This assumes you are using your travel router to connect your laptop as opposed to say the hotel wifi. (In this scenario, your travel router is connected to both the hotel wifi as an uplink and Tailscale.)
Oh, got it.
What about the users? Do I need 4 for my family of 4? Or are the 3 users included in the free plan just admin users?
1 reply →
For what it's worth, you get 100 devices total, regardless of number of user accounts. If you don't need the permissions granularity that individual accounts have, consider only having an "admin" and "untrusted" account... or a single account, and pinky promise your family not to play with it.
These are neat in that you can jump on and extend existing wifi infra, but it'd be nice if they also included 5G. I want a product that does both.
It's cool to have your own network in a hotel. But it'd be nice to be able to do that on the road, away from public wifi, internationally, whenever - which hotspots do. But at the same time, it'd be nice to be able to do the WiFi thing too to cut back on data usage. I frequently blow through my hotspot data.
I'd rather this be in one device instead of two. Beggars can't be choosers, though, I suppose?
I’m using a GLinet GL-XE3000 for that and it’s great. Initial setup of the 5G eSIM on a physical SIM took a little searching but it’s been rock solid and having consistent access on the road and hotels has been great for family travel. It has a built-in battery, but I’ve never really tested the duration (I suspect it’s 3-6 hours) as I put it on its AC adapter in the hotel and the n a cigarette lighter adapter in the car, so the battery gets used 15-45 minutes at a time to bridge between those two places.
I like it enough that I might buy a second, more compact unit for when space is more a premium, but I’ve been really happy with this one.