Remember in my Hello World post when I mentioned some mind-blowing tech that had me going “OMG! This is next level!”? Well, folks, prepare yourselves for the grand reveal: Tailscale!

What is Tailscale?

Tailscale is a Mesh VPN service that allows you to connect your devices securely and privately. It’s like a VPN, but better. It’s like a mesh network, but better. It’s like magic, but better. It’s like… you get the idea.

First things first, let’s clear up some misconceptions about VPNs. Thanks to clever marketing, most people now think VPNs are primarily for getting around netflix geoblocking and the chinese firewall. But traditional VPNs do so much more! They used to be magical tools that placed your internet-connected computer on the other side of your company’s firewall or connect two physical locations over the internet.

1# Traditional VPN: Connect to work
2ssh user@company-vpn-server
3
4# Modern marketing VPN:
5netflix-and-chill --country=not-mine

So, what exactly is Tailscale? Imagine if your devices could connect directly to each other, securely and effortlessly, regardless of where they are. That’s Tailscale in a nutshell. It uses WireGuard to create a mesh network, allowing all your devices to communicate as if they’re on the same local network.

How does it work?

Tailscale creates a secure mesh network by leveraging WireGuard for encrypted tunnels between devices. Each node generates a keypair and shares its public key with a central coordination server. The server distributes these keys to authorized nodes, enabling them to establish direct, encrypted connections. Tailscale uses advanced NAT traversal techniques to connect devices behind firewalls, and falls back to encrypted relays (DERP servers) when direct connections are impossible. Authentication is handled through existing identity providers, while security policies are centrally managed but enforced at each node. This approach allows for a scalable, efficient, and secure network that can be deployed incrementally alongside existing infrastructure. For more detailed information on Tailscale’s inner workings, check out their documentation.

Why is it so awesome?

It’s. Just. So. Easy. Setting up devices on your Tailnet (yes, that’s what they call your network). Install Tailscale on your devices and watch it effortlessly set up direct WireGuard VPN connections between each device, creating a secure mesh network. As long as your devices have a reliable internet connection, they’ll seamlessly connect with each other within your personal Tailnet.

Imagine you’re on vacation halfway across the world and need to access a file on your home NAS. With Tailscale, you can securely connect to your NAS as if you were sitting in your living room. Meanwhile, that same NAS can sync files with your self hosted cloud elsewhere, ensuring everything stays up-to-date effortlessly, and the best part is it all just works seamlessly.

Tailscale is one of the easiest VPN to set up. And by VPN, I mean a traditional VPN, not the marketing-heavy NordVPN type.

1. Your devices can find each other, regardless of their physical location or network setup.
2. Communication is direct and end-to-end encrypted with Wireguard.
3. No data flows through Tailscale servers - they just help with the initial connection.

Tailscale is like a really efficient party host - it introduces your devices to each other, then steps back and lets them chat directly.

What am I using it for?

Now, you might be thinking, “Cool story bro, but what are you using it for?”

Remote Access to Home Assistant:

Because yelling at your smart home from across the world is a basic human right. With Tailscale, I can access my home automation dashboard from anywhere, anytime without exposing it to the big bad internet and complex setups.

SSH Without the Tears: No more open ports or complex firewall rules. I just SSH into my machines like they’re sitting right next to me. Tailscale’s MagicDNS feature even lets me use hostnames instead of IP addresses.

Routing Internet Traffic:

Ever been at a Starbucks or a hotel and not trusted the network? You shouldn’t. With Tailscale, you can use one of your devices as an exit node to route all your traffic securely. You can even use a Mullvad exit node, but that’s a paid feature.

Accessing My Raspberry Pi from Anywhere:

I have my Caddy reverse proxy server running on the Pi, and I also use my iPad to SSH into it for remote development on the go. Why Pi? Because I currently don’t need cloud compute, and my Pi is faster than the free tier for my use cases. I use the Terminus app – it’s awesome. My Pi runs an active VNC server, but I rarely need to use it.

Thanks to tailscale, I used my firewall manager to close all my pi’s ports to traffic except for packets coming in via the Tailnet:

1sudo ufw allow in on tailscale0

Private Websites from Anywhere:

I have some personal websites hosted that I don’t want to be publicly accessible. Firewall rules are a pain, especially when your home IP changes frequently. Tailscale simplifies everything.

Taildrop: The Universal Airdrop:

One of the best features of the Apple ecosystem is Airdrop. Tailscale’s Taildrop extends this functionality to every operating system, allowing fast file transfers over the WireGuard mesh network. Even if you’re all about Apple, Taildrop can be faster and more versatile than Airdrop and doesn’t require devices to be physically close to each other.

Wrapping Up

Tailscale has revolutionized how I manage my personal network. It’s solved problems I didn’t even know I had, and made tasks I used to dread into simple, everyday actions.

Whether you’re a networking novice or a seasoned sysadmin, Tailscale has something to offer. It’s the kind of tool that makes you wonder how you ever lived without it.

So, if you’re looking to simplify your networking setup, or just play with some cool tech, give Tailscale a try. Your future self will thank you!