Tailscale is awesome

Tailscale makes it easy to run a VPN without needing to configure a router or anything else

I've long been a proponent of running cool network things on your own. For years I've run a VPN (virtual private network) into my house so that I can connect to things at my house from anywhere in the world. This has allowed me to bypass country restrictions on streaming content when traveling internationally, remote desktop into my home computer from my office to access files or edit videos, and access other private things inside my network that I don't want exposed to the world. I know what I'm doing, network-wise, and the challenge of getting it all set up and configured for each device was, to me, a fun challenge to teach me more about my network.

But doing things this way has some limitations. For (1), my home network needs a public IP address. Some modern ISPs use CGNAT, where individual homes are provided only private IP addresses, and everything coming into the network goes through two layers of NAT. This limits your ability to run services locally and access them remotely. And (2), I need to always know the public IP address assigned to my home network. My ISP no longer provides static IP addresses (thanks IPv4 shortage), and so my home IP changes every few weeks. Dynamic DNS solves the problem fairly easily, but every once in a while it fails to update and I can't get into my home network.

Enter Tailscale. Tailscale is a VPN product that uses fancy network trickery to bypass the challenges of NAT and changing public IP addresses. Through a simple coordination server outside your network, you can quickly and easily set up a VPN that connects every device you own. None of your network traffic actually goes through Tailscale's servers. They simply provide the coordination of peer-to-peer connections between your devices by helping them know it's time to talk.

Maybe someday I'll make a more in-depth tutorial, but for now, here's how I'm using it to replace my previous VPN:

  1. Create a Tailscale account. The free plan lets you have 100 devices on your network, so I haven't had a need to do more than that.
  2. Add devices to your "tailnet" by installing the Tailscale application and logging in.
  3. Set up a device inside your home network as an "exit node". It's a few clicks on the website and device to set up an exit node, which allows you to route traffic from other devices through one device like a traditional VPN server.
  4. Set your other devices to use the exit node, and just like that your traffic is coming from inside the network. You can easily stop using the exit node on any device if you're done routing all traffic through the tailnet.

If you have services you want to share outside your network, like a video game server or website, you can use a Tailscale Funnel to open them up to the world. Again, this works even through ISP NAT and other challenges, making it much easier to run services on a private network.