Tailscale: the easiest way to connect your devices

I wrote about setting up WireGuard manually, and it works well. But Tailscale builds on WireGuard and removes almost all the configuration. No key management, no port forwarding, no server setup. Install it on your devices and they can talk to each other.

What Tailscale does

Tailscale creates a mesh VPN between your devices using WireGuard under the hood. Every device gets a stable IP address on a private network (100.x.x.x). Your laptop can reach your homelab server, your phone can reach your NAS, and everything is encrypted end-to-end.

The key difference from traditional VPNs: there is no central VPN server that all traffic routes through. Devices connect directly to each other using NAT traversal. This means the connection is as fast as the direct path between two devices.

Setting it up

Install Tailscale on each device:

# Linux
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
 
# macOS/Windows/iOS/Android
# Download from tailscale.com

Authenticate with your account and the device joins your network. That is it. Every device on your Tailscale network can now reach every other device by its Tailscale IP or hostname.

Why I use it alongside WireGuard

I still run WireGuard for my primary homelab VPN because I want full control over the configuration and routing. Tailscale fills a different role: quick access from any device without configuration.

My phone has Tailscale installed. When I need to check something on my homelab from a coffee shop, I toggle Tailscale on and access my services by hostname. No manual VPN config on my phone, no key management.

Subnet routing

If you want to access your entire home network through Tailscale (not just devices with Tailscale installed), set up a subnet router:

sudo tailscale up --advertise-routes=192.168.1.0/24

Approve the route in the Tailscale admin panel, and now every device on your Tailscale network can reach your home LAN. Smart TVs, printers, IoT devices, anything on 192.168.1.x.

MagicDNS

Tailscale assigns human-readable hostnames to your devices. Instead of remembering 100.94.32.17, you access your server as homelab.tailnet-name.ts.net. MagicDNS handles the resolution automatically.

Exit nodes

You can designate any device as an exit node, routing all internet traffic through it. This is useful when you are on untrusted Wi-Fi and want to route your traffic through your home connection:

# On the exit node
sudo tailscale up --advertise-exit-node
 
# On the client
sudo tailscale up --exit-node=homelab

Pricing

Tailscale's free tier covers up to 100 devices with 3 users. That is more than enough for personal use. The paid plans add more users and enterprise features.

For a tool that replaces hours of VPN configuration with a 30-second install, the free tier is remarkably generous.

Sources

• Tailscale
• Tailscale Documentation