Ever heard of Tailscale?
A few months ago, I was actually searching for ngrok (to create a tunnel to expose a development server to the Internet so that I could show a prototype to my client at the time), but I had forgotten its name. While googling a few keywords, I stumbled upon Tailscale. At first, I just thought it was some kind of network utility and didn’t really try to find out what it did. But then a video from their official YouTube channel popped up in my recommendations, so I watched it. All I picked up from it was that “it connects your devices so it makes them look like they’re on the same network, even if they’re not.”
“Cool, but not so much use for me” I thought at the time, but I was wrong.
What is Tailscale really?
At its core, Tailscale is a mesh VPN built on top of WireGuard. That means every connection between your devices is encrypted using WireGuard’s modern cryptography. But unlike plain WireGuard, Tailscale handles the hard parts for you such as key exchange, NAT traversal, and connection management through a coordination server.
Once you install Tailscale on your devices and sign in, they automatically discover each other and form direct, encrypted connections. No manual configuration, no public IPs, no firewall configuration headaches. You pretty much get your own VPN for your connected devices.
What do I use it for?
I use it for quite a few things now. Transferring files between my devices, using it alongside Syncthing to keep files in sync, accessing a DigitalOcean droplet, managing my Raspberry Pi, and experimenting with it together with OPNsense to secure and manage traffic across all devices at work.
Transferring Files
I own a MacBook, an Android phone, and a tablet, and it’s been a pain to transfer files between them. The Android File Transfer app has stopped working for some unknown reason a few years ago, so I used to upload the files to OneDrive and download them from my other devices as the means to transfer files between them. This multi-step process was tedious but I had no other choice. What’s awesome about Tailscale is that it has a built-in sharing utility called Taildrop that allows me to send files to devices on the same Tailnet (the private network Tailscale provides you). The transfer isn’t the fastest, but I usually only need to send a few documents or images over, so it’s been working great for me so far.
Accessing My Devices
Another thing that’s been super convenient is being able to connect to any of my devices securely whether I’m at home, at work, or using public Wi-Fi. I can SSH into my Raspberry Pi without port forwarding and SSH into my DigitalOcean server without having port 22 left open. It’s all possible because Tailscale creates a secure tunnel between my devices, so I never have to expose anything publicly. It’s also super convenient that I can assign device names (called MagicDNS) that I can use as host names instead of IP addresses.
For example, I can just do:
ssh justin@raspberrypiand it just works. No IPs to remember, no assigning static IPs, no DNS configuration, no worries about leaving ports open, no SSH key management. Just works beautifully.
Syncthing and File Syncing
I also use Syncthing to keep files synced between the devices at work. Normally, if Syncthing cannot create a direct connection between the devices, it requires your devices to be reachable over the internet which means you’d either need port forwarding or relay servers. But with Tailscale, I can use direct connections between the devices and avoid using relay servers since they’re all part of the same private network that can be addressed using their device names. Syncs are faster, more reliable and secure, and I don’t have to rely on public relay nodes.
Combining Tailscale with OPNsense
At work, I’ve been exploring the use of Tailscale with OPNsense to manage and secure all traffic for all the devices. It’s a small business, and we have about 30 devices that need to be secured. The idea is to have a device installed with OPNsense act as an exit node so that all network traffic of the devices connected to our Tailnet will be routed through the exit node and managed by OPNsense when accessing the Internet. It’s still at an exploratory phase, but I can already imagine how powerful this can be.
Why I Think It’s Awesome
Tailscale just works. Install the app on your devices and sign in. That’s it. They instantly join the same Tailnet and became accessible from anywhere, as if they were all plugged into the same network.
The fact that I can assign human-readable device names (MagicDNS) instead of dealing with IP addresses makes it even better. It opens the door to all kinds of practical setups like running your own internal services, hosting dashboards or APIs only visible within your Tailnet, or creating private development environments that are still securely reachable from anywhere.
Also, it turns out that I can create funnels in Tailnet to expose services running on my Tailnet to the Internet just like ngrok. They are continuously adding features, and their free plan is very generous, allowing you to connect up to 100 devices on your Tailnet.
Final Thoughts
I’m just glad I found Tailscale. It’s one of those rare tools that quietly becomes part of your workflow until you can’t imagine not having it. I initially thought it wasn’t for me, but it turns out that it was exactly what I needed.