I can’t praise Tailscale and its developers enough… I discovered this do-it-yourself VPN solution about half a year ago and boy has it improved my life… Here is what I managed to accomplish with it.

I am running Tailscale on my old macbook air, henceforth referred to as my “server”, my two firesticks, and my phones.

*remotely=outside of LAN, so over internet*

-I can access my SMB shares remotely from my phones with OwlFiles and from my M1 Macbook air seamlessly through Finder. All I had to do was enter a simple command on my server in Terminal to add TCP/445 to “Services”. Tailscale then forwards incoming TCP connections on port 445 from within my tailnet to port 445 on my mac’s server. The result is that I am able to mount my 2TB share from anywhere I have internet and manage my files as though I was on my home network. I also have access to my entire media library from VLC installed on all my devices (once again, through SMB). If only I could somehow add my remote SMB shares to Kodi… But Kodi doesn’t seem to allow me to type in custom IP addresses when trying to add SMB shares. Let me know in the comments if you know how to add remote SMB shares to Kodi (the ones it does not detect automatically).

-Similarly, by adding a suitable HTTPS port to my server’s Tailscale services, I am able to manage the Transmission torrent client installed on my server remotely through Transmission’s web interface (while connected to Tailscale, of course).

-I can back up to Time Machine remotely and accessing my Time Machine backups remotely as well. There are a few caveats though. On my server, I had to add a shared folder (from Settings), allow access to it via SMB and mark it as a Time Machine backup destination. The process is pretty straightforward. The trick is to add it as a backup destination THROUGH TAILSCALE by typing in the Tailscale IP of your server or the Magic-DNS domain name. Also, you will not be able to access pre-existing time machine backups through Tailscale! Only the destinations that you initially add through Tailscale. This is why I have two backup destinations on my server - one that I back up to from my LAN and one that I use over Tailscale remotely. Works like a charm!!!

-I can control my server through VNC remotely and seamlessly as if I was connected to LAN. To do that, I had to add TCP/5900 to my server’s Tailscale services (which is akin to opening up TCP port 5900 to incoming connections from within the tailnet). This is particularly useful when I don’t have my M1 mac with me, but need to run Python code inside Spyder. I just turn on my bluetooth/trackpad combo, connect it to my S10+, jack myself into my tailnet, MultiVNC my way into my server and BAM.

-MagicDNS deserves its own praiseful review. Not only did it assign a permanent, simple domain name to all my Tailscale-enabled devices, but it allowed me to configure my own DNS server for Tailscale-connected devices. I was then able to choose custom DNS servers for specific domains, which let me block FireTV updates without compromising my security (The DNS server used for that looks a little sketchy so I don’t want all of my traffic to go through it) and also use AdGuard DNS without breaking Doordash’s Dasher app by routing doordash-specific DNS requests to Google’s DNS and not AdGuard’s. Solid win here, as Adguard’s DNS bricks the Dasher app. Let me know in the comments if you want to see my Magic-DNS configuration.

-FUNNEL: By running a funnel (proxy) on my home server, I am able to access my dad’s Bell Fibe TV channels through their web interface from anywhere on Earth - Bell treats my traffic as if it’s coming from my home network! It will NOT work if you use the mobile app, but works flawlessly from within Samsung Internet, Safari (on mac) and Grazing 3 (on iOS). Also, it’s quite neat to browse with my Canadian IP even when I am travelling (no more annoying “cookie consent” notices when in the EU). I suspect Netflix users could use this sort of setup to get around password-sharing restrictions. I am also running funnels on my firesticks just in case I need more bandwidth.

-SUBNETS: I am running a subnet on my home server so that I could adb into my firesticks and manage them remotely with scrcpy (update apps, install tweaks, etc). Yes, I am not a huge fan of the command line ^^’ . I can also access my wifi cameras remotely from my mac. The desktop app for the cheap chinese ones only allows you to manage them over LAN, but Tailscale takes care of that. Works like a charm!

I am beyond pleased with everything Tailscale enables me to do. It baffles me that this technology is somehow free to use. I am extremely grateful to be a part of the Tailscale community. Thank you!!

Share your ideas and questions in the comments.

  • Charming-Molasses-22@alien.topB
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Tailscale doesn’t respect local traffic and they have refused to add split tunneling on their Android VPN client. For these simple reasons, I would never take this product seriously.

    • cyrus2kg@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      They don’t do split tunneling? That’s dumb. I ended up going with netmaker a year or so ago instead of tail scale because I didn’t think tailscale was completely selfhost. Then netmaker put their relay functionality behind a paywall so now I’m stuck on an old version and have to decide to update or not.

    • bondaly@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Could you explain what you mean by respecting local traffic and split tunneling please?

      • Charming-Molasses-22@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Sure.

        So local traffic is how devices in one network communicate. E.g say you have two computers in your home network, as long as they are joined to your wi-fi they can “talk” to each other without any intermediary between them.

        Since VPN clients take over your device network, they also setup special rules to bypass your local network so that your device can continue to talk to other devices in your home network.

        Tailscale doesn’t setup these rules and instead expects you install Tailscale to the other devices to continue this inter-connectivity. Could be a malevolent move so that they can jack up the number of installs but I think it’s totally dumb.

        Split tunneling is a way to tell the VPN client to bypass an app so that the app does not use the VPN network and uses your local network instead.