The more Iuse Tailscale for my networking needs, the more things I notice in the tool that make it one of the best options for securely accessing your devices. It's built on WireGuard, for a start, which means a modern, efficient VPN protocol that's secure and a far cry from the VPN experience you might be used to. It also makes management of your private network a cinch, as almost everything is handled for you, simplifying the process of remote access.
And that's just scratching the surface of this software-defined networking tool. Your tailnet isn't only for remote access, it's a secured, encrypted private network that spans the globe (if you want it to) and you can do plenty of other things with it that aren't to do with remote access. The zero-trust mesh architecture is fantastic for home lab use, running experiments on the same network hardware while keeping them completely separate from anything that could break. I use it daily for a mix of other reasons without leaving my house, and I never would have thought about some of these use cases without breaking free from thinking of it as a remote access tool.
Taildrop
Did you know Tailscale has its own simple file sharing tool?
One of the powerful things about Tailscale is that every entity connected to your tailnet is treated as if it's on the same physical network. That opens up a world of possibilities, from shared drive access to simple file sharing. It doesn't matter if your NAS is six feet away or on the other side of the globe; Tailscale makes that distance irrelevant, enabling file access in line with the security policies you've set.
If you've usedApple's AirDrop, you know that simple file sharing can be convenient. But it needs local proximity because AirDrop uses a Bluetooth handshake to connect your devices over a local Wi-Fi link. You can replicate the functionality byself-hosting tools like Pairdrop, but with Tailscale, you don't have to. All you need is toenable Taildrop from the General settings page by toggling theSend Files alpha feature to on, and then you can use the context menu in whatever operating system you're running to share files with a few clicks or taps.
5 Tailscale features you didn't know existed
Look, I didn't know about these either.
As subnet routing for legacy hardware
This really comes in handy
Not every device on my home network can run Tailscale, although the list is fairly short at this point. Mostly it's IoT devices that I can't control once I'm on my tailnet, but by setting up subnet routing to the IP addresses of those devices (or just to the Home Assistant instance managing them), I can still control my smart home without having to log out of Tailscale or switch to another network.
And that's it, the ability to change a couple of settings and reduce the friction in staying connected to my tailnet all the time. Now I can keep my smart phone on my tailnet and still use the official apps for the smart devices inside it, or use Home Assistant and the integrations that I've set up to amalgamate my smart home into one interface. And with the subnet routing set up on my NAS or router, I know it'll be accessible anytime my network is running, reducing the stress of worrying whether it's set up correctly.
I tried replacing dynamic DNS with Tailscale Funnels
Tailscale Funnels offer an easy way to expose my self-hosted services to my friends and family
As container sidecars
Make each container into a node on your tailnet and secure them in one fell swoop
Tailscale is an absolute boon to self-hosters, abstracting complicated networking setups to the point of absurdity where all most users need to do is log into their account. Case in point, you can use Tailscale Serve to expose individual containers or services to other members of your tailnet, in the same way that Funnel lets you share them via an externally accessible URL.
But that's the quick-and-dirty way to serve up access. For more permanent connectivity with all the access controls Tailscale enables, use Tailscale as a sidecar for your Docker or Kubernetes containers. This turns every sidecar-riding container into a node on your tailnet, and you know how easy it is to manage nodes after that.
It also comes with the inherent encrypted security of your tailnet, robust access controls, and the ability to use local loopback addresses in your containers, making setup a breeze. And Zero Trust is difficult to set up correctly from scratch. Why not use a service that's already designed from the ground up to operate from the lowest levels of trust, so you can slowly add services to the home lab configuration while keeping an eye on anything that might go wrong.
I started using networking sidecars for my Docker containers, and they've been a game-changer
Object-oriented orchestration is out of this world
Secure internet routing with exit nodes
Give yourself VPN-like privacy from anywhere you are
Tailscale isn't just for remotely accessing your home network, even though that's one of its common use cases. It lets you designate devices on your tailnet as "exit nodes" that act as a forwarder for all your traffic. You know how VPN providers allow you to choose which cities your traffic is routed through? It's the same general theory, but it's done using devices you control.
But it doesn't have to be only devices. You can use Tailscale running in a container as an exit node, turning your cheap VPS into an encrypted VPN tunnel, and anyone snooping on your browsing data will only see the shared external IPs of your VPS provider. And that means that services that use geoblockers will only see the exit node's IP, and let you browse or stream as if you're physically in that location.
To enable devices as Peer Relays
No more DERP means faster throughput
One of the newest Tailscale features is "Peer Relays." You might be familiar with how Tailscale uses DERP (Designated Encrypted Relay for Packets) servers if direct connections between your tailnet devices isn't possible. This keeps you connected, but it's slower as the encrypted packets have to be relayed by another server in both directions. It's still via WireGuard, it's still encrypted end-to-end and Tailscale can't see your data, but it's slow compared to the usual tailnet performance.
But with Peer Relays, you can pick any device in your tailnet as a relay. This improves throughput vs DERP while keeping your data flow within your infrastructure as much as possible, something anyone who knows anything about privacy will appreciate. And while you would typically use it for bypassing strict firewalls or CGNAT to communicate as a remote access tool, you can do the same thing inside your home lab and have a private, encrypted software-defined network for other types of traffic across your home lab that isn't affected by any experiments you're up to, or how many firewall rules you put into place.
Tailscale's Peer Relays will change how you connect to self-hosted services
Peer Relays are the best new feature added to Tailscale in a long time, and you can set them up for free.
The more I use Tailscale, the more ways I notice how to use it
I like having options when it comes to remote access tools, but not every remote access tool has feature parity. When I use Tailscale, I know how it works, the setup process, and how easily it connects devices, servers, containers, and more. It also handles DNS for me, which is handy when I'm dealing with services I'm not familiar with, allowing me to focus on setup and use of the other program, without having to troubleshoot the network stack on top of that.
I've also been experimentingwith Headscale, the open-source self-hostable control plane for Tailscale. While I'm glad it's an option if the Tailscale servers go down or the company becomes evil, until that day, the managed servers are much easier to use. They're adding new features all the time, are responsive to social media posts or issues raised by the community, and it's about as close to "it just works" as you can get with a VPN.
