r/Tailscale

this might be a stupid question but on my school network they blocked any external vpn usage so i want to know:

a) how would i get around that?

b) could i run tailscale off my home pc or home server to route my traffic through there instead and if so how?

im sorry if this is a stupid question or the wrong sub but i need some help.

Hi everyone!

I've been using Tailscale for almost a year and I've been loving what I can now do with it. Accessing my own NAS and selfhosted webservices without portforwarding have been a dream, and having an exit node in my current residence as well as my home country has extremely helpful bypassing georestrictions and what not.

This got me thinking if there could be an easier way to set up an exit node for people who are less techy. Maybe a small device like a Pi with Tailscale preloaded that people could easily have a plug and play solution. Maybe also adding an Adguard DNS at the same time would also make a device like that more appealing to setup for people who would want their own VPN type device.

I'm currently working on a concept/pitch idea for a device like that for a class I've been taking called Startup Bootcamp, and I would love to hear people's thoughts and opinions on such a device. Currently I've thought of loading a microcomputer with Tailscale and Adguard, and making it plug and play, leaning into the easy to set up aspect.

Do you guys think that a device like this could be useful or appealing to the less technical people you know? Or do you think it doesnt do enough to justify buying a physical device for them?

Either way, I'd like to hear what you all have to say on this idea since this community has been so great! (And if you'd like to talk about it more, feel free to send me a message)

TL;DR:

I have a concept of creating a theoretical startup for a class as assignment, and my idea would be selling microcomputers with tailscale and maybe adguard preinstalled. This product would be aimed at people less techy, but who want their own personal VPN thing.

I'd like to get feedback on this idea from you guys since I don't know anyone who uses tailscale aside from me irl, so any feedback would be greatly appreciated!

Hello, I am trying to use Tailscale, it seems to work but every once in a while I get disconnections, for example this is what happens when I ping another device via tailscale

>64 bytes from 100.64.231.16: icmp_seq=2532 ttl=128 time=34.262 ms

>64 bytes from 100.64.231.16: icmp_seq=2533 ttl=128 time=34.260 ms

>Request timeout for icmp_seq 2534

>Request timeout for icmp_seq 2535

>Request timeout for icmp_seq 2536

>Request timeout for icmp_seq 2537

What could be causing this kind of issue? I have no idea, thanks

>Request timeout for icmp_seq 2538

>Request timeout for icmp_seq 2539

Hi everyone,

I’m running into a performance issue with Tailscale and I’m trying to understand what’s going on.

Setup:

• Client internet: ~20 Mbps
• Server internet: ~80 Mbps
• Router: Netgear R6260 connected to Huawei HG8145V5 (fiber ONT)
• ISP: Iraq Cell

Problem:

• File transfer speed over Tailscale is stuck around ~2 Mbps
• tailscale ping shows connections going through relay servers (DERP)
• Latency is around 150–250 ms

What I tested:

• When I try from another device network (inside my local ISP), speeds are much better 80 Mbps
• So both devices and Tailscale itself seem fine
• Outside my local ISP it always falls back to relay instead of direct connection

What I already tried:

• Enabling UPnP
• Adjusting router and ONT settings
• Checking IPv6 (not really available)

None of these made a difference.

Question:
Is there any way to improve performance or avoid relay usage in this situation?

I don’t currently have access to a VPS, so I’m mainly looking for:

• Network or router-side tweaks
• Any tricks to help Tailscale establish direct connections
• Practical workarounds others have used

Would appreciate any help or ideas. Thanks!

Hello , is it possible to have tailscale running on a windows machine and have a traditional vpn running side by side (NordVPN , Express VPN ... the commercial ones) - because they are not launching saying that there is already a VPN running (tailscale) - thanks

Deleted my original post because it took a direction that didn't assist me whatsoever. I would like to use my cellphone with the tailscale app on it to be able to be used with hotspot/tethering to talk to other devices in the tailnet. I believe this is the purpose of the subnet routing function of tailscale, namely to allow devices connected to the subnet router to traverse the tailnet as if they themselves had tailscale installed and we part of the tailnet.

Is my interpretation of this function correct, or completely off base? If I am correct, can someone enumerate the correct procedure to set this up? I tried using the official guide but it didn't seem to work.

My set up with fake IPs for example.
Desktop x.x.x.2
Server x.x.x.3
Cellphone x.x.x.4

My desktop can connect to the server. My cellphone can connect to the server. However, when tethering the cellphone to a windows device, the device goes out through the broader network and does not attempt to send connections through the tailscale VPN. I am trying to do this so that I can use the client device to access RDP on my server which I have locked down to only allow incoming connections from the tailscale subnet.

Hello,

Its not as insidious as it may read from the title.

The scenario is simply that i have bought a gl.inet travel router(TR) with the intent to bring it along on vacations etc so i can access my network at home from devices that dont have tailscale(TS).

Home network is on 192.168.1.0/24

Travel network is on 192.168.8.0/24

I have configured and added the TR so its on my tailnet. In the home network i have setup an LXC container and likewise added it to my tailnet.

I have "announced" the home subnet and accepted it in the TS admin console I have checked "Allow Remote Access LAN" in the TR

However when i connect a non-tailscaled device to the TR i still cannot access my home network.

Im sure im missing something "simple" here - but im not sure what the right questions is to ask?

Can anyone guide me to solve this, which i would think is a common "issue to solve". I looked at crosstalk solutions video but its a slightly different scenario as far as i can see. I also checked the articles on tailscale website on both the beryl and how to add an lxc to tailnet

i have apps i can reach on example.local:portnumber when at home. i can also get to the apps outside the home network, but only with the ip address via subnets. is there a way i can use local domains through tailscale?

The title summarises it, I’m quite new to networking and home labbing. Any helps or tips.

Hi,

I was paying a 5$ Mullvand VPN add on for many months and decided to cancel the subscription. Knowing Tailscale I thought this was a 5 min task.

I am here writting after 1 hour, getting increasingly frustrated trying to cancel it and calling demons.

Where the heck is the cancel button?

https://preview.redd.it/eio5qzehf6wg1.png?width=1690&format=png&auto=webp&s=79a7699e7a22475c18d87f0e4ccba6a5b52d742d

I cannot even remove my credit card from Tailscale billing section.

Is this bad UX, Amazon shenanigans to avoid sign outs or myself being stupid? Why is this so hidden in the first place? !

So i have 2 PCs, a high spec gaming PC and a basic laptop. They are both connected to the same LAN via ethernet most of the time and i use host and client programs to stream games from the gaming PC to the basic laptop. Simple enough.

But i want to be able to stream games over WAN using my iPhone as a mobile hotspot to my laptop when travelling. I am using Tailscale to connect the 2 PCs. Tested it, all is well.

Just a quick question, when my 2 PCs are connected via LAN does the traffic still go through Tailscales WAN or it is kept internal? Need to know this as i have 2.5gbe LAN adapters but only a 80Mbps WAN connection. So i need to set quality settings accordingly.

So I tried to read the official documentation for how to set this up, and I am failing at every turn to get it to work properly.

I have a work laptop in which our security policy prevents me from installing the tailscale client on it. I'd still like to be able to connect the laptop to my tailscale network so I can remote into my servers securely. I have my android cellphone with subnet router enabled. I have the subnet approved in the tailscale admin client. Disconnecting the windows laptop from any network other than being tethered/wifi hotspotted to the cellphone. For some reason it seems like the laptop keeps grabbing an IP from the hotspot/tether, and not grabbing any form of internal IP from the tailscale subnet and as a result, I cannot connect to any of the other tailscale clients in my tailnet. I'm sure there is some step I am utterly failing to do, but I can't figure out what. Access rules shouldn't be a problem because my home PC can talk to my server just fine without any tweaks to rules. I've got it set up by default that any device in the tailnet can talk to each other.

Hi all, I’d like my phone/tablet etc to just think I’m in GB. I’m not looking to hide anything or protect myself. I travel a lot to countries that block access to my apps and websites, I just want to be able to bank, shop and watch TV like I’m at home. Where i am this week even blocks access to mullvad, so getting that to work was….fun (didn’t install/enable it before landing), and then when it did start to work the speeds were slow, even though the actual connection at both ends was fantastic, leaving Prime looking like Roman mosaic floor, and video calling hit and miss.

I’ve been told Tailscale can help me out with this with little fuss. Could someone point me to a simple guide that explains what i want to do please. Cheers.

Very brief introduction to running Docker containers (mini virtual machines) with Tailscale securely using a Linux host. Think of these as individual "app servers". Special notes:

1. Don't get overwhelmed! These are nothing more than Russian nesting dolls! You do NOT need to master or even know Linux or Docker to get started!!
2. Don't panic at the complexity! Your favorite frontier chatbot will generate the code, commands, and scripts (as well as security & backups!) for you & easily troubleshoot via pasted screenshots!
3. Don't be afraid to tinker, try stuff, and break stuff! Smart small & learn a little at a time! Everything here is FREE!!

These are HUGELY helpful in a variety of situations! Sample use cases that allow access anywhere:

• DIY worldwide VPN (via cheap $6 VPS accounts as Exit Nodes)
• Subnet router (with NETMAP for similar VLAN's)
• Cloud wireless controllers (Ubiquiti Unifi & TP-Link Omada with per-device PPSK, great for family & travel! I use an MT-3000 travel router)
• Personal website hosting (Astro, Hugo, VitePress, Ghost, or Wordpress with Cloudflare)
• Social media video download website (ReClip)
• Download manager (Servarr suite, qBittorrent, etc.)
• Password Manager server (Vaultwarden)
• DIY Microsoft 365-style remote collaboration server (NextCloud)
• Cert server (Smallstep)
• Personal & family photo & video backup & shared albums (Immich)
• Web-based file manager (FileBrowser Quantum)
• Backup server (SMB for iMazing, Macrium, FreeFileSync, Time Machine)
• Offsite backup server (Restic & PBS)
• Electronics simulation (tscircuit & Velxio)
• Smarthome control (HAOS, Grafana, etc.)
• Meal-planning (pantry inventory, recipes, shopping lists, control smart devices like the wi-fi Instant Pot & Anova Precision Oven, etc.)
• Private security system (Frigate NVR, RTSP-mod Wyze cameras, door/window/motion sensors, etc.)
• Programming automation platform (n8n)
• Minecraft server (itzg/minecraft-server, Paper, Chunky, Velocity, Aikar's JVM flags, Tailscale or public whitelist access)
• Facility Monitoring System (cameras, Wi-fi fire alarms, Wi-fi water alarms, etc.)
• Remote printer access with Airprint (PaperCut Mobility)
• Personal RAG knowledgebase (various LLM Wiki github projects)
• CLAW-style Agents (OpenClaw, NanoClaw, PicoClaw, NanoClaw, Hermes, etc.)
• Private AI (CPP/GPU infra, AnythingLLM, SST/TTS, ComfyUI, OpenCLI, etc.)
• Media server (Jellyfin for videos, music, audiobooks, ROM's, etc.)
• Remote desktop server (Ruskdesk)
• Centralized uptime monitoring & power management (Kuma & NUT)
• Central control (Telegram & SMS-via-5G-email, ex, yourcell#@tmomail.net)
• PXE boot (iVentoy for DBAN/ShredOS, Memtest86+, GParted, Win11, etc.)

Two basic platform choices:

1. Self-hosted (your hardware at a physically-accessible location)
2. Virtual cloud server (VPS on the Internet)

For self-hosting:

• At your house
• At a friend or family's house
• At a work location

As far as hosts go:

• Docker on WSL2 on Windows 11 (easy way to test & tinker!)
• A Linux host (ex. old desktop or laptop)
• Proxmox host (my favorite! run Ubuntu as a VM & then Docker within that VM and easily manage it & back it all up!)

As far as VPS's go: (I HIGHLY recommend buying the auto-backup package!)

• Hetzner
• Vultr
• DigitalOcean

Basic setup:

• Create the Linux CLI host or VM (Ubuntu LTS, Alpine for really old hardware, or WSL2 on Win11)
• Install Tailscale (Windows package or Linux via CLI)
• Build your Docker containers!

Recommended tools:

• Ubuntu LTS as the host (I like 22.04 at home for broader support & 24.04 online for the latest protection)
• Docker
• Tailscale (private access)
• Cloudflare (public access)
• Personal domain (optional), for convenience ("you.com" from Porkbun, Namecheap, etc., for >$10/year)

For setup, work with a tool like Claude or ChatGPT to get step-by-step installation instructions for your platform, to handle troubleshooting, and to review security & backups. Ultimately, YOU are responsible for the safety & security of any cloud-connected systems, so if in doubt, start out with a FULL lockdown & Tailscale-only access!

Part 1: Create your Tailnet

1. Create your Tailscale account
2. Lock down your identity provider (complex password, non-SMS app-based 2FA, printed backup codes, etc.)
3. Install locally to your workstation host (ex. Windows desktop PC) so that you can access your Docker suite remotely

Part 2: Build your server (VPS as an example)

1. Spin up Ubuntu 24.04 LTS
2. Create a non-root admin SSH user
3. Disable root password login
4. Update the system (sudo apt update && sudo apt upgrade -y)
5. Install & configure firewall for OpenSSH

Part 3: Install Docker

1. Install Docker
2. Install a Netdata docker (server monitor WebUI)
3. Install a Dockge docker (Docker monitor & manager WebUI)

Part 4: Install Tailscale on the host (for private access & control)

1. Install Tailscale
2. Disable public SSH (test with two sessions open)
3. Create SSH config (i.e. shortcut login to CLI for management)
4. Disable password login & use SSH keys (optional)
5. Install Exit Node (optional, but handy!)

Part 5: Install Cloudflare on the host (for secure public access)

1. Setup Cloudflare account
2. Install cloudflared on the host & authenticate it ("cloudflared tunnel login")
3. Create the tunnel as a service & port-map it to your Docker service of choice (Cloudflare on host tunnels to container ports) using config.yml (routes outside traffic to proper Docker) & subdomain DNS routes as necessary
4. Add desired security (Zero Trust, WAF, Bot Fight Mode, Auto HTTPS rewrite, Always Use HTTPS, secret token to webhook URL's, rate limiting, Cloudflare Access service tokens for machine auth, etc.)

What you have now:

• Hardened Linux host server with a WebUI monitor
• Tailscale-only admin access
• Unlimited free private Dockers that do ANYTHING YOU WANT, all managed with a WebUI! Your hardware is the only limit!!
• Secure public web access (via Cloudflare) with no open ports

Setup checklist:

1. What Docker idea do you want to run?
2. Do you want to host it onsite, or in the cloud?
3. Do you need secure public access (Cloudflare) or just 100% private access? (Tailscale)
4. Do you have a backup system in place? (VPS host, Restic offsite, PBS, etc.)

Notes:

• Save the setup steps as Docs in your Google Drive. FWIW, if you are brand-new to the Docker ecosystem, you can get VERY good at it in pretty short order!
• Make sure you have backups running! Because it REALLY stinks to goof something up or have a crash with no recourse!!
• Be sure to have a chatbot review your security setup to ensure that it is locked down safely. Remember that public access is still public access & is subject to whatever exploits are on the services & ports you choose to expose, so be sure to run updates frequently & lock everything down as much as possible!!

3 of the coolest technologies these days are:

• Tailscale
• Proxmox
• Cheap VPS

You can literally build a personal, worldwide secure mesh platform with this stack!! Have fun & ENJOY!!

Was getting annoyed with the low level support from claude code with tailscale and constantly battling with the api. Built this mcp server and things are really nice. Am actively maintaining this and using it every day to make sure it's always production ready. Seems to have the most active api support from any of the other tailscale mcp servers that I've seen. PRs welcome!

I had to quickly transfer some files to my main PC today, and so I chose to use Tailscale. However, I lost access to all external servers. My PC is always connected to an external VPN. But I also want to always be connected to my mesh VPN. Is split tunneling the only/best way to accomplish this? Thanks!

This is the most minor of annoyance, but I can’t figure out how to fix it. My wife and son are part of my Tailnet. In the app thier devices are grouped under thier name.

Mine and my son’s name are listed as First Last. My wife’s is FirstMiddleLast. No spacing. How in the world do I edit it? I’ve looked all over and can’t figure it out. It’s totally cosmetic, but it bothers me more than it should.

Hi everyone!

I’m new to homelab and I’ve been using Tailscale to access my Docker apps when I’m outside my network.

I have an application running on my server that needs to communicate via API with a mobile app, and for that it requires HTTPS. Using Tailscale, I was able to generate an HTTPS address, and everything works perfectly.

The problem is that when I’m on my local network using my computer, I can’t access this app through the local address anymore, because in order for the API communication to work I had to add the Tailscale HTTPS address into the .env file. So it ends up being configured only for the Tailscale HTTPS access, and I can’t use both local access and Tailscale access at the same time.

Because of that, to access it on my computer I had to install Tailscale there as well.

But then I have another issue: I use Proton VPN on my PC (it’s almost always enabled), and when I enable Tailscale at the same time, both VPNs conflict and I lose internet access.

I tried using split tunneling (exclusion mode) to exclude Tailscale, but it didn’t work. I’m not very experienced with this, so I’m not sure if I configured it correctly.

My question is:

Is it possible to use Proton VPN and Tailscale at the same time on my computer, but use Tailscale only to access my server/apps? That way I could use HTTPS for everything and always access my apps through Tailscale instead of local access.

On Android, from what I’ve seen, it seems impossible to have both VPNs enabled at the same time (Proton and Tailscale), so currently I always have to disable Proton VPN whenever I want to access my server.

Any advice would be appreciated!

Does Tailscale out of the box protect like a standard VPN while browsing the web?