Use Tailscale to build your own gated community (a.k.a. VPN) within the public internet: bypass geo-blocking, remotely control your smart home, and quickly provide services as a developer.
If you think of the internet as a road network, a VPN is like your own gated community with private roads embedded in the public road network1: Everything inside the community is secured by high walls, and there are well-defined gates to allow access in and out of the community. Using open-source tools like WireGuard, it has been quite a task to build and maintain a reliable and safe VPN for the computers and internet appliances you own.
Last year, I discovered Tailscale, a service that lets me securely set up my own gated community (a.k.a. my own VPN) without complex setup.
Here are three use cases for Tailscale:
Pretend you are somewhere else to work around geo-blocking: This is probably the most common use case for a "VPN for the masses": One of my machines2 in my Tailscale network is located in Germany, which allows me to access German media. Recently, I found a much better use case: While we were skiing in Austria, we realized that my daughter's iPad from school was geoblocked. She couldn't access her homework or emails just because we were one kilometer outside of Switzerland. Tailscale to the rescue: I created a hotspot on my phone which was connected to my VPN and used our Apple TV at home in Switzerland as an exit node (A hotspot was needed as the iPad from school doesn't allow the installation of apps).
Pretend you are at home to access your smart appliances: Using Tailscale's exit node obviously allows for another use case: I use Home Assistant (oh boy, what a nerd trap this ecosystem is) and Octoprint. I can only access these services from my home network. With Tailscale, I can check dashboards and control my home appliances remotely.
Expose a local service to the internet: The final use case is for developers only: In 2013, a tool called Ngrok became popular among developers for exposing local servers to the internet with secure tunnels. This is handy if you want to quickly demo something running on your local machine. You can do the same with Tailscale Funnel. I won't go into details, but it was useful for me when developing the chatbot for Topoprint.
Are there any downsides to using Tailscale? Although Tailscale makes it very easy to implement a VPN, you still need some technical expertise to set things up. There is obviously a higher risk as you do expose your network to the internet, though with, in my opinion, really good guardrails.
Oh, by the way: Tailscale Inc. is a software company based in Toronto, Ontario. Not in California, Texas, or Moscow3.
image credits: Joshua J. Mark (CC BY-NC-SA)
I'm not a fan of gated communities that segregate people in real life, but suitable metaphors don't endorse poor social behavior. ↩
Actually, a Raspberry Pi. ↩
I have to admit that I haven't studied the terms of service in detail. Tailscale processes data in accordance with Canadian laws. Nonetheless, Tailscale may disclose user information to U.S. law enforcement agencies in compliance with applicable U.S. laws, such as the Stored Communications Act, when legally required. See their privacy policy for details. It is important to note that traffic in the VPN is end-to-end encryption using the WireGuard protocol. Tailscale’s infrastructure, including its coordination and relay servers, handles only encrypted packets and does not have access to your unencrypted data. ↩