[analyst74]

I was just reading about it the other day, pure ingenuity!

For those who don't have time to read, Tailscale uses a quirk in how stateful firewall treats inbound UDP traffic to allow connection to a remote server without it opening up to the public.

[bingo-bongo]

Isn’t this exactly about opening it up to the public internet..?

[analyst74]

It only opens up to another machine validated by public keys.

It serves similar purpose as opening firewall to just a specific IP/port and dynamically change the IP/port as the other machine moves or disconnects. One of the main advantage is that it works behind NATs you don't control (i.e. public WiFi).

Edit: also most home routers do not have the ability to dynamically open up to specific IPs based on where your outside machine is.

[drexlspivey]

Yes but without having to mess with your router config