[modernpacifist]

- Entire site-to-site tunneling/routing. I didn't have to do anything for my parents I just dropped a subnet router at their place.

- Access my services/servers at home from anywhere in the world. Friendly mobile apps as well that allow the same.

- In cloud environments (for work and fun), don't even bother provisioning public IPs and having to deal with those firewall rules, just use Tailscale

- https://tailscale.com/blog/tailscale-auth-nginx/ describes how you can integrate nginx proxying with Tailscale auth to both leverage SSO and the authenticated endpoint

- I have a bootmod3 WiFi adapter plugged into my street/track car with a combo 5G/Linux unit in the car connected to my Tailscale that streams continuous telemetry about the car whenever its turned on. I could in theory re-flash the ECU via this.

- Using https://tailscale.com/kb/ondemand-access/ alongside node/subnet grouping to create a very neat first step towards auditing access to sensitive production services/environments.

- I use server-based dev environments to keep my portable laptop as clean as possible with no source code on it. VS Code remote + Coder server are fantastic over Tailscale.

+ others. Tailscale I think solves the problem of node-to-node-to-subnet connectivity at a convenient and flexible layer.

[newman314]

"- I have a bootmod3 WiFi adapter plugged into my street/track car with a combo 5G/Linux unit in the car connected to my Tailscale that streams continuous telemetry about the car whenever its turned on. I could in theory re-flash the ECU via this."

Do you have a writeup or more details you can share around this? This sounds interesting.

[acer589]

lol it sounds like a line from a Fast & Furious movie

[TylerE]

That sort of stuff is pretty common. Car guys have lots of disposable income. I'm certain there are devices out there that provide levels of telemetry that was only accessible to top-end racing teams just a decade or two ago.

[skrebbel]

> Entire site-to-site tunneling/routing. I didn't have to do anything for my parents I just dropped a subnet router at their place.

Can you elaborate? What do your parents need tailscale for? I mean my parents have internet purely by the telco dropping a router at their place and it just works, what is my family missing?

[brewdad]

Best guess is OP is hosting files or services that are shared with less tech-savvy parents. Similar to our setup. My son is away at college but still wants access to his music and movie collection on our NAS at home along with some other services. He setup a Tailscale connection and everyone is happy. I don't have to manage any of it and he doesn't have to work around the school's firewall and network architecture.

[modernpacifist]

Mostly standard VPN use cases. They can access my Plex server, Mealie instance and in turn I can remote access their devices without something like TeamViewer when they need IT Support or their home automation stuff is acting up.

Would their lives fall apart without it? No. But it makes my life as the family SRE much easier.

[sleepybrett]

This is no longer a problem for me since I switched my parents from windows to mac, but remote desktop login to troubleshoot their problems would be a huge bonus.

Other cool things I could do if I dropped a raspberry-pi w/ tailscale onto their network:

- Need another public IP to test something? Route my laptop through their network for awhile.

- share files with them or backup some of their devices to a fileserver I control.

- send print jobs to their printer, I don't keep a printer but they do because.. and I shit you not, they hate doing crosswords on their ipads, they print the damn things out every morning and work them on paper.

- Put it on their phones and have them route their requests through one of my exit nodes.

[marsokod]

In my case that's actually multiple functions: remote login without using TeamViewer and also for general remote support, and I have a small backup server at the place for my off-site backups.

[0xEFF]

What is it that Tailscale provides over plain vanilla wireguard? Is it a static address somewhere to connect to?

[modernpacifist]

It provides a consistent IP address (in the CGNAT range) that the end-device is always reachable at. On top of that you can use MagicDNS or regular DNS records to refer to it.

That IP is usable regardless of how that device and your device actually reach the internet. Further, no one device acts as a “server” and needs a stable public IP thanks to NAT traversal and the DERP fallback path. Keys are handled automatically with an option to not trust Tailscale infra in doing that (Tailscale lock) and I just need to auth devices with my Google Workspace/Gsuite SSO.

[zamnos]

Plain vanilla wireguard involves a bunch more faffing about with wg, wg0 and keys. With Tailscale, you (can just) install the software on each computer and then log in. There are also more advanced things you can do with Tailscale, but I chose Tailscale because of wanting to not have to deal with the setup like Wireguard (or OpenVPN) have.

[xena]

- Key distribution - DNS for your nodes - IP addressing - SSO integration

and so much more