Can you elaborate? What role does Tailscale play? I selfhost and have heard abou...

AnonC · 2025-12-06T03:19:20 1764991160

Not GP. My guess is that they’re self hosting this at home (not on a server that’s on the internet), and Tailscale easily and securely allows them to access this when they’re elsewhere.

Sanzig · 2025-12-06T03:29:30 1764991770

Even if you are self hosting in the cloud or on a rented box, Tailscale is still really nice from a security perspective. No need to expose anything to the internet, and you can easily mix and match remotely hosted and home servers since they all are on the same Tailnet.

lucb1e · 2025-12-06T17:39:42 1765042782

I host at home and can access the things at home just fine by having the server as DMZ in the router, or whatever it is called these days. This doesn't really answer what Tailscale does more than port forwarding. If it punches NAT, that sounds like it actually makes you rely on a third party to host your STUN, i.e. you're not self hosting the Tailscale server?

AnonC · 2025-12-08T04:07:51 1765166871

Yes, it does NAT traversal. If you don’t trust Tailscale servers, you can host the open source equivalent, Headscale (headscale.net) and use the open source Tailscale clients.

digitalDM · 2025-12-06T03:39:49 1764992389

In my words, I use Tailscale at home but not for this (yet). Tailscale is a simple mesh network that joins my home computers and phones while on separate networks. Like a VPN, but only the phone to PC traffic flows on that virtual private network.

nickthegreek · 2025-12-06T05:37:37 1764999457

Tailscale routes my mobile device dns through my pile back at the home. I have nginx setup with easy to remember domains (photos.my domain.com) that work when i’m away as well without exposing anything to the open internet.

lucb1e · 2025-12-06T17:41:47 1765042907

Why not call it VPN if that's what it is? In your case, it sounds like configuring your "pile" (is that a DNS server, short for pihole maybe?) on your phone would do the same thing, but if the goal is to not expose anything to the open internet, a VPN would be the thing that does that

nickthegreek · 2025-12-07T15:00:21 1765119621

your internet traffic isn’t routed through it like a traditional vpn.

tjpnz · 2025-12-06T04:25:48 1764995148

Tailscale gives me access to my home network when I'm not at home. I can be on a train, in another country even, and watch shows streamed off the Raspberry Pi in my home office.

lucb1e · 2025-12-06T17:45:45 1765043145

That's called a VPN

Is this like "Band-Aid" that used to be a brand name but now people just use it generically?

UltraSane · 2025-12-06T04:43:11 1764996191

With tailscale on your server and endpoints you can access the server from anywhere without even having to open any ports. It is like magic.

lucb1e · 2025-12-06T17:46:59 1765043219

If you don't open ports, how can it reach your internal services to allow you access to them?

UltraSane · 2025-12-06T21:18:40 1765055920

by using a wireguard tunnel and NAT traversal

https://tailscale.com/blog/how-nat-traversal-works

lucb1e · 2025-12-07T00:48:58 1765068538

Ah, by using their servers:

> How do we break the deadlock? That’s where STUN comes in. [...] In Tailscale, our coordination server and fleet of DERP (Detour Encrypted Routing Protocol) servers act as our side channel

UltraSane · 2025-12-07T05:11:13 1765084273

Yes, NAT traversal is used widely. It is only needed at the start of the connection to get both firewalls to open ports. The encrypted wireguard tunnel is point to point

lucb1e · 2025-12-07T18:18:04 1765131484

What I find crazy is that people describe "not self hosting" as a "like magic" solution to self hosting

UltraSane · 2025-12-08T01:00:45 1765155645

You can run your own DERP server if you really want to

docker run -d --name derper -p 443:443 -p 3478:3478/udp \ ghcr.io/tailscale/derper:latest

dawnerd · 2025-12-06T04:38:57 1764995937

Tailscale can give you domains + ssl for local services with basically no effort.