What is Tailscale?<\/h3>\n![\"Tailscale](\"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2022\/11\/Tailscale-vs-Traditional-VPN-small.png\" "\\"Tailscale")
Tailscale vs Traditional VPN<\/figcaption><\/figure>\nTailscale at its core is a virtual private network mesh based on the Wireguard communications protocol. Wireguard is an open source protocol that is at the heart of many VPNs, and one of the options in my current VPN, Private Internet Access (my referral link to PIA<\/a>).<\/p>\nYou\u2019re wondering at this moment why I\u2019m recommending a VPN called Tailscale when I just said that PIA is my current VPN. These two applications solve very different problems and yet overlap in some ways.<\/p>\n
A traditional VPN like PIA is designed to allow you to protect your traffic from prying eyes but routing all of that traffic through a hosted VPN server. You can obfuscate your country of origin and also obfuscate what data you\u2019re transmitting and receiving.<\/p>\n
Tailscale provides a virtual private network of a completely different sort. Let me explain by example. Let\u2019s say you have a desktop Mac at home and you use an iPad or even just an iPhone when you\u2019re on vacation. If you install Tailscale on both the Mac and iOS device, the two devices will be made part of a virtual private network without routing traffic through a third-party server.<\/p>\n
I entitled this article \u201cTailscale is Magical\u201d because that\u2019s how it feels, and it is magically easy to set up. Now that I\u2019ve got your attention, let\u2019s talk about the Tailscale business model. After that, we’ll walk through how you install Tailscale and how you access different devices across the network.<\/p>\n
Pricing<\/h3>\n
Tailscale follows the freemium model. For free, you can, as an individual user, use Tailscale to connect 20 devices on a virtual private network. If you have a small team of people who need to access the same devices over the Internet, for $5 per user per month you can get 5 devices per user. Bigger teams can get 10 devices per user for $15 per user per month and enterprises can get even more. https:\/\/tailscale.com\/pricing\/<\/a><\/p>\nThe number of devices isn\u2019t the only distinction between the plans. As you work up into the paid plans you can use access control lists and other integrations that are beyond the scope of this discussion.<\/p>\n
Now that we know they don\u2019t follow the Freepi model, a term coined by Bart to describe free services that then sell your data, let\u2019s get into the fun part of running Tailscale.<\/p>\n
Installation<\/h3>\n
Tailscale is cross-platform in the most complete sense. They have clients for macOS, iOS, Windows, Linux, and Android. Yes, everyone gets to play.<\/p>\n
macOS and iOS clients are in their respective App Stores. Android users scan a barcode from the Tailscale website, Windows users download from the web, and Linux is installed using the curl command.<\/p>\n
You can also install Tailscale on a Synology from the Package Center, which is like an App Store except everything I\u2019ve seen in there has been free.<\/p>\n
macOS Installation<\/h4>\n![\"Tailscale](\"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2022\/11\/Tailscale-Allow-VPN-configurations-on-macOS.png\" "\\"Tailscale")
Tailscale Allow VPN configurations on macOS<\/figcaption><\/figure>\nWhen you first launch Tailscale on the Mac, it asks for your permission to allow VPN configurations. Next Tailscale will then ask permission to add its VPN configuration.<\/p>\n
You\u2019ll be prompted through the Tailscale website to log in and you can choose a Google login, Microsoft, or GitHub.<\/p>\n
After the installation, you\u2019ll be shown your admin console in a web interface where you can see your Mac listed as being part of the VPN mesh. The real fun begins when you add a second device to Tailscale. Without more devices, your first device is just sitting on this isolated island with no one to talk to.<\/p>\n
iOS\/iPadOS Installation<\/h3>\n
Installation on an iPhone or iPad is just as simple. Download Tailscale from the app store, and the first time you open it, it asks to install the VPN configuration profile just like it did on the Mac. Authenticate with your passcode for your device and it launches Tailscale.<\/p>\n![\"Tailscale](\"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2022\/11\/Tailscale-Device-Listing-on-iOS.jpeg\" "\\"Tailscale")
Tailscale Device Listing on iOS<\/figcaption><\/figure>\nNow things get exciting. Tailscale on iOS shows you a list of devices that are part of your little VPN mesh. For each device, you can see the IP address that has been assigned by the VPN. My home network is the classic 192.168.x.x, but I can see my devices all starting with 100.x.x.x.<\/p>\n
All of the devices in the VPN mesh created by Tailscale are living on two networks simultaneously. When you\u2019re away from home, the devices on the VPN mesh will be able to talk to each other even though you’re on a different network. But we\u2019ll get to how to do that shortly.<\/p>\n
I have to take a side step here to tell you about one of my favorite<\/em> things about Tailscale. It creates what it calls MagicDNS. To refresh everyone\u2019s memory, DNS stands for the Domain Name System and at its most basic level, it\u2019s what lets you type podfeet.com into your browser instead of my server\u2019s IP address 172.67.199.198.<\/p>\nMagicDNS from Tailscale creates a mapping between the name of your device and the IP address Tailscale has given to that device. For example, my MacBook Pro is called Al Max in System Preferences \u2192 Sharing \u2192 Computer Name. Tailscale\u2019s MagicDNS has created an entry for al-max to be a specific IP on my VPN mesh network.<\/p>\n
You\u2019re probably asking why you would care about this MagicDNS thing. For one thing, the list of devices in the Tailscale app has real names and IPs so it\u2019s super easy to see which device is which.<\/p>\n
But again, why do you need this at all? If you ever need to connect to one of your devices via its IP address, now you don’t need to remember the number, you can just remember its name.<\/p>\n
I haven\u2019t talked about how to install Tailscale on a Synology but it\u2019s just as easy as it is on a Mac. You install the Package, open it, authenticate, and now the Synology is on the Tailscale VPN mesh network. My Synology\u2019s name is Syntax, so now I can access the web interface of my Synology by simply entering http:\/\/syntax into the URL bar. Pretty dang cool.<\/p>\n
Using Tailscale with Anger<\/h3>\n![\"iOS](\"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2022\/11\/iOS-Connected-to-al-max.jpeg\" "\\"iOS")
iOS Connected to al-max<\/figcaption><\/figure>\nHow would this be helpful to an iPad or iPhone user in the real world? Let\u2019s say you\u2019re on a beach in the Seychelles having closed a deal to buy a house right before you left on vacation. You get a frantic text from your realtor telling you that you forgot to email her one last critical piece of information. The file is on your desktop at home and all you have with you is your iOS device.<\/p>\n
No problem at all. Your iPhone or iPad are both on the Tailscale mesh network and so is your Mac. Open the Files app, and when you\u2019re in Browse, there\u2019s a three-dot menu in the upper right. In that menu is an option to Connect to Server. Simply type the MagicDNS name of your Mac. You\u2019ll be asked to authenticate to your Mac with your normal login, and you can navigate just like you\u2019re in the Finder on your Mac using the Files app.<\/p>\n
Seriously, it\u2019s like magic. The next time you need to go to your Mac from your iOS device, your Mac will already be in a list of servers you can connect to and your credentials are already stored.<\/p>\n
Let\u2019s say you\u2019re a bit nerdier \u2014 like yours truly \u2014 and you carry your laptop along on vacations. With Tailscale installed on your desktop Mac, you can access all of your files on the home Mac right from the Finder on your traveling Mac.<\/p>\n
While on a different network you don’t see them in the left sidebar of the Finder window like you do when you’re at home. Instead, use the Go \u2192 Connect to Server menu from the Finder and type in the MagicDNS name. All your files are there.<\/p>\n
Here’s yet another cool thing you can do with Tailscale. Let’s say you do tech support for a family member or friend. If they give you permission to run Tailscale on their computer, you can connect into their Mac using the built-in Screenshare app using just their devices’ MagicDNS name. Heck, you can screenshare into your own<\/em> Macs if its in Tailscale.<\/p>\nRemember Ed Tobias’s story about his relative who almost lost a lot of money when she got scammed into giving a bad actor access to her Mac? I asked Ed whether Tailscale would be a good solution for him to be able to help her remotely and yet not have her be vulnerable. He and I did some experiments<\/p>\n
I talked to Ed Tobias about whether this would be a way he could help his family member remotely without her being vulnerable to someone taking over her machine. He pointed out that if the scammer knew to ask if she was running Tailscale (by describing the icon in the menu bar), they could get her to open the admin console, and from there Tailscale allows you to share the connection to another Tailscale user.<\/p>\n
It seemed that the developers of Tailscale would have thought of this potential attack vector and indeed they have. If you pay for your accounts for you and another user (at $5\/month), then you have the ability to enable access controls. You can create users who do not have admin rights and therefore do not have the ability to open the admin console and grant access to anyone else.<\/p>\n
In Ed’s case, his relative lives 20 minutes away and he’s often there anyway, so it wouldn’t be worth $10\/month to him. But if you have remote users you need to help that are farther away, or you need a relatively inexpensive way to help clients, a paid Tailscale account might be something to consider.<\/p>\n
While Ed and I were chatting, he was talking about a web server he runs on a Raspberry Pi that he keeps isolated on his guest network. He can install Tailscale on the Raspberry Pi and on his Mac and now he’ll have easy access to it as it will be on his own virtual private network.<\/p>\n
What About Other VPNs?<\/h3>\n
One question I had was how the use of Tailscale might affect my \u201cregular\u201d VPN software PIA. Would I no longer need PIA? Would the two VPNs conflict with each other? Maybe I would have to flip between the two depending on what I was trying to accomplish.<\/p>\n
Unless I have a fundamental misunderstanding, which is altogether possible, you will run into problems if you try to run another VPN alongside Tailscale.<\/p>\n
I ran some tests to see what would happen. On my Mac, I joined my guest network and turned on PIA while still running Tailscale. I made sure to enable split tunneling in PIA, the technology that allows you to still see inside your local network. I thought perhaps that would allow me to still see my Tailscale network but it didn\u2019t work.<\/p>\n
I tried the same thing on my iPad, but in Settings \u2192 VPN, it just toggled between the two VPNs. I could not simultaneously run both Tailscale and PIA.<\/p>\n
While doing Internetty things on a WiFi network I don\u2019t trust, I\u2019ll continue to run my normal VPN, PIA. When I need to connect to my home network, I\u2019ll disable PIA and enable Tailscale. I know the traffic to my home will be protected from prying eyes while I use Tailscale.<\/p>\n
Menu Bar App on macOS<\/h3>\n![\"Tailscale](\"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2022\/11\/Tailscale-Menu-Bar-App-2.png\" "\\"Tailscale")
Tailscale Menu Bar App<\/figcaption><\/figure>\nThere are a few easy ways to get more information and maybe tailor your use of Tailscale. On the Mac, Tailscale installs as a menu bar app. In the dropdown, you can see your own devices\u2019 Tailscale IP and you can see the MagicDNS names of all of your other Tailscale-enabled devices. If you select one of them in the list, it automatically copies the IP address to your clipboard.<\/p>\n
From the Tailscale menu you can also select your login name and from there open the admin console. This is the web page I mentioned right after I explained how to install the app.<\/p>\n
In the admin console, the machines tab shows you in a nice table all of the machines you have in Tailscale, along with their IP addresses, the OS they\u2019re running, the version of Tailscale they\u2019re running (and if it\u2019s out of date you\u2019ll see a warning to upgrade), and when the machine was last connected.<\/p>\n![\"Tailscale](\"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2022\/11\/Tailscale-Admin-Console.png\" "\\"Tailscale")
Tailscale Admin Console<\/figcaption><\/figure>\nThe admin console has a lot of features and most of them are beyond my skill set this early after learning to use it. I highly encourage you to poke around in the tabs of this interface if you want to learn more about what you can do with Tailscale.<\/p>\n
The one item I haven’t learned how to use yet but intrigues me is the ability to designate one of your machines as an exit node<\/a>. If I understand it correctly, I think it might allow you to treat Tailscale as a traditional VPN, using one of the devices in your network to act as a relay to the Internet. In the short amount of time I\u2019ve had to play with Tailscale, I haven\u2019t had time to figure out how to test this feature, but it sure sounds nifty.<\/p>\nBottom Line<\/h3>\n
I hope I haven\u2019t made this sound overly complex because it really is super easy to install and configure Tailscale. I had it running in less than 10 minutes after I decided to give it a try. I got curious about how it works and hope that you enjoyed knowing a little more about this free, magical technology.<\/p>\n
If you think you might ever want to access data on a device you\u2019ve left behind, or share a screen from a remote network, I highly recommend setting up Tailscale now so it\u2019s ready for you when you need it. MagicDNS alone is worth the price of free even when you\u2019re at home.<\/p>\n
Tailscale at its core is a virtual private network mesh based on the Wireguard communications protocol. Wireguard is an open source protocol that is at the heart of many VPNs, and one of the options in my current VPN, Private Internet Access (my referral link to PIA<\/a>).<\/p>\n You\u2019re wondering at this moment why I\u2019m recommending a VPN called Tailscale when I just said that PIA is my current VPN. These two applications solve very different problems and yet overlap in some ways.<\/p>\n A traditional VPN like PIA is designed to allow you to protect your traffic from prying eyes but routing all of that traffic through a hosted VPN server. You can obfuscate your country of origin and also obfuscate what data you\u2019re transmitting and receiving.<\/p>\n Tailscale provides a virtual private network of a completely different sort. Let me explain by example. Let\u2019s say you have a desktop Mac at home and you use an iPad or even just an iPhone when you\u2019re on vacation. If you install Tailscale on both the Mac and iOS device, the two devices will be made part of a virtual private network without routing traffic through a third-party server.<\/p>\n I entitled this article \u201cTailscale is Magical\u201d because that\u2019s how it feels, and it is magically easy to set up. Now that I\u2019ve got your attention, let\u2019s talk about the Tailscale business model. After that, we’ll walk through how you install Tailscale and how you access different devices across the network.<\/p>\n Tailscale follows the freemium model. For free, you can, as an individual user, use Tailscale to connect 20 devices on a virtual private network. If you have a small team of people who need to access the same devices over the Internet, for $5 per user per month you can get 5 devices per user. Bigger teams can get 10 devices per user for $15 per user per month and enterprises can get even more. https:\/\/tailscale.com\/pricing\/<\/a><\/p>\n The number of devices isn\u2019t the only distinction between the plans. As you work up into the paid plans you can use access control lists and other integrations that are beyond the scope of this discussion.<\/p>\n Now that we know they don\u2019t follow the Freepi model, a term coined by Bart to describe free services that then sell your data, let\u2019s get into the fun part of running Tailscale.<\/p>\n Tailscale is cross-platform in the most complete sense. They have clients for macOS, iOS, Windows, Linux, and Android. Yes, everyone gets to play.<\/p>\n macOS and iOS clients are in their respective App Stores. Android users scan a barcode from the Tailscale website, Windows users download from the web, and Linux is installed using the curl command.<\/p>\n You can also install Tailscale on a Synology from the Package Center, which is like an App Store except everything I\u2019ve seen in there has been free.<\/p>\n When you first launch Tailscale on the Mac, it asks for your permission to allow VPN configurations. Next Tailscale will then ask permission to add its VPN configuration.<\/p>\n You\u2019ll be prompted through the Tailscale website to log in and you can choose a Google login, Microsoft, or GitHub.<\/p>\n After the installation, you\u2019ll be shown your admin console in a web interface where you can see your Mac listed as being part of the VPN mesh. The real fun begins when you add a second device to Tailscale. Without more devices, your first device is just sitting on this isolated island with no one to talk to.<\/p>\n Installation on an iPhone or iPad is just as simple. Download Tailscale from the app store, and the first time you open it, it asks to install the VPN configuration profile just like it did on the Mac. Authenticate with your passcode for your device and it launches Tailscale.<\/p>\n Now things get exciting. Tailscale on iOS shows you a list of devices that are part of your little VPN mesh. For each device, you can see the IP address that has been assigned by the VPN. My home network is the classic 192.168.x.x, but I can see my devices all starting with 100.x.x.x.<\/p>\n All of the devices in the VPN mesh created by Tailscale are living on two networks simultaneously. When you\u2019re away from home, the devices on the VPN mesh will be able to talk to each other even though you’re on a different network. But we\u2019ll get to how to do that shortly.<\/p>\n I have to take a side step here to tell you about one of my favorite<\/em> things about Tailscale. It creates what it calls MagicDNS. To refresh everyone\u2019s memory, DNS stands for the Domain Name System and at its most basic level, it\u2019s what lets you type podfeet.com into your browser instead of my server\u2019s IP address 172.67.199.198.<\/p>\n MagicDNS from Tailscale creates a mapping between the name of your device and the IP address Tailscale has given to that device. For example, my MacBook Pro is called Al Max in System Preferences \u2192 Sharing \u2192 Computer Name. Tailscale\u2019s MagicDNS has created an entry for al-max to be a specific IP on my VPN mesh network.<\/p>\n You\u2019re probably asking why you would care about this MagicDNS thing. For one thing, the list of devices in the Tailscale app has real names and IPs so it\u2019s super easy to see which device is which.<\/p>\n But again, why do you need this at all? If you ever need to connect to one of your devices via its IP address, now you don’t need to remember the number, you can just remember its name.<\/p>\n I haven\u2019t talked about how to install Tailscale on a Synology but it\u2019s just as easy as it is on a Mac. You install the Package, open it, authenticate, and now the Synology is on the Tailscale VPN mesh network. My Synology\u2019s name is Syntax, so now I can access the web interface of my Synology by simply entering http:\/\/syntax into the URL bar. Pretty dang cool.<\/p>\n How would this be helpful to an iPad or iPhone user in the real world? Let\u2019s say you\u2019re on a beach in the Seychelles having closed a deal to buy a house right before you left on vacation. You get a frantic text from your realtor telling you that you forgot to email her one last critical piece of information. The file is on your desktop at home and all you have with you is your iOS device.<\/p>\n No problem at all. Your iPhone or iPad are both on the Tailscale mesh network and so is your Mac. Open the Files app, and when you\u2019re in Browse, there\u2019s a three-dot menu in the upper right. In that menu is an option to Connect to Server. Simply type the MagicDNS name of your Mac. You\u2019ll be asked to authenticate to your Mac with your normal login, and you can navigate just like you\u2019re in the Finder on your Mac using the Files app.<\/p>\n Seriously, it\u2019s like magic. The next time you need to go to your Mac from your iOS device, your Mac will already be in a list of servers you can connect to and your credentials are already stored.<\/p>\n Let\u2019s say you\u2019re a bit nerdier \u2014 like yours truly \u2014 and you carry your laptop along on vacations. With Tailscale installed on your desktop Mac, you can access all of your files on the home Mac right from the Finder on your traveling Mac.<\/p>\n While on a different network you don’t see them in the left sidebar of the Finder window like you do when you’re at home. Instead, use the Go \u2192 Connect to Server menu from the Finder and type in the MagicDNS name. All your files are there.<\/p>\n Here’s yet another cool thing you can do with Tailscale. Let’s say you do tech support for a family member or friend. If they give you permission to run Tailscale on their computer, you can connect into their Mac using the built-in Screenshare app using just their devices’ MagicDNS name. Heck, you can screenshare into your own<\/em> Macs if its in Tailscale.<\/p>\n Remember Ed Tobias’s story about his relative who almost lost a lot of money when she got scammed into giving a bad actor access to her Mac? I asked Ed whether Tailscale would be a good solution for him to be able to help her remotely and yet not have her be vulnerable. He and I did some experiments<\/p>\n I talked to Ed Tobias about whether this would be a way he could help his family member remotely without her being vulnerable to someone taking over her machine. He pointed out that if the scammer knew to ask if she was running Tailscale (by describing the icon in the menu bar), they could get her to open the admin console, and from there Tailscale allows you to share the connection to another Tailscale user.<\/p>\n It seemed that the developers of Tailscale would have thought of this potential attack vector and indeed they have. If you pay for your accounts for you and another user (at $5\/month), then you have the ability to enable access controls. You can create users who do not have admin rights and therefore do not have the ability to open the admin console and grant access to anyone else.<\/p>\n In Ed’s case, his relative lives 20 minutes away and he’s often there anyway, so it wouldn’t be worth $10\/month to him. But if you have remote users you need to help that are farther away, or you need a relatively inexpensive way to help clients, a paid Tailscale account might be something to consider.<\/p>\n While Ed and I were chatting, he was talking about a web server he runs on a Raspberry Pi that he keeps isolated on his guest network. He can install Tailscale on the Raspberry Pi and on his Mac and now he’ll have easy access to it as it will be on his own virtual private network.<\/p>\n One question I had was how the use of Tailscale might affect my \u201cregular\u201d VPN software PIA. Would I no longer need PIA? Would the two VPNs conflict with each other? Maybe I would have to flip between the two depending on what I was trying to accomplish.<\/p>\n Unless I have a fundamental misunderstanding, which is altogether possible, you will run into problems if you try to run another VPN alongside Tailscale.<\/p>\n I ran some tests to see what would happen. On my Mac, I joined my guest network and turned on PIA while still running Tailscale. I made sure to enable split tunneling in PIA, the technology that allows you to still see inside your local network. I thought perhaps that would allow me to still see my Tailscale network but it didn\u2019t work.<\/p>\n I tried the same thing on my iPad, but in Settings \u2192 VPN, it just toggled between the two VPNs. I could not simultaneously run both Tailscale and PIA.<\/p>\n While doing Internetty things on a WiFi network I don\u2019t trust, I\u2019ll continue to run my normal VPN, PIA. When I need to connect to my home network, I\u2019ll disable PIA and enable Tailscale. I know the traffic to my home will be protected from prying eyes while I use Tailscale.<\/p>\n There are a few easy ways to get more information and maybe tailor your use of Tailscale. On the Mac, Tailscale installs as a menu bar app. In the dropdown, you can see your own devices\u2019 Tailscale IP and you can see the MagicDNS names of all of your other Tailscale-enabled devices. If you select one of them in the list, it automatically copies the IP address to your clipboard.<\/p>\n From the Tailscale menu you can also select your login name and from there open the admin console. This is the web page I mentioned right after I explained how to install the app.<\/p>\n In the admin console, the machines tab shows you in a nice table all of the machines you have in Tailscale, along with their IP addresses, the OS they\u2019re running, the version of Tailscale they\u2019re running (and if it\u2019s out of date you\u2019ll see a warning to upgrade), and when the machine was last connected.<\/p>\n The admin console has a lot of features and most of them are beyond my skill set this early after learning to use it. I highly encourage you to poke around in the tabs of this interface if you want to learn more about what you can do with Tailscale.<\/p>\n The one item I haven’t learned how to use yet but intrigues me is the ability to designate one of your machines as an exit node<\/a>. If I understand it correctly, I think it might allow you to treat Tailscale as a traditional VPN, using one of the devices in your network to act as a relay to the Internet. In the short amount of time I\u2019ve had to play with Tailscale, I haven\u2019t had time to figure out how to test this feature, but it sure sounds nifty.<\/p>\n I hope I haven\u2019t made this sound overly complex because it really is super easy to install and configure Tailscale. I had it running in less than 10 minutes after I decided to give it a try. I got curious about how it works and hope that you enjoyed knowing a little more about this free, magical technology.<\/p>\n If you think you might ever want to access data on a device you\u2019ve left behind, or share a screen from a remote network, I highly recommend setting up Tailscale now so it\u2019s ready for you when you need it. MagicDNS alone is worth the price of free even when you\u2019re at home.<\/p>\nPricing<\/h3>\n
Installation<\/h3>\n
macOS Installation<\/h4>\n
iOS\/iPadOS Installation<\/h3>\n
Using Tailscale with Anger<\/h3>\n
What About Other VPNs?<\/h3>\n
Menu Bar App on macOS<\/h3>\n
Bottom Line<\/h3>\n