You Should Be Using Tailscale

You Should Be Using Tailscale

I am talking to some friends on Discord and one of them is fed up with Dropbox sync. It keeps failing, files are not showing up, the usual mess. And they ask the group, “Is there an AirDrop for Windows?”

I said Tailscale.

That started a whole conversation. And then I realized I have never actually written about it.

I actually used Tailscale back in college. I did not have my own router, I had no way to set up port forwarding, I needed to reach my machines, and I had no good options. Tail scale solved that for me. And then somehow I totally forgot about it.

Last year. Michael listened to a friend’s podcast where they mentioned Tailscale. We tried it. We fell in love with it all over again.

Let’s get started.

What Tailscale Actually Is

Tailscale connects all your devices into one private network. Your laptop, your desktop, your phone, even a server you have running in the cloud somewhere. All of them can talk to each other.

That is what it does in a nutshell.

You install it, you sign in, your devices can see each other. No port forwarding, no messing with your router, no praying that your settings did not reset overnight. It just works.

The network Tailscale creates is called a tailnet. Think of a tailnet as your own private bubble. Every device inside it gets a name and an address that only your other devices can see. Nobody on the outside can reach in unless you let them.

Why I Love It

I have tried to do port forwarding before. On most of my routers, it was not trivial. Sometimes I straight up could not do it.

Most internet service providers do not give you a public IP address anymore. There are not enough IPv4 addresses to go around, so your ISP puts you behind something called a double NAT. That means your router is behind another router that your ISP controls. And that means port forwarding from your end does not actually open a path to the outside world. You can configure your router perfectly and it still will not work because the ISP’s router is blocking.

That is not your problem. That is an internet infrastructure problem. And it affects a lot of people.

Tailscale does not care about any of that. It works through double NAT, hotel Wi-Fi, phone tethering, restrictive networks.

And the connection is fast.

How I Actually Use It

We have six users in our tailnet, all connected, all able to reach the machines they need.

Here is my favorite thing. Every device on your tailnet gets a hostname. A hostname is just a name for your machine, like a nickname that Tailscale uses to find it. So when I need to SSH into my Neo, I do not type some long IP address. I open my terminal and type something like:

ssh taylor@taylors-mac-neo

I do this many times a day. If I need to reach my MacBook Air instead, it is taylors-mac. Just the name, Tailscale knows where to find it.

I am at a coffee shop. I need to grab a file off my Air at home. I SSH in by hostname and pull it down. Or I need to drop something onto Michael’s Mac. Same thing, just the hostname, I am there.

It does not matter that I am on a completely different network, or that my home IP has changed. Tailscale handles all of it in the background.

Once you get into a machine by name from across the city, you never want to go back to doing it any other way.

Taildrop

Remember how my friend asked if there was an AirDrop for Windows? This is the answer.

Taildrop lets you send files directly between any devices on your tailnet. No Dropbox, no AirDrop, no emailing files to yourself. You just send the file straight to the other device.

On Mac or Windows, you right click a file and send it to another device on your tailnet. On the command line, you can use tailscale file cp to send and tailscale file get to receive. On your phone, you use the share sheet and pick the device you want to send to.

The file goes directly from your machine to the other machine through your encrypted tunnel. It never touches a third party server, never goes through the cloud. It is just your device talking to their device.

It works across platforms too. Mac to Windows, phone to laptop, Linux server to iPad, it does not matter.

Tailscale SSH

Normal SSH requires you to manage keys. You generate a key pair, copy the public key to the server, keep track of which keys go where, and hope you do not lock yourself out. If you have ever messed up an authorized_keys file, you know the pain.

Tailscale SSH skips all of that. It uses your Tailscale identity to authenticate you. You sign into Tailscale, and Tailscale tells the other machine who you are. No keys to manage, no keys to rotate, no keys to lose.

You still type ssh taylor@taylors-mac-neo the same way. But behind the scenes, Tailscale is handling the authentication instead of traditional SSH keys. And access is controlled through your tailnet’s access rules, so you decide who can SSH into what.

It is one less thing to manage. And when you are dealing with multiple machines, one less thing adds up fast.

MagicDNS

I mentioned hostnames earlier. The feature that makes that work is called MagicDNS.

When you turn it on, every device on your tailnet gets a name you can use instead of a number. Instead of remembering that your machine is at some random IP address, you just use its name. Neo. That is the name. That is the address.

It works everywhere. SSH, file transfers, web services you are running. Anywhere you would normally type an IP address, you type the name of the machine instead.

It sounds like a small thing. It is not. Your devices stop being numbers and start being places you can just go to by name.

Exit Nodes

This one is useful when you are traveling or on a network you do not trust. You can set one of your devices at home as an exit node. An exit node is a device that handles your internet traffic for you. When you turn it on, all your browsing, all your traffic, everything goes through that device first before hitting the internet.

So if you are on sketchy coffee shop Wi-Fi, your traffic goes through your secure home connection instead of going straight out through that network. It is like having your own personal VPN server, except it is just your computer at home.

Tailscale also has a partnership with Mullvad VPN. If you do not want to run your own exit node, you can route your traffic through Mullvad’s servers instead. You get commercial VPN protection without installing a separate app. It is all built right into Tailscale.

Tailscale DNS

Beyond MagicDNS, Tailscale lets you control DNS settings across your entire tailnet. DNS is the system that turns website names like google.com into the IP addresses your computer actually uses to connect. Tailscale lets you choose which DNS servers all your devices use.

You can point your tailnet at something like NextDNS or Pi-hole to block ads and trackers across every device automatically. Or you can use Tailscale’s own DNS to keep your queries private.

You configure it once in the admin console and it applies to every device on your tailnet. No installing ad blockers on each machine, no configuring DNS on each device. One setting, everywhere.

Tailscale also supports split DNS. That means you can tell it to use specific DNS servers for specific domains. If you have a work domain that needs to resolve through your company’s DNS server, you set that up in Tailscale and it only routes those lookups through that server. Everything else goes through your normal DNS. It keeps things clean and separated.

You can also set custom DNS records right in the admin console. Want a short name like dashboard to point to a specific machine on your tailnet? You add a DNS record for it. It is like running your own private DNS server without actually running one. You just type the name into the Tailscale admin panel and it works across every device.

Subnet Routers

Not every device can run Tailscale. Your printer probably cannot, your NAS might not, some old server in a closet definitely cannot.

A subnet router solves this. You install Tailscale on one machine that is on the same local network as those devices. Then you tell Tailscale to advertise that entire local network through that machine. Now every device on your tailnet can reach your printer, your NAS, and that old server, even though none of them have Tailscale installed.

The subnet router acts as a bridge. Your tailnet devices talk to the router, and the router passes the traffic along to the local devices. It is the way to bring devices into your tailnet without installing anything on them.

Funnel

Every feature I have talked about so far keeps things private. Your tailnet is your bubble. But sometimes you want to let the outside world in.

Funnel does that. It takes a service running on one of your devices and makes it reachable from the public internet. Tailscale gives you a URL that anyone can access, and traffic from that URL gets routed straight to your device through Tailscale’s infrastructure.

No port forwarding, no buying a domain, no setting up a web server in the cloud. You are running something on your machine and you want to share it with the world. Funnel gives it a public address.

This is useful for things like sharing a development server with a client, running a webhook endpoint for a service that needs to call back to you, or hosting a small project without paying for cloud infrastructure.

Serve

Serve is like Funnel’s quieter sibling. Instead of exposing something to the entire internet, Serve makes it available only to people on your tailnet.

You are running a web app on port 3000 on your laptop. You want a teammate to see it. Serve gives it a proper HTTPS address that works on your tailnet, complete with a real security certificate so there are no browser warnings. Your teammate opens the link, sees your app, and nobody outside your tailnet can reach it.

It is perfect for sharing work in progress. No deploying to a staging server, no screen sharing. Just a link that works for your team.

Access Controls

When you have multiple people on a tailnet, you probably do not want everyone to have access to everything. Access controls let you set rules for who can reach what.

You write these rules in Tailscale’s admin console. They are straightforward. You can say things like “Taylor can SSH into any machine” or “this group can only reach the web server on port 443” or “nobody can touch the database server except the admin.”

You can also tag devices. Tag a machine as a server, a development box, or a production system. Then write rules based on those tags instead of individual device names. It keeps things organized as your tailnet grows.

HTTPS Certificates

If you are running web services on your tailnet, Tailscale can automatically give them real HTTPS certificates. Not self-signed certificates that make your browser throw warnings, real ones issued through Let’s Encrypt.

That means you can run a web service on your home machine, access it from anywhere on your tailnet, and your browser treats it like a normal secure website. No certificate errors, no clicking through warnings. It just works.

Community Tools Worth Knowing About

Tailscale has an active community that builds tools on top of it. I have not played with all of these yet, but they are worth mentioning because they show how much you can do once your devices are connected.

Telltail is a shared clipboard for your tailnet. You copy something on one machine and paste it on another. It is not built by Tailscale themselves, but it runs over your tailnet so everything stays private. If you have ever wanted to copy a link on your phone and paste it on your laptop without texting it to yourself, this is that.

tclip is a private pastebin for your tailnet. You paste text into it from one machine and grab it from another. Think of it like a sticky note that all your devices can see. Nobody outside your tailnet can access it.

Golink is a private shortcut system. You create short links like go/docs or go/dashboard that only work on your tailnet. Instead of bookmarking long URLs, you just type a short name. It is like having your own private URL shortener.

These are community projects, not official Tailscale features. But they show what becomes possible when all your devices are already connected and talking to each other. The hard part is already done. These tools just build on top of it.

What It Costs

Tailscale has a free plan that covers up to three users. For a lot of people, that is all you need to get started.

We have six users, so we are on the Personal plan. It is six dollars a month or forty eight dollars a year if you pay annually. That gets us more users, better admin controls, and longer key expiration so you are not constantly re-authenticating your devices.

There is also a Starter plan for small teams that need more features like group provisioning and longer audit logs. And there is an Enterprise plan for bigger organizations that need things like custom contracts and dedicated support.

But honestly, for personal use, you are looking at either free or the Personal plan. That is it.

For something I use every single day on every machine I own, six dollars a month is nothing.

Getting Started

Here is the entire setup process. It is short.

Step one. Go to tailscale.com and create an account. You can sign in with Google, Microsoft, GitHub, or Apple.

Step two. Download the Tailscale app on every device you want to connect. It is available on Mac, Windows, Linux, iOS, and Android.

Step three. Open the app on each device and sign in with the same account.

That is it. Your devices can now see each other. You are on your tailnet.

If you want to SSH between machines, just make sure SSH is enabled on the machine you want to connect to. SSH stands for Secure Shell. It is a way to remotely control a computer through the terminal. On Mac, you turn it on in System Settings under General, then Sharing, then Remote Login. Once that is on, you can SSH in from any other device on your tailnet using the hostname Tailscale gave it.

If you want to send files, use Taildrop. Right click a file and send it, or use tailscale file cp on the command line.

If you want to use an exit node, pick one of your devices in the admin console and enable it as an exit node. Then on your other devices, select it as the exit node in the Tailscale app.

Everything else is optional. The core experience is install, sign in, connect. Three steps.

Who Should Use This

If you have more than one computer, you should be using Tailscale. If you ever need to access something remotely, you should be using Tailscale. If you have ever spent an afternoon fighting with port forwarding only to find out your ISP has you behind a double NAT, you should have been using Tailscale the whole time.

It is one of those tools that once you start using, you wonder how you lived without it.

Thank you for reading.