What are /r/Tailscale's favorite Products & Services?

From 3.5 billion Reddit comments

Tailscale by default is designed to connect your machines together (hence the name virtual private network). It doesn’t route all traffic through this network, only whatever is necessary to communicate between your machines. This behavior distinguishes Tailscale from, for instance, NordVPN.

If you want to change your public IP address, look up what Tailscale exit nodes are.

> If you have a VPN setup from home to a server on digital ocean, it'll then be visible from the digital ocean server.

In the case you describe, I would like that the DigitalOcean server sends the exit traffic to a 3rd party VPN (Mullvad, Proton, etc)

Not sure why you want to use tailscale as an exit node then relay to mulvad. On android you can simultaneously connect both to tailscale and mulvad at the same time using the work profile feature.

Shelter is an app that allows you to create a local work profile

https://play.google.com/store/apps/details?id=net.typeblog.shelter&hl=en_US&gl=US

You can then install apps that need mulvad on your main profile and apps that need tailscale on your work profile (or vice versa).

That being said if you really want to use tailscales exit node and connected to mulvad only using tailscale then the only way I can think of is you would need a router to connect to mulvad and use tailscale as a exit node. Doing this has some major draw backs primary one being you will most likely take a big network speed hit since you are double routing your traffic. I haven't tested this either so I can't help much on this front.

Yeah it’s exactly that, on the discord where I am their is time to time people asking for help and sometime It’s to use a vpn to being able to connect to their home network but the first thing that come to their mind when we tell them that they need a vpn for what they want it’s vpn provider like NordVPN and all.

I think it must be super confusing for less technical office workers. They see adverts for things like NordVPN and what not, and then see that their work uses a VPN to access various tools. It must be really confusing to understand what the difference is.

I don't really know why they went the "VPN" route on marketing, perhaps the term proxy had some worse user testing.

Your Chromecast and phone need to be able to talk to each other directly, and Chromecast needs to talk to the internet, and both need to appear in the US.

Your best option is to get NordVPN into your WiFi router so everything behind it is on the VPN together.

correct, this screenshot indicates there is no exit-node configured for the Tailnet.

Exit nodes are for if you're trying to replicate some NordVPN (or similar) style VPN, where it routes all your devices internet-bound traffic though that device that is configured as an exit-node to reach the internet.

For your phone you can't (currently) run multiple VPNs because they do not typically support virtual network adapters like computers.

So it's 1 VPN at a time for mobile devices.

For computers they're able to create multiple virtual network adapters so depending on the VPN you use, you can get both to work together.

I currently use PIA (Private Internet Access) and Tailscale on my computers with no issues. (Windows and Ubuntu)

For PIA I turned off the Killswitch feature and it allows Tailscale to work properly. I have tried this with other VPNs and it did not work. (Nord and TOR)

For a possible solution for your phone, depending on your NAS, you could set it up to be an exit node to encrypt the traffic from your phone to your NAS, then have your home internet router with a VPN installed on it to then obscure your traffic from your NAS to the internet.

Hopefully there's an easier solution than that but I have just built my own wireguard VPS to carry all my traffic and have remote access to other nodes. Not as easy as Tailscale but it works for devices I always want all internet traffic to use a VPN and still have remote access to.

I haven't found a single solution for all my use cases haha so I just have multiple setups.

You're not thinking carefully about how different the service provided by Tailscale is from a service like, eg, NordVPN. I'll point out three differences. First, Nord and other typical VPN providers can see all of your unencrypted data at their end of the VPN tunnel. Tailscale can't see the unencrypted content of your VPN tunnels so isn't in a position to compromise you the way Nord is. Second, Tailscale has to maintain information about all of the machines at both ends of all Tailscale VPN tunnels in order to work. Since Nord provides the endpoints on their end of their VPN tunnels they don't have to do that. Last, if you're concerned enough you can set up your own Headscale server and cut the company Tailscale out of your Tailscale VPN web completely.

To share VPN from android tethering use free ap Every Proxy

https://play.google.com/store/apps/details?id=com.gorillasoftware.everyproxy&hl=en

Hope it helps...

Hey! I was wondering if you written up a guide anywhere to do this?

I would love to route all my traffic through a Tailscale exit node into Mullvad, but have difficulty following the parent comments and the linked post.

Any help will be much appreciated!

I'm just curious what your use case is here? Is this an extreme situation (could face jail time) or just an effort to maintain privacy? Tailscale is magical and can do a lot but it isn't really intended to be a privacy VPN replacement in the same vein as NordVPN, for example. It can mimic one if you set it up in that way, of course, but if your situation is as dire as it sounds, you're probably better off bringing the travel router along and using a privacy VPN that is intended for this very situation, and use Tailscale to reach your LAN at home.

I'm very new to Tailscale so I might be speaking out of turn, but I've left my iPhone connected 24/7 for about a week now and I'm not noticing tremendous battery drain under normal conditions. When I use the exit node it does go up a bit, but I feel like that mode should be used only when necessary. You can still connect to all your devices/routes when connected to Tailscale normally, the only reason I'd want to use the exit node is if I'm at some public wifi for 20 minutes during lunch. And even then if I didn't specifically need access to my home devices during that time, I'd rather use a regular VPN like Mullvad.

I think the mistake is that people want to use Tailscale as a "free vpn" rather than an encrypted "bridge" to your home network. I think you should use a purpose-built vpn if you want a vpn, and use Tailscale for accessing your devices and occasionally tunneling your traffic through those devices when necessary.

tl;dr: On an aging iPhone 8 I've gotten less than 10% battery usage by Tailscale per day leaving it connected 24/7 using exit node only when actually necessary.

No I have not. After adding the service and the to the Mullvad Split Tunneling excluded apps list, it still does not work for me to have both Mullvad and Tailscale running at the same time. I can connect via Mullvad with both the OpenVPN and the WireGuard protocol. When connected to Mullvad, Tailscale dashboard says I am connected, but I can't connect or ping any of my Tailscale machines. Anything you would like for me to try for troubleshooting?

Nice idea & solution 👍🏼 I’m trying to do something similar with having “normal” WireGuard as an upstream VPN on the tailscale exit node. Do you have any idea how the NordVPN Linux App is routing from the tailscale0 interface to itself, as this would be helpful for me to rebuild it (in my case then tailscale0 to wg0 WireGuard interface) 🙌🏼

I achieved this in a VM.

I have wireguard installed and connected to my vpn (mullvad)

Then I run Tailscale with subnet route to my lan and advertising as an exit node.

tailscale up --advertise-exit-node --advertise-routes=192.168.1.0/24

As an extra, I manually set my dns in Tailscale UI to use 192.168.1.2 (my AdGuard server).

The result is LAN service access, VPN connection through Mullvad and AdGuard DNS blocking adverts, magic.

No, it shouldn't, although you might have to fix routes.

I have a personal wireguard network, a work wireguard network, a tailscale network, a wireguard network, and a Mullvad wireguard network that handles all traffic not on those other three.

After a reboot I need to run `ip route add 100.64.0.0/10 dev tailscale0` but I haven't really figured out why the route isn't there to begin with.

I did a test run and thankfully using iptables to route traffic isn't necessary. I installed Tailscale on my mobile and my server, with the server as both the DNS Nameserver and the exit node. DNS queries get filtered by pihole and then automatically gets routed through to NordVPN (using the NordVPN linux app). Success!

Good question! I already have a NordVPN subscription and there's a slight security improvement, as a firewall on the server would protect all other devices. It also means that I can control all internet usage in the household (e.g. porn filters). It's not a big deal if it's not possible - I'm just curious as to whether it is...

There are various reasons to want to hide menu bar items, but if you're just doing it for aesthetics, you might check out an app like https://www.macbartender.com/ which will let you hide any number of menu bar items.

I think the confusion here is you're thinking of tailscale as a public VPN provider like NordVPN or similar, where they give you a VPN tunnel to an exit node on the internet.

Tailscale is just a normal VPN which is used to connect your own devices together, like OpenVPN or Wireguard, it doesn't provide exit nodes like a public VPN service does.

If your ISP is blocking website maybe they do it blocking some dns requests.

Maybe a idea to install pihole with Cloudflare or Google as dns providers instead of using your isp dns.

Try changing your pc's dns to 1.1.1.1 and see if you can access some of the blocked sites. Otherwise maybe a full VPN like Private Internet Access or ProtonVPN.