Tailscale - Programmable networking software for secure remote access

My main use case for Tailscale  is connecting me to my home lab, which serves as my front-end infrastructure, whereas I use ZeroTier  for back-end infrastructure for connecting things such as IOT devices and personal servers.

A specific example of how I use Tailscale  with my home lab is that it allows me to easily provide secure access from myself to my home lab while on the go. This does more than just connect me with my servers; it allows me to run all of my internet traffic on my devices while on the go through my router as the exit node, which allows me to use AdGuard  as my DNS server and my home firewall. Overall, it makes me more secure on the go and prevents me from often having to use HTTPS on many of my personal services because Tailscale encrypts traffic already, making HTTPS sort of irrelevant in that specific use case.

The best features Tailscale offers are its encrypted tunnel and easy setup VPN, which are common across your space. I personally love two specific things that differentiate Tailscale: the automatic HTTPS setup, which means you don't have to deal with certificates or anything similar, and the ability to use exit nodes very easily, which is a super useful feature.

The automatic HTTPS setup and easy node management have helped me in my daily workflow because I have an automation on my iPhone that runs as soon as I disconnect from my home network, allowing me to tunnel my cellular data through Tailscale back to my home lab and run my router as an exit node. This means I can use AdGuard  for my DNS to block anything from malware to ads in general. The HTTPS setup is super useful for another use case I had where I was building an AI German teacher for myself, allowing communication to happen because most browsers require HTTPS for such connections. Not having to set up certificates and simply using the Magic DNS URL with HTTPS on the Tailscale side was super time-saving and useful.

Tailscale positively impacts my organization because I can feel incredibly secure on the go without worrying about opening ports on any routers. It makes an incredible amount of sense for my use, and I wish I could use it more in my role at ADP, though they generally manage that externally through Cisco. But I give my sign-off to advertise to them.

The only improvement I see for Tailscale is that I would love to check out Headscale to fully host it on my own infrastructure. However, I think it is a really great product as is. It is easy to set up, and since it uses WireGuard on the back end, it is quite fast. I would love to see a diagram that gives me clearer visibility into how I connect to each node, as I often find I connect to non-direct routes to individual servers, and a visual representation of that would make it easier to visualize.

I have been using Tailscale for about five years.

Tailscale is stable most of the time, as I occasionally see dropouts. However, I appreciate receiving notifications about drops, which I almost never notice myself. Occasionally, I see on my router that the exit node has gone dark, but I don't notice that in practice.

Tailscale's scalability is very good, with the visibility and ability to access metrics making it easy to scale upward, although I have limited experience with that as I have under 100 devices, around 20.

I have never had to use customer support because the product is that good.

I previously used ZeroTier  for my back-end services, and I think that is the number one one-to-one competitor within your space. I switched from ZeroTier to Tailscale for two reasons: it was much easier to set up Tailscale, and while ZeroTier still has value, Tailscale makes more sense for the speed, visibility, and overall functionality, especially with exit nodes being easier to use.

Tailscale is incredibly easy to use, and I will always sing its praises. It has made my life a lot easier. I was originally an early adopter of ZeroTier and championed that for a long while. Only in the past couple of years have I switched over to Tailscale, and it has been world-changing, making many things easier to achieve the security I was looking for on the go.

I generally work within a free tier, as there is no reason for me to step outside of that currently.

Tailscale has definitely made it so I don't have to incur additional costs. The ability to use your servers as relay servers instead of setting up my own Headscale server is the primary reason I haven't done so far, because it makes things easy and time-saving.

Before choosing Tailscale, I evaluated ZeroTier again. The only reason I haven't moved my entire infrastructure to Tailscale is cost. I can utilize free accounts on both Tailscale and ZeroTier, allowing me to build a back-end infrastructure for my family without paying for an entire organization account. ZeroTier operates on a device-based quota, while Tailscale uses an account-based quota.

A specific example of how I use Tailscale with my home lab is that it allows me to easily provide secure access from myself to my home lab on the go. This does more than just connect me with my servers; it allows me to run all of my internet traffic on my devices on the go through my router as the exit node, which allows me to use AdGuard as my DNS server and my home firewall. Overall, it makes me more secure on the go and prevents me from often having to use HTTPS on many of my personal services because Tailscale encrypts traffic already, making HTTPS sort of irrelevant in that specific use case. I would rate this product a 10 out of 10.

I use Tailscale  to connect to my home server for various tasks, such as checking its status and streaming movies or series from my media server. I also use it to monitor my home surveillance system and collaborate on projects with friends.

Recently, when my server encountered an issue while I was away from home, Tailscale  made it incredibly easy to connect remotely, diagnose the problem, and fix it.

Currently, I use Tailscale  for a small group of three to five people, and it works flawlessly. It handles our current setup perfectly, though expanding the user limit on the free tier would be a fantastic improvement

One of Tailscale 's most valuable attributes is its incredibly straightforward setup. The absolute best feature for me is that it completely eliminates the need for port forwarding on my router, which simplifies network management significantly. The platform is also highly stable; I have been using it for a while now, and it has worked flawlessly.

I have also relied heavily on Tailscale ’s official documentation for advanced configurations. For instance, it helped me easily understand and set up Tailscale  Funnel , which allows me to share local services over the internet securely without exposing unnecessary network data.

Additionally, when I needed to create specific access rules  (ACLs) to restrict which ports my three devices could access, the documentation guided me seamlessly through the configuration. Overall, I am incredibly impressed with their documentation; it is exceptionally detailed, informative, and user-friendly.

I would love to see two specific improvements brought to the Tailscale  Android client, both of which are standard in several other VPN applications:

• The app currently lacks the ability to automatically disable the VPN when connected to a specific, trusted network (like a home Wi-Fi network). Having an automated toggle for this would prevent local traffic and local DNS queries from unnecessarily routing through the tailnet when you are already home.
• The current split-tunneling feature only allows you to exclude apps from the VPN. Because of this exclusive-only design, every newly installed app on the device defaults to routing through Tailscale . Introducing an "include" mode, where users can select only a few specific apps to use the VPN while leaving the rest to use the regular internet, would be a massive quality-of-life upgrade.

I have been using Tailscale  for a little over a year.

Tailscale  has been exceptionally stable. Throughout my entire time using the platform, I have personally experienced zero outages or downtime.

Because Tailscale  orchestrates a peer-to-peer mesh network, my devices connect directly to one another. This architectural design provides massive peace of mind: once the initial connection is established, the data path doesn't rely on central infrastructure. Even if Tailscale 's control plane faces minor maintenance or a brief degradation, my existing device links remain perfectly active and unaffected. For my home server, media streams, and surveillance setup, the reliability has been rock-solid.

I have not had any direct interactions with Tailscale 's technical support team. Because the product is so stable and the official documentation is incredibly detailed, I have been able to handle everything on my own without running into any issues that required escalation.

Prior to adopting Tailscale , I was using a standard WireGuard setup over an IPv6 connection. However, because my home network sits behind Carrier-Grade NAT (CGNAT), I was entirely dependent on IPv6 to bypass it. This meant I couldn't access my VPN whenever I was on an external network that lacked IPv6 support—which, unfortunately, is still quite common. I ultimately switched to Tailscale  because its native NAT traversal handles these environments seamlessly, providing the highly reliable, user-friendly, and maintenance-free alternative I needed.

The initial setup is exceptionally straightforward. On my home server, I deploy Tailscale  inside a Docker  container using their publicly available templates, which makes it virtually a copy-paste deployment. For my client machines, the process is as simple as downloading the application, logging into my account, and letting the devices connect automatically. The entire onboarding experience is frictionless.

Before choosing Tailscale , I evaluated a few other mesh VPN options, most notably Netbird .

• Pros: Netbird  is a very capable, open-source product with a great user interface and a solid architecture.
• Cons: In my testing, Netbird  simply wasn't fast enough for my requirements. I noticed a distinct difference in throughput and connection establishment speeds compared to Tailscale .

Ultimately, Tailscale  won out because it offered superior performance, lower latency, and a much more mature ecosystem for my specific routing needs.

My main use case for Tailscale  is to whitelist connections using the exit node to whitelist certain connections to public addresses. I also use it to access internally exposed load balancers and to gatekeep certain services within the VPN.

For accessing internally exposed load balancers or whitelisting connections, we may have a GKE  Kubernetes  cluster set up with an authorized network, meaning access is restricted to authorized networks and a VPN Gateway IP that can only access it from the public internet. To give a developer access to the internal IP of the control plane without exposing it publicly, we install a Tailscale  operator in the cluster. Once the Tailscale operator is installed, we expose the internal IP of the cluster through one of the pod operators as a subnet router. When developers connect their Tailscale client, they can access the cluster locally without routing through the public internet.

Tailscale can also be used for whitelisting. For instance, if we have a service in the Kubernetes  cluster exposed externally through Traefik, NGINX  Ingress, or a Gateway and certain users need access, we can set up exit nodes for different regions. If we have users in Europe and users in America, we can set up an exit node for users in America and another for users in Europe. These exit nodes have external IPs that we can use as a whitelist in our externally exposed services. When traffic comes from those external IPs, it is allowed through. When a user connects their Tailscale client and enables one of the exit nodes, they can access the externally exposed address since it is whitelisted to those external IPs. If their Tailscale client is not connected and the exit node is not enabled, they cannot access the externally exposed service.

The best features Tailscale offers is that the access control list is good. We can separate different kinds of connections even within the tailnet, allowing developers to connect to certain IPs and services, with engineers having different access levels. Tailscale is fast as well.

The access control lists help my team by allowing us to control who accesses our services. For instance, we have some services on developer clouds where only certain users can connect. Those developer clouds are on our VPC, which is exposed with tailnets. Developers must connect to Tailscale to access the tailnet and developer cloud already exposed to the tailnet. We created groups with certain users and administrators who can access government clouds. We only have to give those groups access to those government cloud IPs, while every other developer cannot access the government cloud IP because the ACL  controls this.

For speed, we can use the same ACL . If we only expose certain cluster addresses to certain developers, we open the dev cluster's local address to the developers. In some cases, we want to ensure the security team can access the cluster locally to perform audits. We can grant the security team access to the cluster in the ACL. This works very fast. With just the configuration required in the ACL, within a few seconds, we can see the access reflecting for the security team, and they have access.

In terms of how Tailscale has impacted my organization positively, it is good for security on the network side of things. It helps us connect properly. Because our company is remote globally, even if someone is in Australia and needs to connect to a cluster or any services, instead of routing through the public internet and exposing the traffic there, we can connect internally through Tailscale tailnets, and everybody is working.

Tailscale can be improved, especially with logging in. I have two tailnets, for instance, one for personal use and one for my company organization. Sometimes trying to log out of a particular tailnet and connecting to the company's Tailscale tailnet is challenging. Especially if you have been logged into one of those tailnets for a long time and want to log into another one after a few days, the login process can be tricky. Sometimes I have to restart my whole system to ensure that after I log out from one tailnet, I can effectively log into another one. The process is not as smooth as I would imagine, especially if it has been a while. We have to log out and sometimes even switch off the entire system and log back in.

I choose eight out of ten because there are other improvements that can be done with the logging. I am not a fan of the ACL in its current format. It is a JSON ACL, and perhaps if it were in YAML format, that would be better and more readable.

Aside from the logging side of things, everything is straightforward with Tailscale. The ACL can be improved by converting it from JSON format to YAML format for better readability.

I have been working in my current field for three years. I have been using Tailscale for close to three or four years.

Tailscale is stable.

We are using Tailscale at the SaaS level, so we do not scale it locally. We do not install it on premises.

Tailscale's customer support is good and very responsive. I would rate the customer support a ten.

Before Tailscale, we used a normal VPN like GCP  Cloud VPN, for instance, which was adequate but had limitations.

I have seen a return on investment in terms of time saved and security. Time saved and security provide good returns.

I am not involved in the pricing side of things as I am an administrator who controls Tailscale and ensures developers have access. The pricing is mostly handled by the IT and accounting team. Based on what I hear from them, it is a bit costly and can be on the expensive side.

We went for Tailscale straight away without considering other alternatives.

The advice I would give to others looking into using Tailscale is that it is good for developers. Tailscale is deployed in our organization on public cloud and Kubernetes clusters. We do not have a hybrid or private cloud setup. We have it mostly on public clouds. The UI of Tailscale looks good and is not problematic. I rate this review eight out of ten overall.

I use Tailscale  to publish and as an SSH service. I secure my SSH port and then use Tailscale  to SSH into my VPS. I also use Tailscale to serve private services on my VPS so my teammates can access them securely without exposing the port publicly.

Our VPS was attacked by a bot targeting our port 22 or SSH service. Our service is quite critical, so exposing it publicly would pose a danger to our services, especially our company's database. That is why I use Tailscale to secure all of our services.

I use Tailscale to secure our CI/CD pipeline as well. We do not use any SSH key anymore; we use Tailscale SSH instead. I can easily connect to a private VPS using Tailscale without needing to be there because Tailscale acts as a VPN.

The best features Tailscale offers that benefit me are the SSH services and VPN services, and how it can expose a service without publicly exposing the port or provide access control to which services are available to our teammates or made publicly available. Tailscale Serve and Tailscale SSH are the most useful features in my opinion.

We are able to share only a specific service with our teammates, which is basically a least privilege access. They will not be able to access the database, but they are able to access our monitoring log and other services.

The funnel is particularly handy. It is much similar to Cloudflare  Tunnel, but it is from Tailscale. I would appreciate the ability for it to funnel many services from our VPS because as far as I know, it can only funnel one thing from our VPS, so one domain only. If you want more domains, you have to use a sidecar container, which is not quite convenient. If I were to request a feature from Tailscale, it would be to have a funnel that allows me to serve multiple services on our VPS.

Another feature I would request is a custom domain. I would like to customize my Tailscale domain other than funnel. Funnel lets you expose multiple services in your server and then you can customize the domain name for each of the services. Currently, I am only given the MagicDNS domain. If I could give Tailscale access to my DNS management, then Tailscale could customize that domain for our funnel services. I think that would be very helpful.

I am currently facing an issue where on my Mac, Tailscale does not allow me to log in to multiple accounts. It is quite hard to switch between accounts. I think that is quite critical and needs to be improved.

The desktop version on macOS does not allow me to switch between multiple accounts easily. It requires me to log in every time I want to switch accounts, and it actually creates another node for my laptop. Even though I have one laptop, it creates multiple nodes every time I switch accounts from A to B and B to A. When I switch back to my original account, it actually creates another node instead of reconnecting to the previously connected node.

I have used Tailscale for about one and a half years.

Tailscale is very stable and I have not noticed any downtime so far.

Currently, our organization is quite small, so I have not met any limits from Tailscale.

I have not reached out to customer support because I have been able to solve everything myself and from the documentation, so I have not needed to contact customer service.

I used fail2ban to block bots from brute-forcing our SSH service, but because it was not effective enough, I switched over to Tailscale.

Installing Tailscale does save time in managing the firewalls because I do not need to know much about firewalls, especially UFW, as I can just install Tailscale and our server connects instantly. This saves a lot of our time.

Tailscale definitely saves me a lot of time securing our server. I do not really need to install fail2ban or CrowdSec or modify our UFW firewall. I can just install Tailscale, close many ports, and then share them with my teammates. It is really time-saving and, of course, money-saving because Tailscale's free tier is very generous.

I have not reached out to customer support because I have been able to solve everything myself and from the documentation, so I have not needed to contact customer service.

Tailscale is very generous with pricing. I have not met the limit at which I need to upgrade my tier, so I am currently on the free tier and I do not think I need to upgrade because the free tier is more than enough and it is very generous.

I went directly to Tailscale.

It becomes much easier to share our services with our teammates without needing to handle the firewall directly. For security, it is indeed much safer now because we can close all of our ports and then just share the link to our machine with our teammates so they can access it using Tailscale VPN.

I would recommend trying Tailscale. Use the managed Tailscale service because its free tier is very generous, and then you can avoid modifying the firewall and completely migrate your entire infrastructure to using Tailscale VPN. I would rate this experience a 9 out of 10.