Tailscale is basically a super simple VPN built on WireGuard that connects your devices into a private network. Your server at home, your laptop, your phone, even a cloud VPS can all talk to each other securely as if they were on the same local network.
No port forwarding
No static IP
Works even if you’re behind NAT
Everything is encrypted
It feels like creating your own private internet just for your devices.

How it works in simple terms

You install Tailscale on each device you want connected.
You log in using something like Google or GitHub.
Each device gets a private IP address in the 100.x.x.x range.
From that point on, you can SSH, RDP, or open web interfaces just like you would at home on your LAN.
The connection is encrypted end to end, and you don’t have to manually configure complicated VPN settings.

Where it’s really useful:

If you’re running a homelab or doing personal IT projects, this is where it shines:
Access your Proxmox or TrueNAS web interface from anywhere
SSH into a Raspberry Pi from your phone
Reach internal apps like Home Assistant without exposing them publicly
Manage Docker containers or Portainer remotely
Mount file shares securely
It removes most of the usual remote-access headaches.

Basic setup example

Let’s say you have a Proxmox server or a Linux VM at home and you want to access it from your laptop while you’re out.

On the server:
Install Tailscale with:
curl -fsSL https://tailscale.com/install.sh� | sh
sudo tailscale up

Log in when prompted.
That’s it. Your server is now part of your private Tailscale network.

You can SSH using the new private IP:
ssh user@100.x.x.x

Or even better, use the automatic hostname like:

ssh user@hostname.tailnet-name.ts.net
Then install Tailscale on your laptop or phone, log in with the same account, and your devices can talk to each other instantly.

MagicDNS

In the admin panel, you can enable MagicDNS. This gives you clean, easy-to-remember hostnames instead of typing IP addresses. It makes the whole experience feel much more polished.

Access control

You can also define simple rules to control which devices can access which services. So if you only want SSH and Proxmox accessible, you can limit it to just those ports. It keeps things tidy and secure.

Extra features that are surprisingly useful

Exit node

You can route all your internet traffic through one of your devices at home. This is useful on public Wi-Fi or if you want your traffic to appear as if it’s coming from your home network.

Subnet routing

If you have devices that can’t run Tailscale, like an old printer or an IP camera, you can let one machine share access to your entire local subnet. That way you can still reach those devices remotely without exposing anything to the public internet.