Apple TV, now with more Tailscale
Cool! it sounds like a pivotal upgrade, offering both convenience and enhanced security features. I love using Apple TV as the router in my home, when paired with Headscale, it's simply perfect.
I don't care either way, but I did note the ignorance of the elephant in the room as to why 99% of people would care about Tailscale and native VPN support on their Apple TV... and it's not "avoiding sketchy wifi networks".
> With a Tailscale exit node, you’re in control and you get the internet connection you’re used to. This new feature could come in handy if you’re traveling with your Apple TV and want to access the same geo-restricted channels you can see from home.
They do call this out towards the end.
How's this supposed to work? If I'm travelling with my Apple TV and use it as an exit node, it's as geo-restricted as I am, wherever I am.
This blog post isn't just for using it as an exit node. Traveling with the Apple TV and using Tailscale lets you exit-node back to your house.
Traveling without the Apple TV and the exit-node can be your Apple TV.
Perhaps the blog post isn't, but the quoted text is:
> With a Tailscale exit node, you’re in control and you get the internet connection you’re used to. This new feature could come in handy if you’re traveling with your Apple TV and want to access the same geo-restricted channels you can see from home.
Yes, but the tail scale exit node referenced in that quote isn't necessarily the Apple TV.
You designated a device at home as the exit node and are using that on your Apple TV in a different location.
For sharing Netflix accounts?
Arrr, it not be for Netflix.
Tailscale isn't useful for piracy. Unless you really want your pirate traffic to always be routed through your home?
Tailscale has Mullvad integration now, so it can be used that way too
The idea is that you host all your pirated media from home, e.g. on a NAS running Plex or Jellyfin, and your home server can stream any of your media to any device (including transcoding it to best fit the device and connection).
Tailscale isn't particularly useful for acquiring the pirated media in the first place, of course.
How is this different to running a Plex server on your NAS and streaming directly over regular internet?
You do not punch holes through your routers firewall. There for it's is more secure as a mesh network.
I guess it’s more to be able to access the local are stack / jellyfin from everywhere?
Because say I want to connect to my own private remote network. I have a server hosted in a datacenter because I self-host. I'd much rather have VPN capabilities than deal with a proxy server and publicly open ports with rules. This is a much tighter way to do things, IMHO.
It's a way to access it remotely without having to forward a port to the whole world. There are other ways to do this, but a VPN is usually the most straightforward option.
It's also a way to proxy your connections through a device at home, of course. Whether the Apple TV is the client or the exit node.
The main use case I see is sharing streaming services like youtube TV with family.
You can already do that officially... but maybe not region-locked sports
It's cheaper if everyone is in the "same household" (i.e. sharing the same public IP as main account)
Definitely not region locked sports. My YT TV account is based on the other side of the country and I can't watch our local teams quite frequently. I've been using wireguard and a dedicated wifi network to tunnel through a fiber connection "back home" and it then thinks I am local and all works well. This is much cleaner with tailscale!
I run my own DNS server at home, and have Tailscale installed on it also. I use this so when I am away from home, I can continue to use it via Tailscale and/or an exit node for full on VPN-like solution.
I can now, move Tailscale off that server, and put it on my Apple TV to use as my network for my DNS server when I am away from the house.
This is great news! Not only does this make a remote Plex / Jellyfin media server easier to deal with, the Apple TV can be an exit node. Solid work, TailScale!
I'm a little unfamiliar with how Plex routing works. Would this make it so that your plex connected media servers don't need to be publicly routabel and the Plex app will know to connect through the tailscale network?
Would you need to reconfigure plex to use the tailscale ip addresses and then the Apple TX Plex app will stream over that address?
Depends on how you’ve setup Plex, but you can give it custom access URLs. So you can expose both a public and a private endpoint. Or just a private endpoint, up to you really.
I wrote up a guide  on using Plex + Tailscale + HTTPS last year to setup Plex so you don't have to expose it through the Plex relays or setup port forwards for other devices on a Tailnet.
I would assume with this announcement, you can keep Plex private to your Tailnet and an AppleTV also on the Tailnet could use it without any port fowarding.
>setup port forwards for other devices on a Tailnet.
Ah. Now I get it.
Using it as an always-on exit node is actually a pretty nifty feature, I hadn’t thought about that as a viable feature before now.
This is by the way kind of how remote access with apple home works.
The Apple TV serves as a local gateway relaying all the commands to your local IoT devices.
On a side note, tailscale is lovely. I have nothing but good things to say about them.
> This is by the way kind of how remote access with apple home works.
Apple killed Back to My Mac, which sounded a lot like Tailscale exit nodes: https://datatracker.ietf.org/doc/html/rfc6281
Yup, either a HomePod, Apple TV, or iPad left at home can act as a HomeKit hub.
Just an FYI, but iPads can no longer be used as a HomeKit hub as of last year: https://support.apple.com/en-us/HT213481
(Yes, you can technically use an iPad as a hub if you are on the old Home architecture)
Good change, then! It wasn’t a great experience for most people. iPads are rarely static home fixtures now, and they were the only ones capable of dying.
Yeah, that was always a weird choice. The one time I went on holiday without first checking to see which device was acting as my primary home hub it turned out to be my iPad, which I'd taken with me, and all my security cameras were "unavailable" for the week. I'm sure the system is supposed to just switch to a different primary hub in that situation (I have about 15 candidates), but it didn't.
I’ve installed this on a freshly updated AppleTV 4K with Ethernet and for the life of me I can’t get it to work using the Apple TV as an exit node. I’ve enabled it and approved it in the console.
Unfortunately I can’t ping any hosts through it or make any connections. This is in contrast to my other exit node, which is a docker container running tailscaled with user networking. It continues to work just fine.
Are your clients set to use the AppleTV as a gateway? That's a fundamental requirement to ensure the packets your devices send in reply get passed back to the tailscale network.
Yes, the clients I've attempted this with so far (iPhone running tailscale) I have configured to use the Apple TV as an exit node. When I do so, there is no internet connectivity. When I switch it to another exit node I have in my tailnet it works flawlessly.
> Finally, the new Tailscale client allows an Apple TV to be an exit node itself for other machines in your tailnet.
Pretty huge. Many non-techy users don't like the idea of keeping a computer on 24/7, but a smart TV is just fine.
Also, the Apple TV 4k only draws 0.5 watts at idle and less than 3 watts when streaming movies, so I imagine it pulls less than 1 just tunnelling traffic. Computers pull 15W+ at idle, and that's with low end components.
Neat, maybe I can sell my M1 mini server
Nah, you'll still need that to synchronize iCloud content locally so that you can make backups of it, as Apple stubbornly refuses to allow TimeMachine (or anything else) to actually backup stuff that is only stored in iCloud, and provies no easy, scriptable way, of doing so otherwise.
It may just be a problem for me, but as i have ~3TB of photos in iCloud (2 x 2TB), and unless i want to buy laptops with 2TB storage, there is no practical way of backing up the contents of iCloud, so i use a Mac Mini M1 with an external drive, syncrhonize data locally, and then back it up from there.
If it’s iCloud Photos you can try icloudpd, works pretty well from my Synology NAS
I need to backup my iCloud data soon too. How sure are you that the data is all downloaded from the cloud when you copy it to the external drive?
Do you use any special tools?
I just configure each users account on the Mac Mini to download everything from iCloud, and then backup each users directory.
It does require each user to login again every time the mac mini is rebooted, but fortunately that only happens when new releases come around, so 3-4 times every year.
I do periodically check if new photos have been downloaded. I care less about documents as the relevant documents are more likely to also be stored on the laptops, and thus backed up through the normal backup routine on the laptops.
I do wish Apple would come up with a solution to this problem though. The official instructions feels like something from 2003.
> I do wish Apple would come up with a solution to this problem though.
That wish is in the opposite direction of Apple’s brand identity: “let us handle everything for you with our white glove service [you can pay, right?]”
I would argue that it is exactly in line with Apple's brand identity.
Pretty much everybody agrees that you need to backup your cloud storage as well as your local computer, and Apple even backs up your i-devices to the cloud, and yet, there is no automated way of backing up your iCloud storage.
About a decade ago, Google initiated the Data Transfer Framework that allows you to transfer data from one cloud provider to another, directly from provider to provider instead of downloading it first. It sadly appears to not have gotten enough traction to be of any use.
> Pretty much everybody agrees that you need to backup your cloud storage as well as your local computer, and Apple even backs up your i-devices to the cloud
I don’t think I’ve ever seen Apple say that you need to back up your Apple Cloud data.
> I would argue that it is exactly in line with Apple's brand identity.
I’m not following you. Can you explain what you mean by that?
Couldn't you expert icloud to Google photos and then use something like Google takeout to back that up?
> Many non-techy users
Why would a non-techy user want to volunteer to be an exit node?
This isn't Tor, being an exit node just means the non-techy user can access Netflix while travelling internationally.
Blame Tor for popularising the term "exit node" to mean "public proxy".
The terms "VPN gateway" or "VPN server" are still valid and less easily confused with Tor's use of "exit node".
Yes and no... A VPN Gateway or VPN server doesn't have to be an exit node, and may route onwards to actual exit nodes. Some nodes may not "exit" at all - see setups where you are just trying to reach your private networks.
In a tailscale setup, an "exit node" has specific meaning and the term makes sense as far as I'm concerned:
It’s not a public Tor exit node. It’s a personal node you can use to route your own traffic.
I have setup Pis in family member homes to allow me to get residential IP VPN exit node in their respective countries - cheap and easy way to get access to foreign TV streaming services without a monthly fee. I used to run my own exit nodes in AWS/DigitalOcean in those regions, but virtually all streaming services block VPS/cloud service IPs at this point. Having an exit node in an actual "real" residential internet service is vastly more flexible.
This potentially would be even easier for me, given they all have Apple TVs already. This isn't a public exit node - it's only available to other users (i.e. people you know and have granted access to) of your own TailScale setup.
Same for non-techy folks who have second homes in foreign countries, or even just travel a lot - an Apple TV running this new app back in their main property will allow them for free to browse the web as if they are actually at their main property, including any TV services they enjoy.
So that when they're overseas, they can route their internet traffic through their Apple TV at home in the US, and any streaming service they use will think they're in the US and not give them trouble about "Hulu isn't available in your location".
How will this work?
My Apple TV constantly goes to sleep.
Is Tailscale doing some type of “busy wait” to prevent tvOS from going to sleep?
You can change your Apple TV settings to not to go to sleep.
This is not really necessary, there is no need to change any settings. Even when the device enters sleep mode, VPN apps can remain active, just like on iOS.
It’s not truly asleep. The display parts are but it’s always connected to wifi to act as a home hub, receive airplay requests, etc.
I had not convinced the use case of using this as an exit node. Fuck this simplified so much.
Tailscale also runs on Android TV. If you don't have an Apple TV and want a cheap device just to have an exit node, you can buy a $20 Android TV thingy.
I abandoned the Google TV thingy because it was great when it was new a year or so ago, but now after all the updates it frequently stutters when playing media from Netflix, Disney+, HBO Max, etc. Apple TV is silky smooth and works perfectly.
At $200, it was 4x the price, though.
The expensive Nvidia Shield Pro is dogshit as well for streaming performance at $150-200. Ridiculous.
Works great for me?
You're the first one I've read that has had issues with streaming performance on the Nvidia Shield. I have the non-Pro nvidia shield and its been rock solid for streaming external content and local content. Including 4k. I even ran it as a plex server for a while. Are you using wireless or plugged into ethernet?
It’s most likely just because of new codecs. If you got a newer cheap device it would probably not stutter (until the next round of codecs, but Apple TV requires the same upgrades)
I don't think so, x264 and x265 haven't changed in the past 12 months, or even the last 2+ years. My suspicion is Elgoog releases Android system updates without thoroughly testing them on existing released hardware.
My friends have Apple TVs that don't stutter, for 3+ years.
If it were my machine I’d also investigate the audio streams. Audio decoding can be surprisingly heavy
It … kind of does, but if you filter the reviews by "TV" you'll see there's quite a few issues with it: https://play.google.com/store/apps/details?id=com.tailscale..... Not sure why the back button issue hasn't been fixed, that makes it very inconvenient to set up. (Also: are you sure it can be used as an exit node? That wasn't supported a few months ago.)
Beware that a lot of cheap Android TV boxes come pre-loaded with heaps of malware. You don't want them in your network.
Linus Tech Tips has a video about it: https://www.youtube.com/watch?v=1vpepaQ-VQQ&themeRefresh=1
That's true. However, Walmart's $20 Onn 4k Streaming Box has no malware, apparently.
Why, apparently it finally does - since when? Last time I checked, I'd have to sideload it on my Nvidia shield?
So far I’ve used it to get vpn on apple tv and i dont think i am going to change, also considering how apple leaks vpns like there’s no tomorrow https://www.amazon.nl/GL-iNet-GL-MT300N-V2-Reiserouter-Repea...
Can second the recommendation for the Mango travel router. I always prefer to take the VPN out of the “hands” of the client device to avoid any leaks. With 2 such devices connected via Wireguard VPN any other device I connect to that client router’s WiFi is safely communicating through that VPN. A sort of site to site VPN that works for devices that could never otherwise use a VPN client.
But of course this is a different use case and not always an option. Not if you want to use Tailscale. Probably unless that Apple TV is already connected to one of this “VPN WiFi” with Tailscale on top (no idea what the functionality or performance impact is).
Don't know about the mango, but the gl.inet I have works with tailscale (albeit still in beta) https://www.gl-inet.com/products/gl-axt1800/
also seems to work with 'tailscale up --advertise-exit-node' if you ssh into the router instead of using admin console.
Ordered one - I will be traveling and would be nice to switch exit nodes as needed while on the go. Not that I need to hide the fact I’m out of country, but seems like a good way to connect up the work laptop to appear on my home IP.
Anyone using glinet routers for that purposes and have any tips?
Yes. I've traveled abroad and connected my work laptop to our home server through the glinet so I wouldn't need to deal with any hassle of having a foreign IP address even though I disclosed my location to my employer. In fact I keep my work gear always connected to the glinet, even at home.
No tips, it just works, but test it out before you leave for your trip!
I don’t use it for work but on every trip I am actually connecting “at home”. I have a WG server at home (you can use one glinet as an easy to configure VPN server) and a travel glinet as the client. Whenever I reach a hotel I connect the client glinet to the hotel hotspot (or cable), it connects to the home VPN, and all my devices connect to this client glinet WiFi and through that VPN tunnel. Everything is seamless with the only manual step being to connect the travel router to whatever internet pipe provided.
The Mango I have is on the slow side, specs say max 45Mbps over WG as a client, and I measured ~25Mbps when using a Mango as the server. But it’s tiny and very low power so perfect for travel.
US Amazon link: https://www.amazon.com/GL-iNET-GL-MT300N-V2-Repeater-300Mbps...
Can you use this to appear to be in another place for blackout avoidance purposes?
Awesome news and boosts the utility of the Apple TV tremendously.
I wish they would work on their Android client.
Its got a long standing request to add split tunnelling  (a standard feature on pretty much every VPN client you'll come across). But it seems in the spirit of re-inventing existing networking technologies, Tailscale also decided to re-invent what a VPN client does.
This alone makes me give this otherwise wonderful project a pass despite all the deservingly good press it gets.
Tailscale continues to be one of the more impressive services I've ever used. Going to install this on my Apple TV immediately. I often travel and use public Wi-Fi, so this is massively useful as my PC and my laptop are not always on (so I can't use them as an exit node). Pretty genius honestly.
Is it possible to run a plex or jellyfin server on an Apple TV like a Nvidia Shield? If so, I might seriously consider getting an Apple TV just to run as a media server.
Sadly an Apple TV can't also be the media server (at least for something like Plex). But just about anything else can run media server, and you can go really low end especially if you don't need it to transcode your media. Some software like Infuse will stream the original media file to the Apple TV, and the transcoding happens on device.
I more or less have running every through a N100 and it has been great. Would have been awesome to replace it with an Apple TV though
AppleTV cant act as a media server. But as a client it's fantastic.
An AppleTV with an app like Infuse will flawlessly play back 4K HDR or Dolby Vision videos client side (no transcoding) as well as 7.1 lossless TrueHD audio. Unfortunately it wont do TrueHD Atmos.
True, but of course if you already have a media server, it can almost certainly already act as a Tailscale exit node.
I wish there is Tailscale for LG TV.
Never heard of tailscale before. Is it similar to Plex?
Nope, it's a tool for building a private network among machines which can be geographically and internetically distributed. So, more or less a VPN, but not particularly in the sense that people use it today (which is effectively a glorified proxy server).
Switching from WebOS on my LG TV to the Apple TV as the primary interface was honestly one of the best consumer decisions I’ve made this year.
LG TVs get slower and more ad- laden with each update.
This is useful - using an exit node with an Apple TV is useful as well for navigating around certain tools that are geo-blocked. Before, you'd have to handle it outside of the device which is much more difficult.
I'm going to play around with this later in the week.
This makes it much easier to use the Xfinity Stream app on your "travel appletv" :)
This is very cool, and very useful.
For the average, non-technical user, Apple TV as an exit node for other device while traveling is super cool.
But for someone who is out of the country for a duration, it's also super handy. Netflix knows all the popular VPN providers and ban hammers them on a regular basis. But being able to use my Apple TV to watch my normal Netflix (or whomever) from any other country... because they think I'm at home? Super win.
Network engineers watching rtt/packet latency very closely can still tell that something fishy is up, but Netflix doesn't really want to block VPNs, they just have to pretend to care enough so that the labels don't pull their content.
If one forwards traffic through iCloud+ proxy to mask IP address, I wonder if it’s still possible to tell a VPN, from, say, a perfectly legitimate SpaceX satellite signal received on a boat… ;-)
I've already been using it in a very similar way on a Chromecast (the one running Android TV), which made me use my Apple TV less and less, to the point where I actually unplugged it. This might just be its ticket back to an HDMI port :)
whoa. I'm going to try installing tailscale on the googletv chromecast dongle. Because one of the biggest issues with Chromecast was that it and the device casting from had to be on the same wireless LAN. So when traveling I had to either use a travel router or turn my phone/tablet into an AP. Tailscale might solve that. I already use tailscale for everything else. Just never thought about installing it on Googletv chromecast. Thanks for the suggestion.
You still won't be able to actually cast to a Chromecast device unfortunately, since that requires mDNS to work, which only works in the same broadcast domain (i.e. you'd need an L2 VPN, but Tailscale is L3).
I’ve been working on bringing tailscale into container networking through a driver, it’s still a work in progress but people might already be interested in trying it out:
Thanks for sharing this. I'm thinking this might be useful to run on a VPS and tie to a reverse proxy container. So I could expose services externally without opening up port on my wan side.
The bigger news is that you can add VPNs on Apple TV with tvOS 17, I had to run it on my router before
Still better to run it on your router. Apple’s had VPN leaks, and also exempted its own services from VPN or Little Snitch firewalling. Separation of roles means not having to trust Apple.
Wait until Apple bundles in 5G eSIMs for connectivity for just Apple apps to bypass the physical firewalls.
I think SmartTV vendors will get there first.
That's great tvOS now allows VPN - hopefully NordVPN will now release on Apple TV App Store. NordVPN runs great on Amazon Firestick - works for BBC Iplayer and ITVX when you're outside UK.
can anyone share documentation/paper/video with eli5 of tailscale?
i recently read this with mulvad too and feel stupid that I don't intuitively understand how it works, and what it does and why it's needed.
You're on a team of 10 people with 20 different machines between you and want to securely send/receive files, spin up servers and talk to them, etc.
Tailscale makes this really easy, and fast.
This blog post is a very good technical read (and the diagrams are really cool too): https://tailscale.com/blog/how-tailscale-works/
Tailscale is basically wireguard in a seamless UX wrapper, and a bunch of nice (optional) things added on top like ACLs/2FA/MagicDNS/ssh.
It's WireGuard with a really nice UI.
WireGuard is an outstanding mechanism for building secure virtual private networks.
You can run WireGuard on a bunch of different machines (or virtual machines) spread all over the world and give them the ability to talk to each other as if they were on the same LAN, with every packet fully encrypted.
TailScale has productized this. They wrote software for a bunch of platforms that makes it trivial to connect those machines to your "tailnet" - effectively a WireGuard network which their software manages for you.
They tie this to SSO - so you can install their software on your phone and your home server, sign them both in using Google SSO or similar, and now they're able to talk to each other on a secure virtual network.
I suggest trying the TailScale setup process to really understand how good it is.
So it's a VPN, right?
Its utility is as an "overlay network", but using traditional VPN technology. Yes, it is a virtual network, and it's private, but it's not intended to be used to exit to the internet in a controlled manner, as VPNs are often advertised as.
Well, the original purpose of a VPN was more as a private LAN (as Tailscale seems to advertise itself as) than as a way to exit to the Internet somewhere else. And it does both still.
Seems like Tailscale is a very souped up VPN, though. You can add more nodes to the network easily, and even have multiple gateways to the Internet.
> Well, the original purpose of a VPN was more as a private LAN
You're conflating two concepts.
An "oldschool" VPN connection (using e.g. IPSec) is something that allows your computer to remotely "join" a real, physical LAN. It's basically equivalent to running PPP over IP: your computer "dials up" a daemon running on a server somewhere; that daemon accepts a stream of raw packets from your computer's network stack; and then that daemon dumps those packets out through one of the server's NICs onto a local network segment — where those packets are then handled by the switch they run into as if your computer was directly plugged into that switch. So your computer can acquire an IP address for its VPN "bridge" interface via DHCP from the switch; can talk to other devices on that private network through the switch; can talk to the Internet via NAT through that switch; etc.
Tailscale, meanwhile, creates a software-defined virtual LAN on top of p2p mesh networking of the nodes. There's no actual network segment anywhere that your packets are being dumped out onto; the "switch" handling your packets is a shared distributed abstract-machine that's partly running on your Tailscale client, and partly running on the other nodes' Tailscale clients. That virtual LAN doesn't have a routing table + NAT on it to translate packets into Internet-bound packets. Nor does the LAN have the ability to host L2 services like DHCP. It's just a functional L3 simulation of an L1 network segment, not a faithful emulation of an L1 network segment.
Ah, makes sense. I realized Tailscale was a virtual network but forgot that a VPN doesn't include that functionality.
It's kinda a VPN.
Tailscale on its own is a mesh network that allows your devices to communicate (in a VPN, technically, yes) between themselves.
If you have an exit node, then you can route your traffic to that exit node in the way most people think of a VPN.
It also has Mullvad integration, providing Mullvad servers as exit nodes.
If you use an exit node, then its functionally equivalent to a VPN with fancy features.
It makes setting up your own peer to peer VPN between your devices.
It's a 90s LAN, but with encryption and accessible from anywhere.
It connects all of your computers and devices in a way that feels magical. For example, if I have a Plex server named myplex on port 80 at home, and if I want to access it from my laptop, I just go to http://myplex.
It doesn't matter if I'm at home or anywhere else, if I have internet then that just works. I don't have to open a port on my router, configure DNS, or anything like that, I just install and run Tailscale.
You have a home server, could be home assistant, a Raspberry Pi, your desktop computer. Access that server and all services on your phone or laptop from anywhere without figuring out ports and worrying about your server being pwned. It all looks like local traffic.
Set the DNS server on your phone to a Pi running AdGuard Home and block all ads and trackers when on 5G, not just in the browser.
Travel abroad with your laptop and designate your computer at home as an exit node and now all the traffic on your laptop looks like it is coming from that country.
Those are just the use cases I am using personally.
I live reading copy that’s obviously written by nerds. This is the least corporate announcement I’ve seen from a corporation in a long time.
No mention of how much they live trust and privacy or how they’re going to make your experience more delightful.
Yeah, sounds like a bunch of tech gobbledigook. I guess it’s written for the users of these services, and they know what all this jargon means.
Tailscale is a company that provides a VPN (“Virtual Private Network”) service. If you don’t find yourself thinking “man, I really wish this one computer over here could share the same network with that computer over there, despite not being on the same WiFi access point or physical Ethernet network”, then their service (and the news regarding it) aren’t for you.
Why would someone want a VPN? There are a bunch, but here are some examples:
1) You want to connect to one of your machines at home while you’re at a coffee shop, or on vacation. Maybe so you can check security cameras, I dunno.
2) You’re on vacation outside of your home country, and you would like to watch a video stream that is blocked in the country you’re vacationing in. I experienced this in the Bahamas — If I recall, I was wanting to watch a UFC fight, but the UFC app refused to stream to the Bahamas (it was this and/or other Disney/Hulu whatever services refusing to play in the Bahamas). By routing traffic through your ISP back home: problem solved. (This what “exit node” is referring to — a computer through which internet traffic flows on your behalf)
3) You want to play a game with a friend that only supports multiplayer play on the same network, but your friend isn’t physically there with you in the same house. So just put the two of you on the same virtual network and now you can play together.
but why is this better than running a vpn client on your pc? For example,when I want to watch streams restricted in my country, I fire up the ExpressVPN client on my laptop, connect to Switzerland, and then my restrictions disappear. Why should get another piece of hardware, wires and complexity (what happens when this box doesnt connect to the internet but it has no keyboard,, display or mouse to guide troubleshooting?)
Most streaming services block commercial VPNs and even data center IP ranges at this point.
Some VPN vendors bypass that by reselling access to residential IPs (witting or unwitting on the side of the person paying for the ISP service), but even that is hit and miss.
> Why should get another piece of hardware
Many people already have an Apple TV or Android TV streaming box.
The GL.iNet routers have a mobile and desktop config site and buttons to configure/reset the device as well as a two-position hardware switch, the function of which is configurable also. This is not to mention they can run OpenWRT/LEDE and there are vendor created “clean” firmware images to do so. They’re one of the best devices for this use case and price point. I don’t think the situation you’re worried about is a reasonable concern for someone already expected to be competent to manage the router generally to begin with, and if they also want to do the things Tailcale does, they can and should be able to troubleshoot the problem space. The stock firmware is a modified OpenWRT with a web GUI and some optional extras, but it’s the most functional consumer router I’ve used.
Because Tailscale is a  direct connection. No middleman service with access to your traffic.
 In some cases this is not possible and there are relays setup to help route traffic. What's in the traffic is opaque to these nodes. You can also choose to use your own nodes. If you are interested here is a great post on how this works: https://tailscale.com/blog/how-nat-traversal-works/
I bet they run a useful service. But their post doesn’t really speak well to people who don’t already use the service, because it doesn’t define the used names (e.g. it’s only implied that the service is a VPN, why not just say it up front). That’s why I think it’s not a great press release.
> With up to three users available on our Free plan, you’ve got tools to make a media drive available to other trusted people in your life. You can share a collection of family photos and home videos into a faraway relative’s tailnet, without worrying about locking down the server for public internet access.
It's important to point out here that, in addition to this, the free plan also lets you send invite links to specific devices, which other people can add on their own accounts. That way, nobody has to go for the (quite expensive and obviously company-focused) free plan, you can share your device with as many friends as you like, and you're not sharing anything else beyond that single device.
Will this work with Headscale too?
Tailscale dev here: yes, you can set up a custom coordination server in the settings, just like on the iOS app. Open the tvOS Settings app, then scroll down to Tailscale.
Genuine question: Does tail scale want people using headscale?
I'm a free-tier personal user, and a little too cheap to give a for-profit corp money when I don't need to just because "I REALLY like the product". If I use headscale does that just cause a headache for the team, or is it good because it reduces traffic to prod?
I'm to cheap to pay when I don't need to, but its such a great product (esp for free) that I'd gladly change how I use the product to be less expensive or problematic.
Thank you so much for that!! I wondered about this as well. Love how above and beyond you guys are going to support other OSS implementations <3
Is it possible to transparently embed Tailscale into a game to only talk to your self-hosted Headscale server?
Also, is it in theory possible to use WebRTC to negotiate Wireguard connections and not use any control plane?
> Is it possible to transparently embed Tailscale into a game to only talk to your self-hosted Headscale server?
> Also, is it in theory possible to use WebRTC to negotiate Wireguard connections and not use any control plane?
you can write code to do whatever you want I guess, but that's nothing to do with tailscale
> But even if you don’t have a media server to connect to, you can use Tailscale’s Apple TV app to select another device in your tailnet ... to use as an exit node. This will route all your Apple TV’s traffic through that connection ... making your traffic appear to originate from the machine of your choice.
Oh look all of those family Netflix devices are in one home again!