That is an option and one that comes up every time a similar question is asked. I would prefer not to have to carry another device.
Subnet routing lets you use your current local network and connect to devices on all your other networks with their local IP addresses wherever you have subnet routers.
Exit nodes tunnel all your traffic through that device like a normal VPN would.
But you need to run some command line on whatever you want to be subnet router. And then accept it from your Tailscale Machines page on their website.
Simply put, install tailscale on the same machine that your wireguard “server” is on. Also install tailscale on your Apple TV and any other “client” device. Finally, set up the “server” machine as an Internet gateway (exit node in Tailscale parlance). This might be helpful is explaining how things work and how to set them up: Exit nodes (route all traffic) · Tailscale Docs
There’s a few advantages, including security. But one good one for us is this. When we get to hotel or whatever, I connect the travel router and ALL 7 of our devices automatically connect to the travel router and have internet. No more messing around setting each one up one at a time.
Then maybe a VPN like Nord or Surfshark on the Apple TV device should be considered?
Thank you, I think I understand the AppleTV part now.
My exit node is my NAS on my home LAN. If I want to access LAN resources from my laptop while traveling (smb, NAS, other hosts, etc.) can I access them without installing Tailscale on each one? If so how? It sounds like the Tailscale way would be to install it on each client and access it using its Tailscale hostname. Whereas with my Wireguard VPN I connect to the server and I’m good. Am I over thinking this?
Aaaand after typing all that out, I realize it’s probably better asked over on r/Tailscale.
I have PIA but that doesn’t give me access to the LAN at home.
I appreciate the ideas but I really am only looking for ways to connect tvOS with a Wireguard VPN running at my home. It appears that it doesn’t exist yet. I was hoping somebody had developed an app.
If your laptop and your NAS both have Tailscale, and moreover your NAS is both an exit node and also shares the internal subnet of your home LAN, then the answer is yes.
You can also install Tailscale on all the devices on your LAN as well, however, if you don’t intend to use MagicDNS with automatic SSL certs, or something like Tailscale SSH, I don’t think there’s any reasons to justify that much effort. For basic access to your private LAN through your NAS, you don’t need to add all LAN hosts to your Tailnet (i.e., don’t need to install Tailscale on all your LAN devices).
At a very high level, Wireguard is peer-to-peer, that is your laptop connects to your NAS and your NAS then allows you to access its private LAN and the Internet through it. Tailscale, on the other hand, allows multiple devices to connect to a “tailnet” - a mesh, rather than peer-to-peer. Each device on the Tailnet can then share its Internet connection, or allow access to its own LAN. For example, in theory, if you have a 192.168.1.0/24 network at location A, and a 192.168.2.0/24 network at location B, you can deploy Tailscale to a host at locations A and B, and share access to these private subnets into the same tailnet. Then, you can connect your laptop from anywhere to this tailnet, and be able to access both 192.168.1.0/24 and 192.168.2.0/24 networks at locations A and B without having to switch VPN connections or reconfigure routes on your laptop. This is very much a cursory explanation, and there’s a lot more to it, but I think for your use case it’s probably the simplest explanation I can think of.
Ahhh. Sorry. I thought your intention was to watch your local countries shows in another country. All good mate.
“…and moreover your NAS is both an exit node and also shares the internal subnet of your home LAN…”
This is the part I need help getting my head around.
That is part of it. The app I want to use supposedly blocks most known VPN providers so connecting through my home residential address should be a “better” option.
Ah, OK. So if your NAS runs Wireguard, on the NAS you set up IP forwarding and on the laptop you set up the wireguard client to route all traffic through the Wireguard tunnel (i.e. through your NAS).
Tailscale is similar: except you’re not limited to a laptop to NAS (peer-to-peer) connection. See the last paragraph of my previous reply that I added later (likely after you replied to my last comment).
If memory serves me correctly, setting up your NAS as an exit node will allow you to access both the Internet through your home Internet connection and any local home LAN IPs/networks that your NAS can access. An exit node captures and routes all traffic that is not explicitly destined to an address on your tailnet (e.g. direct connection to another device on the tailnet).
Thank you, this is helpful.