Tailscale (Personal VPN)

Originally Posted 9/28/23

image of the tailscale logo with the word tailscale next to it. The logo is 9 grey dots, with the entire center horizontal row instead block dots, and the center dot on the bottom row is also block, making a little T

What is it?

Tailscale is a VPN that you can setup to connect to your home network. For more information about what a VPN is, you can read this post here.

Why would I use it?

I have found it's extremely helpful to be able to access my home network when I am away from home. Some reasons I like connecting to my home network:

I'll work on making blog posts on how to set each of those up individually, because they all require a bit of setup (outside of the printers). But hopefully you can see that being able to connect to your home network whenever you need to has its benefits.

This sounds great, how do I set it up?

It's honestly extremely easy. Like, I had run into tutorials for other programs before people described as "easy", and then I'd run into a million problems. But when I setup Tailscale, my thought afterwards was "wow... that actually just worked".

When setting up Tailscale, it's best to use a computer that is always on (or, one that's on most of the time) so that you can connect to your home network whenever. For that reason, I've installed Tailscale on a Raspberry Pi I have. I've also installed Tailscale on my brothers windows computer, which seemed equally as easy.

For the Raspberry Pi installation, I followed this guide. For the windows installation, Tailscale has a great installation guide here. If you follow those steps, you should have Tailscale up and running in no time! Once it's installed on your main device, you then can download tailscale on a second device, and voila you should be within the same network as your main device.

I do want to mention before going further that setting something like Tailscale up does come with inherent risk. For example, if someone is able to figure out your tailscale login info, they could access everything you have connected to Tailscale. I'm also not entirely sure how much Tailscale handles locally (on your computer) vs on their servers. So, I'm not entirely sure what sort of issues could arise should they be hacked. Looking around online, it seems that others believe them to be safe enough to use, but I thought it was worth mentioning. Tailscale does have an article about how it works and steps you can take to make your network even more secure.

Further Setup

So, Tailscale suggests that you have every device you'd like connected to be running Tailscale. This is the most secure option. However, there are cases in which that is either not possible or not ideal. For me personally, I have a couple of different computers and services where I know having certain IP addresses is important. I've not tested what happens if they're in a Tailscale subnet, and did not want to for fear of messing something up. If you're in a similar boat, or have devices that just can't run the Tailscale client, one thing you can do is set it up so that your one device running Tailscale gives Tailscale access to the rest of your network.

This is useful because this means once you're connected to your home network, you can access things like Remote Desktop and shared drives using the devices IP addresses for your local network, rather than using the IP address assigned by Tailscale. This is also potentially dangerous, as again if someone manages to hack into your Tailscale account, they can now have access to your entire network, rather than just whichever devices are connected via Tailscale. For me, this was the easiest solution and so I went for it.

What we're setting up is what's called a Subnet route. Tailscale has an explanation here on how to set it up on various devices. It's typically as simple as typing in:

into Command Prompt. You would replace the "192.168.0.0/24" with whatever your home network is that you'd like devices connected to Tailscale to be able to access. The question of course is how do you know what your home network is?

Note:On the Tailscale website, it lists a lot of steps for Linux (raspberry pi) to advertise the subnet route. I don't remember doing anything other than typing in the above command, so it's possible those steps aren't necessary in raspbian (the operating system for Raspberry Pi's). I am unsure

IP Address Explanation

So, this part is a little technical but I'll try to make it as easy as possible. If you just want the steps to find your IP address, go to the next section. Here I will explain a bit of what an IP address is.

The standard subnet for home networks is 192.168.1.0/24. To briefly explain, each device connected to the internet is assigned a unique IP address. When you're connected to your home network, your router assigns this to each device. The "/24" is referencing what's called a "subnet mask". This tells your router which numbers it can change when assigning IP address. Each section of numbers between the dots in the IP address is 8 bits of information. The numbers can go from 0-255.

So, simplifying here, if we didn't want the router to touch only the first set of numbers (192 in this case), we'd have a /8 subnet (signifying to the router not to touch the first 8 bits of information). /24 is telling the router not to touch the first 3 sets of numbers (Given 8x3=24). So, for standard home networks, every device will be in the format of 192.168.1.X, where X changes per device. So, your computer might be 192.168.1.10 while your phone is 192.168.1.233.

While this is pretty standard, it is possible that your home network does not use this subnet. The other common network options are 10.0.0.0/8 and 172.16.0.0/16 .

How to find your IP Address

The easiest way, if you're on a windows computer, to find your ip address is to open Command Prompt and type in

You might have to scroll up a bit, but you're looking for "Default Gateway" and "Subnet Mask". The Default Gateway is the address for your router (typically the first number in your subnet. So, in a standard home network, 192.168.1.1). The subnet mask is the fully written out version of the /24 (or whatever) from earlier. You'll notice, however, instead of saying /8, /16, or /24, it'll say something like 255.255.255.0 . The easiest way I can explain this would be to just know each set of 255 is equivalent to 8 bits of info.

So:

If your subnet mask is not one of those three listed above, you're in a very unique situation. Use this calculator here, and where it says "Subnet" under "IPv4 Subnet Calculator", click the drop down arrow and it will list each possible subnet option with its slash notation. (So, for example, it'll say something like 255.255.255.240 /28 . The /28 is the slash notation for 255.255.255.240)

Now that you know your subnet and default gateway, we can figure out the command to put into tailscale. As I mentioned, the default gateway is for your router and typically the first IP address in the subnet. So, to get the subnet address, just change the one to a 0. So, if the default gateway was 192.168.1.1 (with a subnet mask of /24), the subnet is 192.168.1.0 . Similarly, if the default gateway was 10.0.0.1 with a subnet mask of /8, the subnet would be 10.0.0.0. Now, it is possible you have something different than this. In which case, you might have to do some more research into subnets and subnet masks. But I will be moving on as the vast majority of people will have 192.168.1.0/24 as their subnet and subnet mask.

If this is in fact your situation, the command to type in in command prompt would be:

With that typed in, you'll need to follow the next steps in the tailscale instructions, which involve enabling the routes for your other devices to be able to access. Looking through it, I personally skipped over the ACL rules section, and so can not offer much advice. However, it would be a good idea for security.

Wrap Up

And that's it! I know this post was long, however a lot of it is just explanation. The actual amount of steps to do is pretty small, making this a nice thing to setup if you feel like accessing your home network could be useful. As always, if you have any questions or comments, feel free to reach out to steventanzimedia@gmail.com. I'll try to write some more posts soon explaining some other uses for Tailscale.