Something is off here as the official cli docs says "--exit-node-allow-lan-access Allow the client node access to its own LAN while connected to an exit node. Defaults to not allowing access while connected to an exit node." this contradicts to what you stated at 5:00 and more specifically at 5:09
Thank you for pointing this out! You are quite correct and this was an error in the video. To clarify. "Allow LAN access" permits the client system to access other clients on the current LAN when enabled. An easy test is to flip the exit node ON and ping a host in your current LAN at the same time. Watch the ping times change as you change the "allow LAN access" setting. In my case, due to subnet routing in my Tailscale network I did not notice the subtle difference because I can already route this LAN subnet from anywhere - thanks to Tailscale! I'll pin this comment to help others, and once again thanks for pointing this out.
I really have to thank you, and applaud you for the way you present this content. Your ability to plainly lay out, and stack the details, without muddling them up is brilliant. Your guidance has been a masterclass in zero trust self hosting. Once again, thank you sir.
Tailscale should add a feature to automatically switch exit note when the main one you're using is down so you would not be stuck with internet not working.
Thanks for these videos. Tailscale for pc should have a setting like the mobile app where you are able to tell which apps should run exit node or not. Anyways, great app! I'm using it a lot to connect to my devices in China
Thanks for teaching us. I have deployed tailscale on my unraid server and on my pf sense router with the ability to use both as a exit node. If wanting to access my home network away from the house what is the best exit node destination?
i have 3 windows machines in 3 diffrent countries, i activate exit nodes on 2 of them? which exit node will use the 3rd machine? considering the simplistic design of the whole concept which is amazing, what was the idea behind the implementation of the "acl"s cumbersomeness? i know i can disconnect from the "tailnet" on a pc from the tray icon, but why can't i disable the virtual adapter itself? what made you think this concept is accepable?
Hey! Many thanks for your amazing videos. If i may suggest a new video: "Using Tailscale in a Coolify Server (locally or VPS)" With Coolify Caddy support and many configurations, i believe it's one of the amazing combos - especially having mixed access services (things public, others via tailscale VPN only).
You did understand incorrectly. The traffic between nodes/devices is encrypted... What I think he is saying g is that the http(s) traffic between a device and a website does not transverse the tailnet by default which means that traffic does not benefit and is not slowed down by transversing the tailbet before hitting the internet. That external traffic is direct (off tailnet) by default... Tailnet traffic is end to end encrypted but your web traffic is secured with https or is plain text (but a more direct connection with no overhead). Hope the above helped
Add a support for Android rooted devices because we missing the VPN. Because tailscale using VPN, as i seen some people build a tailscale without VPN in rooted device but it's not official so it's great if it's comes from tailscale.
Something is off here as the official cli docs says "--exit-node-allow-lan-access Allow the client node access to its own LAN while connected to an exit node. Defaults to not allowing access while connected to an exit node." this contradicts to what you stated at 5:00 and more specifically at 5:09
Thank you for pointing this out! You are quite correct and this was an error in the video.
To clarify. "Allow LAN access" permits the client system to access other clients on the current LAN when enabled.
An easy test is to flip the exit node ON and ping a host in your current LAN at the same time. Watch the ping times change as you change the "allow LAN access" setting. In my case, due to subnet routing in my Tailscale network I did not notice the subtle difference because I can already route this LAN subnet from anywhere - thanks to Tailscale!
I'll pin this comment to help others, and once again thanks for pointing this out.
I really have to thank you, and applaud you for the way you present this content. Your ability to plainly lay out, and stack the details, without muddling them up is brilliant. Your guidance has been a masterclass in zero trust self hosting. Once again, thank you sir.
Really appreciate the quality of Tailscsale's documentation and tutorial videos. And the use of Apple TV is just too cool.
I have to agree, the quality is just amazing. I can't recommend Tailscale enough
I appreciate the clear and well thought out instructions with a little humor for fun.
Tailscale should add a feature to automatically switch exit note when the main one you're using is down so you would not be stuck with internet not working.
Or when it completely nukes your OPNsense config
Completely unrelated but so cool that you’re in NC, I’m in Charlotte.
Superb explanation. As always! Thank you, sir.
What happens if you have multiple exit nodes? If I access the internet, which node would I be router through?
This video might bring me back to Tailscale.. I was having issues with connectivity and I believe that lan option might have been the cause.
Thanks for these videos. Tailscale for pc should have a setting like the mobile app where you are able to tell which apps should run exit node or not. Anyways, great app! I'm using it a lot to connect to my devices in China
App connectors allow tailnet wide split tunneling. A future video will cover this.
Thanks for teaching us. I have deployed tailscale on my unraid server and on my pf sense router with the ability to use both as a exit node. If wanting to access my home network away from the house what is the best exit node destination?
Pick whichever you feel like! It doesn’t matter one bit. They’ll both show as you exiting from your home network.
great video! thanks. I wonder if I can use tailscale with TP-LINK Mesh WIFI system like the X50 or X75? J.
i have 3 windows machines in 3 diffrent countries, i activate exit nodes on 2 of them? which exit node will use the 3rd machine? considering the simplistic design of the whole concept which is amazing, what was the idea behind the implementation of the "acl"s cumbersomeness? i know i can disconnect from the "tailnet" on a pc from the tray icon, but why can't i disable the virtual adapter itself? what made you think this concept is accepable?
It would be great if you can also add subnet routing to Android.
Hey! Many thanks for your amazing videos.
If i may suggest a new video: "Using Tailscale in a Coolify Server (locally or VPS)"
With Coolify Caddy support and many configurations, i believe it's one of the amazing combos - especially having mixed access services (things public, others via tailscale VPN only).
thanks!
Did I understand correctly that Tailscale is unencrypted when used as an overlay network?
You did understand incorrectly. The traffic between nodes/devices is encrypted... What I think he is saying g is that the http(s) traffic between a device and a website does not transverse the tailnet by default which means that traffic does not benefit and is not slowed down by transversing the tailbet before hitting the internet. That external traffic is direct (off tailnet) by default... Tailnet traffic is end to end encrypted but your web traffic is secured with https or is plain text (but a more direct connection with no overhead).
Hope the above helped
That Pi2b that wasnt quite powerful enough for reliable streaming became an awesome Pihole/unbound/chrony server, now I will have to throw on TS ❤
And you can even use an Echo Show 15 as exit node.
@@maikmueller it's Android so of course most Amazon products are.
Add a support for Android rooted devices because we missing the VPN.
Because tailscale using VPN, as i seen some people build a tailscale without VPN in rooted device but it's not official so it's great if it's comes from tailscale.