Speaking of SSH, Tailscale has special support for it whereby it handles any incoming connection to port 22 from the Tailscale network, and deals with authentication itself. No public keys or passwords: if you’re logged into Tailscale you can be logged into the machine. This is particularly handy when you SSH from a phone, as proper credential management is a bit of a nightmare there.

this has me worried. i would not want that. i use zerotier, not tailscale, but the principle is the same. i have my laptops and my phone connected to my servers. given that all of those machines are already on the internet, connecting them into a virtual network does not add any risk in my opinion. (at least as long as you don't use features like the above). all i get is a known ip address for all my devices, with the ability to connect to them if they have an ssh server running. when i am outside the primary benefit is that i can tell which devices are online.

> Sounds a bit like a fancier ngrok.

Well, yes and no.

You can use it like ngrok, and I'm sure you could configure wireguard and ngrok to give you something similar to what Tailscale does, but Tailscale does it out of the box, with polished and well built client and server apps.

I'm no infra guy, I'm just a former front-end eng, but it gives me the confidence to expose media centres and file servers etc to "the wild" without it being public.

Using Jellyfin to watch content from my home server on my iPad while I'm away from home is as "easy" as Disney or Netflix with Tailscale, just installed the clients and servers and .. voila?

Having all your mobile traffic routed through AdGuard Home (or PiHole) is a game changer. It's also nice using an exit node through my home network whenever I am on public wifi.

I wrote a POC for using Tailscale serve and funnel similarly to ngrok here:

https://github.com/jaxxstorm/tgate

Plex already supports remote access via UPnP. https://support.plex.tv/articles/200289506-remote-access/