Why Tailscale?
Tailscale is my everyday carry at KnausDev. Whether I’m connecting to my servers on Hetzner, streaming from my Jellyfin media server in the car, or giving friends access to a game server with a single shared link — it all runs through Tailscale. Where WireGuard gives me control over specific tunnel configurations, Tailscale gives me a mesh network that just works across every device I own.
How I Use It
I’ve used Tailscale at KnausDev in configurations ranging from personal single-device setups to full enterprise ACL configurations for client teams.
Personal use
- Self-hosted access: connecting to Nextcloud, Gitea, and Symfonium from anywhere without exposing ports
- Media streaming: accessing Jellyfin from my phone in the car or from any network
- Phone access: SSH into servers from my phone via Termux when I need quick access on the go
- File sharing: LocalSend across devices on the same Tailscale network
- LAN gaming: instant LAN connectivity between friends for game servers without port forwarding
Work and client setups
- Machine sharing: when I needed to share a single machine with a client, one click on share and they had a link to connect it into their network
- Server tagging: tagging machines by environment (production, development) and granting access based on role
- Team ACLs: developers get access to dev servers only, lead devs get production access. Full enterprise-grade access control as part of infrastructure delivery
- Client isolation: separate networks per client with controlled access to only what they need
The setup varies by project — sometimes it’s as simple as sharing one link, sometimes it’s a fully structured ACL configuration with tagged devices and group-based permissions.
Status
Active: primary VPN across all personal and work infrastructure.