➡ Tailscale offers a free and secure way to access your home devices from anywhere. It uses a mesh VPN, which connects all your devices in a network, and ensures security through end-to-end encryption. However, it uses third-party platforms for credentials, which might be a privacy concern for some. Despite this, Tailscale is easy to install and can connect up to 100 devices, making it a great solution for both personal and small business use.
➡ Tailscale and Rust Desk are tools that allow you to connect and control your devices from anywhere, as if they were on your local network. Tailscale assigns fixed IP addresses to your devices, while Rust Desk lets you control them remotely. This setup is secure, simple, and works on all platforms. It’s especially useful for managing servers, whether they’re at home or in a data center, and it doesn’t require any risky methods like port forwarding.

How do you access your home devices from another location? This is actually quite a complex problem that the average user doesn’t understand how to solve. Do this wrong and you’ve exposed your home network to security attacks. Do it with the old-fashioned enterprise way and you’ll be breaking the bank with new hardware. But what if I told you you can do all this for free with a mesh VPN and to an encrypted and I’ll even show you how to access your desktop like you’re at home very easily. This new method is made possible by Tailscale and this is such a game changer and really makes the idea of private networks such a simple thing to accomplish now.

If you’re running a home lab you can have complete access to everything remotely. If you have security cameras you can monitor them without having to connect to some whole server of your security cam provider or having them keep recordings. You can access your backups from any location even while traveling. What I’m going to teach you today will eliminate security risks and even privacy risks. If you’re giving yourself remote access via port forwarding on your router stop that unsafe practice now. I’ll explain the mechanics of the Tailscale mesh VPN so you’re not blindsided with undisclosed behaviors and then I’ll introduce you to a platform-independent way to access your desktop using something called Rustdesk.

Ready for new discovery? Stay right there! In a home setting the common way to enable remote access is to enable port forwarding. Let’s say you want remote desktop access to a Windows computer at home. You go to your router settings and enable port forwarding and then you open the port 3389. Or if you have a Linux computer at home and you want access the port for SSH is port 22. Or if you have a security camera using RTSP the vendor will tell you to do port forwarding via port 554. These are such dangerous moves.

Don’t ever, ever, ever do this. It would be a simple matter for hackers to scan for these ports on the open internet. And this is how there are published sites showing live cameras at people’s homes everywhere. In an enterprise setting if you’re working from home and need access to a corporate network normally they’ll give you a username and password and you install software like sonic wall. And then this connects you to a sonic wall appliance that gives you access to the enterprise network. Sonic wall is a VPN and security device.

You definitely don’t need this and frankly this is limited too because for personal use it is one way. Let’s say it’s the other way around you’re at home and you need to access a security camera at your vacation home. Sonic wall is a centralized VPN. It’s not useful for the distributed use where you can be anywhere and need to access devices from different places. It’s time to dump these old technologies and they really don’t fit a home user or small business owner and these technologies add a security risk. Dalescale mesh VPN.

The concept of a mesh VPN is that after you set it up you are always connected to all your devices that are on the mesh with an IP address that looks like this 100 dot x dot x dot x. As long as you have some form of internet connection on all your devices they automatically connect to the mesh. The way this works is actually on each device. When you reboot each device it will connect to the internet as usual then the Dalescale server application will run and then announce itself with the IP address to your mesh.

This part is controlled by a Tailscale server which acts as a router so this router server is just resolving the IP address for the mesh. Because the connection established by each device is outgoing and there are rarely any firewall stopping outgoing traffic on your local network then the Tailscale server process is often able to punch through your network restrictions and connect to the Tailscale router. In most cases you actually establish a peer-to-peer connection between the two Tailscale connected machines. In more complex cases like a situation where you’re running a VPN router in between or situations where the UDP protocol is blocked then you connect to Tailscale servers called DERP.

These servers then act as a relay and forward traffic to each device. In 90% of scenarios like a typical home setup you will not be using a DERP relay and this is all automatic you don’t need to get involved with this level. Tailscale is end-to-end encrypted. The idea of a relay potentially involved in traffic management can be scary for the security minded so I’ll tell you that there is no real risk. All devices connect to each other using WireGuard VPN. This is again all installed by Tailscale so you don’t have to understand the fine points.

What this means is that all the traffic is end-to-end encrypted as that is what a VPN provides. While this is a VPN do not confuse this with a VPN like bytes VPN that you use to access the open internet as that is different. This is a VPN for your own private network. The VPN portion here provides the encryption layer so even when the traffic is relayed the relaying servers are only handling encrypted traffic so none of your data will ever leak out. Tailscale login drawback. From a privacy perspective the main drawback to using Tailscale is that it has no credential processing whatsoever.

Instead the credentials are provided by third-party platforms. This simplifies it for Tailscale as no credential can ever be hacked from it and those third-party platforms are Google, Microsoft, Apple, GitHub or a credential provider like OpenID. This bothered me enough that I looked for some alternative way to run Tailscale. You can if you have the text expertise set up your own cloud server and then install the self-hosted project called HeadScale. I tried this and I have to tell you it was so problematic and buggy and I couldn’t get it to work even with AI assistance so I had to re-examine the risks of Tailscale.

Remember that this is used to control your own devices. There is no external monitor to see your traffic since as I said they are encrypted. In my case I use an existing GitHub account login as my Tailscale credential and for me it was the lesser of all evils. It’s low risk but I’m at least being open with you that this may be a concern for some of you if you want truly invisible traffic. In any case after using Tailscale itself it was ludicrously simple to use and I connected a variety of devices.

I had Ubuntu devices, PopOS, Ubuntu servers, Zorin, Proxmox, Windows and Android. I even connected to an AWS server. For the most part the only time you have to use the credential provider like GitHub in my case was during the initial setup so I don’t want to overstate this. Tailscale is free. Tailscale is free at least for the use I’m teaching you about today. Tailscale is a new company and started up during the COVID period and this quickly grew to a company with a valuation of over 1 billion today. So the question is how do they make money if it’s free and what do you get with free? Well it’s pretty amazing actually a single user can connect up to 100 separate computers into your local mesh.

That’s per mesh and you can share devices via link to two more additional users. You could even go more complex than this and connect to multiple meshes managed by separate credentials. But seriously 100 devices is enough for even a small business to manage a ton of machines even externally. So a tech professional could provide services to a client that has up to 99 computers all connected to Tailscale with the one computer reserved for the tech. Or alternatively a site could invite a tech to access a computer by sharing a Tailscale link.

The limitation on the personal plan is that a single person manages the entire Tailscale with his credentials and that’s where free ends. In the corporate scenario if you want multiple people to manage the mesh with their own credentials then you have to advance to the premium tier which starts at $6 a month per user and up to $18 per user per month. For enterprise use that’s where they make the money. So this is not limited to just personal use though that is what I’m teaching you today. How to install Tailscale.

As I said installing Tailscale is super easy. Just go to Tailscale.com sign up for free using a credential provider and then you will install the software on each device. On Linux I just cut and paste this simple command in terminal. After you run it and it completes you will be told to run sudo Tailscale up and this fires up the Tailscale server and it will give you a link. Then run the link on your browser and it will give you the dialogue to connect the machine. If the machine is remote and you’re connecting it via SSH then you can run the link on your current machine.

Obviously you can’t access a remote browser if you’re using SSH but that doesn’t matter where you run it which is cool. On Windows you go to Tailscale.com and log in first then it provides the Tailscale download and then you get the dialogue to connect the server to the network. On Android I installed a Tailscale app and logged in and then I was able to directly access my servers. For example I was able to use a Synology NAS server without using the open internet. Then when you have many devices connected you can see all of them on Tailscale.com with all the IP addresses assigned and these IP addresses remain fixed.

So regardless of where you are these computers appear to be on your local LAN with the IP address 100.x.x.x. Accessing a desktop via Rust-S. If you’re a Linux user you can use existing tools like SSH or File zilla to get direct access to your files or control each device. But what if you want to actually control the desktop as if you’re in front of the machine? For Windows users you already know how to use remote desktop or team viewer. However this is not such a smooth solution when you have non-Windows devices.

The solution that works with all platforms and is pretty seamless is called Rust Desk. I’ve actually connected Linux to Windows, Windows to Linux, Linux to Linux, all accessed at the desktop level and for all intents and purposes it behaves like a remote desktop and is pretty snappy at 1080p. First you go to Rustdesk.com then download the software for your particular operating system. There’s an MSI for Windows for example, for Ubuntu there’s a DEB file. We’ll assume here that you’re already running on Tailscale for simplicity so it’ll be like connecting to a local machine.

On Windows install by clicking on the MSI and follow the prompts. On Ubuntu install the DEB file by opening it using App Center. After installation run the Rust Desk app on all the machines and what’s simple here is that the app is the same for both server and client. Both are always active. After installing on each machine tap the three dots next to your machine ID and go to security. Then click on unlock security settings. You may have to enter your pseudo password on Linux. This enables access to security settings.

This is important. Scroll down to enter permanent password and enter a password. Then scroll down further to enable direct IP access and it will show a port number which you just leave alone. That’s it. From here on just write down the machine ID and your global password and you connect to that desktop at any time. The direction of who access client and who’s the server is up to you. For ease of use you can look at your device connections on Rust Desk and rename it so you can recognize the machine without having to remember the ID.

Super simple and safe. When used this way there’s no relay server. It’s direct peer-to-peer and you’re operating solely inside your mesh VPN. Next level use. For more advanced users I will take you to the next level. I’m running some servers using Proxmox and I also have cloud servers running on AWS and other data centers. Using tail scale you can actually close all ports coming into the server using the normal access tools like SSH at port 22 or webbin at 10,000 or Proxmox at 1,006. Everything appears as a LAN so basically it simplifies the security setup especially if you’re running many virtual machines in a rack server.

By using tail scale you act like you’re in a data center itself. I would still maybe open up SSH access in the cloud to a single emergency IP address in case of emergency but that’s all you would need. Everything else will be handled through tail scale. This now elevates tail scale to a nice security tool. I have the ability to access 100 devices per mesh network and that is way more than sufficient to maintain servers either in my home lab at AWS or at a co-location data center. For my co-location machines I’m typically running Proxmox and in this case I don’t even need anything else since Proxmox already has a built-in web UI.

So while I’m teaching you this as a tool for personal use it is actually much more sophisticated than that but we’re still in the free tier here. A long sought-after solution. This combo solution of tail scale plus the occasional Rustdesk is an amazing new solution whether I need to access a rack server or my home local AI server or my home security camera. I’m always on. There’s nothing to set up. The mesh is always active. I don’t have to manually switch it on. If the on tail scale. This was such a difficult problem to solve in the past and required risky approaches like port forwarding.

Now the solution is simplified. I’m actually surprised that many more people aren’t aware of this. I’m glad I’m able to spread the word. Folks this tech channel is a little different because I focus on privacy solutions so that we have control over the tech instead of someone controlling us. I have a social media platform called Braxme where many users are able to discuss privacy issues in an identity safe environment and critically analyze tech solutions from beginner to advanced levels. Join us there and be part of the community and maybe share your knowledge as well.

To support this channel we have a store on Braxme where you can gain access to privacy products we have created ourselves. We have Braxmail for identity safe email. We have Brax virtual phone for anonymous phone numbers. We have bytes VPN to guard your IP address and obscure your location. We have other products like the Google phones and flashing services. We have two crowdfunding projects on indiegogo.com. You may have heard of the Brax 3 phone which is shipping a second batch now. This is all found at a different website which is Braxtech.net which is a sister organization to mine.

And you will also discover the new Brax open slate tablet running Android or Linux also on Braxtech.net. Again these products are being sold on indiegogo.com. Thank you very much to all those supporting us on Patreon, locals, and YouTube memberships. Your contributions are very encouraging. You are appreciated. See you next time. [tr:trw].

See more of Rob Braxman Tech on their Public Channel and the MPN Rob Braxman Tech channel.