The official Tailscale subreddit. Not routinely monitored by Tailscale employees. Please contact support via https://tailscale.com/contact/support if you need further help.
Tailscale when I don't have a public IP in my home network?
I've seen recommendations for things like Tailscale which are listed as the most secure way to access Jellyfin remotely, but I was wondering if anyone with more networking experience can tell me if it's even going to work out.
I have a WISP internet provider and I do not have a modem onsite because my internet is sent to me with a long distance radio dish. Here in my home, the outermost appliance is my pfSense router with a WAN IP within the 100.x.x.x space.
Can Tailscale even work in this situation? I have to use a service like STUN to get my external IP from within the network, and my WAN IP is already in the 100.x.x.x range that Tailscale uses.
Yup it works just fine, I have been using it with my 5g which also doesn’t have a public ip
The utter beauty of TailScale is that it just works. Home router running it, phone even when on office WiFi, laptop at a hotel, work laptop on work network, ... It all just connects happily.
The central "router" is in the cloud, each client connection is to that (not from that, but outbound TO it). This bypasses all other routing and firewalls and the works, because to those external firewalls it is just like you going to Google.com. it's outbound, and slips right through. And responses use the same path back to you.
Heck. I can print to my home printer while I'm at work, directly to it's home-local IP, as if I'm at home. No charge to my computer, I just turn on TS and click print (selecting my home printer). Yay TS "subnet routing".
Thanks everyone for the input! I wanted to be sure my effort wouldn't be wasted and that I wouldn't run into any walls during setup.
I have to add though, that Tailscale was painless. It's the single easiest, simplest thing on my network that I have ever set up and I went from zero to up and running within 10 minutes.
It should be able to figure out how to get out and your ISP is using Carrier Grade Nat
Tailscale adds 32-bit routes to the table to optimize the path between your devices and the outside world.
I use Jellyfin plus Tailscale. Works great.
Yep. That works great. Just enable port forwarding where you can so that Tailscale can at least escape your NAT.
I use a LTE Modem as the WAN for our terminal\ikvm switch. Only port open on the modem is Tailscale, only device on the "network" is the KVM switch.
Port forwarding? No need that I can see. TailScale is 100% outbound relative to your devices and should just be recognized by all upstream routers as a sticky connection to some arbitrary hub elsewhere (home-pc/roaming-laptop/etc, being the spokes). I wouldn't even know what port to open for TS.
Why did you open a port, and what is it for?
Tailscale works fine in dynamic dns environment, download the tailscale in pfsense plugins
The easiest way to fix this is to go into JSON config and disable IPv4 and only use IPv6 addresses for Tailscale (the DNS hostnames will still resolve so this isn't as annoying as it sounds)
https://tailscale.com/kb/1018/acls/#tailscale-policy-syntax