I actually think Tailscale may be an even bigger deal here than sysadmin help from Claude Code at al.
The biggest reason I had not to run a home server was security: I'm worried that I might fall behind on updates and end up compromised.
Tailscale dramatically reduces this risk, because I can so easily configure it so my own devices can talk to my home server from anywhere in the world without the risk of exposing any ports on it directly to the internet.
Being able to hit my home server directly from my iPhone via a tailnet no matter where in the world my iPhone might be is really cool.
I am not sure why people are so afraid of exposing ports. I have dozens of ports open on my server including SMTP, IMAP(S), HTTP(S), various game servers and don't see a problem with that. I can't rule out a vulnerability somewhere but services are containerized and/or run as separate UNIX users. It's the way the Internet is meant to work.
I’m working on a (free) service that lets you have it both ways. It’s a thin layer on top of vanilla WireGuard that handles NAT traversal and endpoint updates so you don’t need to expose any ports, while leaving you in full control of your own keys and network topology.
But I also think it's worth a mention that for basic "I want to access my home LAN" use cases you don't need P2P, you just need a single public IP to your lan and perhaps dynamic dns.
- Each device? This means setting up many peers on each of your devices
- Router/central server? That's a single point of failure, and often a performance bottleneck if you're on LAN. If that's a router, the router may be compromised and eavesdrop on your connections, which you probably didn't secure as hard because it's on a VPN.
Not to mention DDNS can create significant downtime.
Tailscale fails over basically instantly, and is E2EE, unlike the hub setup.
> Router/central server? That's a single point of failure
Your router is a SPOF regardless. If your router goes down you can't reach any nodes on your LAN, Tailscale or otherwise. So what is your point?
> If that's a router, the router may be compromised and eavesdrop on your connections, which you probably didn't secure as hard because it's on a VPN.
Secure your router. This is HN, not advice for your mom.
> Not to mention DDNS can create significant downtime.
Set your DNS ttl correctly and you should experience no more than a minute of downtime whenever your public IP changes.
A lot of people are behind CGNAT or behind a non-configurable router, which is an abomination.
> Secure your router
A typical router cannot be secured against physical access, unlike your servers which can have disk encryption.
> Your router is a SPOF regardless
Tailscale will keep your connection over a downstream switch, for example. It will not go through the router if it doesn't have to. If you use it for other usecases like kdeconnect synchronizing clipboard between phone and laptop, that will also stay up independent of your home router.