Tailscale

Tailscale is a VPN app built on WireGuard, which you can connect all your devices to regardless of where they are. Connections made through Tailscale are secure, offering end-to-end encryption without the need to configure routers, open ports, or touch firewalls. Unlike traditional VPNs that route traffic through a central server, Tailscale creates direct peer-to-peer connections between each device, resulting in lower latency and higher speed. As well as direct connections, you can make a device, such as a PC or a NAS, the center of your connections.

How your mesh network (tailnet) works

When Tailscale is installed on a device and you log in with your account, the node generates a public/private key pair and registers with the Tailscale coordination server, which acts as a "shared drop box for public keys." Each node automatically downloads the keys and addresses of the other devices on your network (your tailnet), configures WireGuard with that information, and establishes direct connections with the others without you having to do anything else. After that, all your devices will appear on the same private network with fixed IPs in the 100.x.x.x range (Carrier-Grade NAT) that never change, even when switching WiFi or mobile networks. If a direct connection is not possible due to NAT or firewall restrictions, Tailscale uses its DERP servers as an encrypted relay so that packets always reach their destination, although with slightly more latency.

MagicDNS, Subnet Routers and Exit Nodes

Tailscale features MagicDNS, which automatically assigns readable hostnames to each node in your tailnet, allowing you to connect to services with the names of your choice so you don't have to remember IP addresses. From the Android app, you can review the details of each node, its DNS resolvers, domains, and routing configuration. Subnet Routers allow you to connect not only devices with Tailscale installed, but entire networks, so that you can access all the devices on your home network (printers, NAS, IP cameras, etc.) from your terminal even if they do not have the client installed. Exit Nodes take this a step further: You can designate one of your devices as an internet exit node, routing all your device's traffic through it just like a conventional VPN would. As a result, if you find yourself in another country, you can browse as if you were at home through your own device, saving you the cost of paying for a VPN. You can also make use of Split Tunneling, which prevents specified apps from redirecting their traffic through Tailscale.

Shields Up, Taildrop and management from Android

The Android app comes with Shields Up mode, a simple firewall switch that blocks all incoming connections from your tailnet at will, without disconnecting you from the network. It also supports Taildrop, the system for sending files directly between devices on your tailnet without going through third-party services, like a sort of AirDrop that works across any platform. From the app, you can manage multiple accounts and tailnets, quickly switching between profiles, viewing the connectivity status of each node in real time with visual indicators, and accessing the Tailnet Lock configuration, which protects the addition of new nodes with a key verification system. In business environments, the app supports MDM (Mobile Device Management) with solutions such as Google Workspace, Microsoft Intune, or TinyMDM for automatic deployment and configuration across device fleets.

My experience with Tailscale

Having used Tailscale for months on my local network, my NAS is the server all my devices connect to in order to redirect traffic. Thanks to this, I have access to all my files even when I am not at home, and I can interact with my smart home devices without having to open ports and expose my network to potential unauthorized access. To add to this, I can filter by app, so that for example only my Android file explorer can access my NAS as if I were at home, and the rest of the apps access the internet without going through Tailscale. At the same time, being able to choose whether I want my NAS to act as an exit node is highly convenient as it gives me the option of being on a virtual local network without redirecting traffic, or I can force my traffic to pass through the NAS.

What I liked most about Tailscale and what could be improved

· What I liked most: The ease of configuration, being able to choose whether or not I want to redirect traffic through my NAS, and the split tunneling function to select which apps access the network.

· What could be improved: Android's aggressive battery management can interrupt the background connection if you don't manually configure the optimization exception. The app is great for domestic use, but the free plan has a limit of three users and 100 devices, which may fall short for large homelabs or medium-sized teams.

Download the Tailscale APK and connect all your devices in a secure private mesh network based on WireGuard, accessing servers, NAS, and remote computers from your Android device as if you were at home, without configuring routers or opening ports.