Eric M Forbell

Software engineer. Curious mind. Practical sorcerer. Bitcoiner. Family man. Christian.

One LAN to Rule Them All: Discovering Tailscale

March 01, 2026

I found Tailscale last week, and I'm annoyed nobody told me sooner.

My home network looks less like a tidy diagram and more like a battlefield map from Middle-earth:

  • Kids on school Wi-Fi with locked-down Chromebooks
  • A spouse at the grocery store checking the family calendar
  • A home server hosting all those precious photo and video memories
  • Half a dozen laptops, phones, tablets, and smart devices
  • A router with port forwards I set up three years ago and forgot about

If you've exposed a port to the public internet, you know there are things scanning for it.

You don't have to be a wizard to defend your small kingdom anymore.

The Problem Tailscale Solves

Connecting devices across networks used to mean configuring VPN servers, opening firewall ports, managing certificates, fighting NAT traversal, and praying your ISP doesn't break something. Or worse, exposing services to the public internet.

Tailscale eliminates all of that.

Tailscale creates a private, encrypted mesh network between your devices, wherever they are.

Your phone at the grocery store. Your kid's laptop at school. Your server at home. Your work machine at a coffee shop. They all behave as if they're on the same local network, without opening public ports.

No port forwarding. No exposed services. No wizard robes required.

How It Works

Under the hood, Tailscale builds on WireGuard, a modern, fast VPN protocol.

Instead of a traditional hub-and-spoke VPN:

  • Each device joins a private tailnet
  • Devices authenticate via your identity provider (Google, Microsoft, GitHub, etc.)
  • Connections are end-to-end encrypted
  • Peers connect when possible
  • NAT traversal is automatic
  • No inbound firewall holes required

A secure, identity-aware overlay network that stitches your devices together privately. The demons from Mordor never see your gates.

Real-World Example: The Modern Family Kingdom

Imagine your home runs:

  • A NAS with family photos
  • Home Assistant controlling lights and dinner timers
  • Plex serving movie night
  • A dog camera monitoring Rover
  • A shared calendar on a local service
  • A dev server in the basement

With Tailscale, your spouse checks the meal plan from the store. Your kid grabs homework files from home. You SSH into your home server from anywhere. Rover's camera stays off the public internet.

All without opening ports 22, 443, 32400, or anything else to the outside.

Setup: Five Steps

1. Create an Account

Sign in at tailscale.com using Google, Microsoft, GitHub, or another provider. That identity becomes your authentication layer.

2. Install on Your First Device

Download for macOS, Windows, Linux, iOS, or Android. Install and sign in. That device is now part of your tailnet.

3. Install on Your Other Devices

Repeat on your home server, NAS, laptop, phone, and family devices. Each one joins your private network. No port forwarding. No router configuration.

4. Access Devices by Name

Each device gets a stable private IP and DNS name like:

homeserver.tailnet-name.ts.net

From your laptop at a coffee shop:

ssh user@homeserver

5. Close Your Public Ports

Go into your router and remove old port forwards, disable exposed services, and turn off UPnP if you don't need it. Your services are reachable only through your encrypted mesh network.

The drawbridge is up.

Why This Matters in 2026

The internet scans constantly. Bots probe SSH, RDP, Plex, NAS admin panels, cameras, anything listening. If you've looked at logs on an exposed port, you've seen the noise.

Tailscale flips the model: instead of protecting exposed services, you make them invisible. Security by strong identity, encryption, and zero public surface area.

For the Curious

A few features worth exploring once you're running:

  • ACLs to define who can access what
  • Subnet routers to bridge entire LAN segments
  • Exit nodes to route traffic through home
  • MagicDNS for internal DNS resolution
  • Taildrop for file sharing between devices

Start simple. Grow into these over time.

The Bottom Line

You don't need to be a network wizard to protect your small kingdom.

Install Tailscale. Join your devices. Close your public ports.

The evil from Mordor isn't mythical. It's automated. And it's scanning your IP right now.

Do this today.

Modern father in a complex but medieval world

← Back to home