Tailscale
What it does#
Tailscale creates a secure WireGuard-based mesh VPN across all devices. With subnet routing enabled, any device on the tailnet can reach services on the homelab LAN — even from outside the house.
Runs on#
🖥️ All nodes (Pi, Laptop, ThinkCentre)
Stack#
| Component | Details |
|---|---|
| Client | Tailscale agent on every node |
| Protocol | WireGuard |
| Feature | Subnet routing for LAN access |
Config highlights#
- Subnet routes advertised from the Pi so the entire LAN is reachable
- MagicDNS enabled for friendly hostnames
- ACLs configured to restrict access to sensitive services
- Exit node available for tunnelling all traffic through the homelab