After a year of running Cloudflare Tunnels for his Home Assistant hub and a Synology NAS, developer Nicolas Fränkel decided to switch to Tailscale following two Mastodon comments that highlighted the mesh‑VPN’s appeal. With a planned months‑long stay in Australia, he needed a way to reach his home services without exposing public endpoints.

Tailscale creates a Zero Trust identity‑based mesh where each device authenticates through a chosen IdP. It supports Linux, Windows, macOS, iOS, Android and Synology, letting Fränkel tag servers for role‑based access. MagicDNS assigns a ts.net subdomain, eliminating the need for TLS certificates or port‑forwarding while enabling remote SSH.

The migration removed all router port‑forward rules and kept internal traffic inside the private mesh, boosting privacy. Drawbacks include remembering ports for multiple services and the lack of built‑in TLS for internal nodes, which Fränkel plans to address later. He recommends Tailscale for single‑user homes seeking simple, secure remote access.