Something is off here as the official cli docs says "--exit-node-allow-lan-access Allow the client node access to its own LAN while connected to an exit node. Defaults to not allowing access while connected to an exit node." this contradicts to what you stated at 5:00 and more specifically at 5:09
Thank you for pointing this out! You are quite correct and this was an error in the video. To clarify. "Allow LAN access" permits the client system to access other clients on the current LAN when enabled. An easy test is to flip the exit node ON and ping a host in your current LAN at the same time. Watch the ping times change as you change the "allow LAN access" setting. In my case, due to subnet routing in my Tailscale network I did not notice the subtle difference because I can already route this LAN subnet from anywhere - thanks to Tailscale! I'll pin this comment to help others, and once again thanks for pointing this out.
Tailscale should add a feature to automatically switch exit note when the main one you're using is down so you would not be stuck with internet not working.
Thanks for teaching us. I have deployed tailscale on my unraid server and on my pf sense router with the ability to use both as a exit node. If wanting to access my home network away from the house what is the best exit node destination?
Hey! Many thanks for your amazing videos. If i may suggest a new video: "Using Tailscale in a Coolify Server (locally or VPS)" With Coolify Caddy support and many configurations, i believe it's one of the amazing combos - especially having mixed access services (things public, others via tailscale VPN only).
Thanks for these videos. Tailscale for pc should have a setting like the mobile app where you are able to tell which apps should run exit node or not. Anyways, great app! I'm using it a lot to connect to my devices in China
Add a support for Android rooted devices because we missing the VPN. Because tailscale using VPN, as i seen some people build a tailscale without VPN in rooted device but it's not official so it's great if it's comes from tailscale.
You did understand incorrectly. The traffic between nodes/devices is encrypted... What I think he is saying g is that the http(s) traffic between a device and a website does not transverse the tailnet by default which means that traffic does not benefit and is not slowed down by transversing the tailbet before hitting the internet. That external traffic is direct (off tailnet) by default... Tailnet traffic is end to end encrypted but your web traffic is secured with https or is plain text (but a more direct connection with no overhead). Hope the above helped
Something is off here as the official cli docs says "--exit-node-allow-lan-access Allow the client node access to its own LAN while connected to an exit node. Defaults to not allowing access while connected to an exit node." this contradicts to what you stated at 5:00 and more specifically at 5:09
Thank you for pointing this out! You are quite correct and this was an error in the video.
To clarify. "Allow LAN access" permits the client system to access other clients on the current LAN when enabled.
An easy test is to flip the exit node ON and ping a host in your current LAN at the same time. Watch the ping times change as you change the "allow LAN access" setting. In my case, due to subnet routing in my Tailscale network I did not notice the subtle difference because I can already route this LAN subnet from anywhere - thanks to Tailscale!
I'll pin this comment to help others, and once again thanks for pointing this out.
Really appreciate the quality of Tailscsale's documentation and tutorial videos. And the use of Apple TV is just too cool.
I appreciate the clear and well thought out instructions with a little humor for fun.
Tailscale should add a feature to automatically switch exit note when the main one you're using is down so you would not be stuck with internet not working.
Or when it completely nukes your OPNsense config
Superb explanation. As always! Thank you, sir.
Completely unrelated but so cool that you’re in NC, I’m in Charlotte.
Thanks for teaching us. I have deployed tailscale on my unraid server and on my pf sense router with the ability to use both as a exit node. If wanting to access my home network away from the house what is the best exit node destination?
Pick whichever you feel like! It doesn’t matter one bit. They’ll both show as you exiting from your home network.
Hey! Many thanks for your amazing videos.
If i may suggest a new video: "Using Tailscale in a Coolify Server (locally or VPS)"
With Coolify Caddy support and many configurations, i believe it's one of the amazing combos - especially having mixed access services (things public, others via tailscale VPN only).
Thanks for these videos. Tailscale for pc should have a setting like the mobile app where you are able to tell which apps should run exit node or not. Anyways, great app! I'm using it a lot to connect to my devices in China
App connectors allow tailnet wide split tunneling. A future video will cover this.
It would be great if you can also add subnet routing to Android.
thanks!
Add a support for Android rooted devices because we missing the VPN.
Because tailscale using VPN, as i seen some people build a tailscale without VPN in rooted device but it's not official so it's great if it's comes from tailscale.
Did I understand correctly that Tailscale is unencrypted when used as an overlay network?
You did understand incorrectly. The traffic between nodes/devices is encrypted... What I think he is saying g is that the http(s) traffic between a device and a website does not transverse the tailnet by default which means that traffic does not benefit and is not slowed down by transversing the tailbet before hitting the internet. That external traffic is direct (off tailnet) by default... Tailnet traffic is end to end encrypted but your web traffic is secured with https or is plain text (but a more direct connection with no overhead).
Hope the above helped
And you can even use an Echo Show 15 as exit node.
@@maikmueller it's Android so of course most Amazon products are.