> Finally, the new Tailscale client allows an Apple TV to be an exit node itself for other machines in your tailnet.
Pretty huge. Many non-techy users don't like the idea of keeping a computer on 24/7, but a smart TV is just fine.
Also, the Apple TV 4k only draws 0.5 watts at idle and less than 3 watts when streaming movies[0], so I imagine it pulls less than 1 just tunnelling traffic. Computers pull 15W+ at idle, and that's with low end components.
Can second the recommendation for the Mango travel router. I always prefer to take the VPN out of the “hands” of the client device to avoid any leaks. With 2 such devices connected via Wireguard VPN any other device I connect to that client router’s WiFi is safely communicating through that VPN. A sort of site to site VPN that works for devices that could never otherwise use a VPN client.
But of course this is a different use case and not always an option. Not if you want to use Tailscale. Probably unless that Apple TV is already connected to one of this “VPN WiFi” with Tailscale on top (no idea what the functionality or performance impact is).
also seems to work with 'tailscale up --advertise-exit-node' if you ssh into the router instead of using admin console.
addsubtract 11 hours ago [-]
Ordered one - I will be traveling and would be nice to switch exit nodes as needed while on the go. Not that I need to hide the fact I’m out of country, but seems like a good way to connect up the work laptop to appear on my home IP.
Anyone using glinet routers for that purposes and have any tips?
tiffanyh 1 days ago [-]
How will this work?
My Apple TV constantly goes to sleep.
Is Tailscale doing some type of “busy wait” to prevent tvOS from going to sleep?
lathiat 1 days ago [-]
It’s not truly asleep. The display parts are but it’s always connected to wifi to act as a home hub, receive airplay requests, etc.
crazygringo 1 days ago [-]
You can change your Apple TV settings to not to go to sleep.
angott 1 days ago [-]
This is not really necessary, there is no need to change any settings. Even when the device enters sleep mode, VPN apps can remain active, just like on iOS.
jondwillis 1 days ago [-]
Neat, maybe I can sell my M1 mini server
8fingerlouie 20 hours ago [-]
Nah, you'll still need that to synchronize iCloud content locally so that you can make backups of it, as Apple stubbornly refuses to allow TimeMachine (or anything else) to actually backup stuff that is only stored in iCloud, and provies no easy, scriptable way, of doing so otherwise.
It may just be a problem for me, but as i have ~3TB of photos in iCloud (2 x 2TB), and unless i want to buy laptops with 2TB storage, there is no practical way of backing up the contents of iCloud, so i use a Mac Mini M1 with an external drive, syncrhonize data locally, and then back it up from there.
tonyaiken 12 hours ago [-]
If it’s iCloud Photos you can try icloudpd, works pretty well from my Synology NAS
yardstick 19 hours ago [-]
I need to backup my iCloud data soon too. How sure are you that the data is all downloaded from the cloud when you copy it to the external drive?
Do you use any special tools?
8fingerlouie 18 hours ago [-]
I just configure each users account on the Mac Mini to download everything from iCloud, and then backup each users directory.
It does require each user to login again every time the mac mini is rebooted, but fortunately that only happens when new releases come around, so 3-4 times every year.
I do periodically check if new photos have been downloaded. I care less about documents as the relevant documents are more likely to also be stored on the laptops, and thus backed up through the normal backup routine on the laptops.
I do wish Apple would come up with a solution to this problem though. The official instructions[1] feels like something from 2003.
> I do wish Apple would come up with a solution to this problem though.
That wish is in the opposite direction of Apple’s brand identity: “let us handle everything for you with our white glove service [you can pay, right?]”
aaomidi 1 days ago [-]
I had not convinced the use case of using this as an exit node. Fuck this simplified so much.
copperx 1 days ago [-]
Tailscale also runs on Android TV. If you don't have an Apple TV and want a cheap device just to have an exit node, you can buy a $20 Android TV thingy.
vosper 1 days ago [-]
Beware that a lot of cheap Android TV boxes come pre-loaded with heaps of malware. You don't want them in your network.
That's true. However, Walmart's $20 Onn 4k Streaming Box has no malware, apparently.
metadat 1 days ago [-]
I abandoned the Google TV thingy because it was great when it was new a year or so ago, but now after all the updates it frequently stutters when playing media from Netflix, Disney+, HBO Max, etc. Apple TV is silky smooth and works perfectly.
At $200, it was 4x the price, though.
icelancer 1 days ago [-]
The expensive Nvidia Shield Pro is dogshit as well for streaming performance at $150-200. Ridiculous.
nirav72 8 hours ago [-]
You're the first one I've read that has had issues with streaming performance on the Nvidia Shield. I have the non-Pro nvidia shield and its been rock solid for streaming external content and local content. Including 4k. I even ran it as a plex server for a while. Are you using wireless or plugged into ethernet?
johnmaguire 23 hours ago [-]
Works great for me?
joshspankit 13 hours ago [-]
It’s most likely just because of new codecs. If you got a newer cheap device it would probably not stutter (until the next round of codecs, but Apple TV requires the same upgrades)
metadat 13 hours ago [-]
I don't think so, x264 and x265 haven't changed in the past 12 months, or even the last 2+ years. My suspicion is Elgoog releases Android system updates without thoroughly testing them on existing released hardware.
My friends have Apple TVs that don't stutter, for 3+ years.
mjs 1 days ago [-]
It … kind of does, but if you filter the reviews by "TV" you'll see there's quite a few issues with it: https://play.google.com/store/apps/details?id=com.tailscale..... Not sure why the back button issue hasn't been fixed, that makes it very inconvenient to set up. (Also: are you sure it can be used as an exit node? That wasn't supported a few months ago.)
e12e 1 days ago [-]
Why, apparently it finally does - since when? Last time I checked, I'd have to sideload it on my Nvidia shield?
MuffinFlavored 1 days ago [-]
> Many non-techy users
Why would a non-techy user want to volunteer to be an exit node?
giobox 1 days ago [-]
I have setup Pis in family member homes to allow me to get residential IP VPN exit node in their respective countries - cheap and easy way to get access to foreign TV streaming services without a monthly fee. I used to run my own exit nodes in AWS/DigitalOcean in those regions, but virtually all streaming services block VPS/cloud service IPs at this point. Having an exit node in an actual "real" residential internet service is vastly more flexible.
This potentially would be even easier for me, given they all have Apple TVs already. This isn't a public exit node - it's only available to other users (i.e. people you know and have granted access to) of your own TailScale setup.
Same for non-techy folks who have second homes in foreign countries, or even just travel a lot - an Apple TV running this new app back in their main property will allow them for free to browse the web as if they are actually at their main property, including any TV services they enjoy.
fragmede 1 days ago [-]
This isn't Tor, being an exit node just means the non-techy user can access Netflix while travelling internationally.
userbinator 23 hours ago [-]
Blame Tor for popularising the term "exit node" to mean "public proxy".
The terms "VPN gateway" or "VPN server" are still valid and less easily confused with Tor's use of "exit node".
giobox 10 hours ago [-]
Yes and no... A VPN Gateway or VPN server doesn't have to be an exit node, and may route onwards to actual exit nodes. Some nodes may not "exit" at all - see setups where you are just trying to reach your private networks.
In a tailscale setup, an "exit node" has specific meaning and the term makes sense as far as I'm concerned:
It’s not a public Tor exit node. It’s a personal node you can use to route your own traffic.
1 days ago [-]
KoftaBob 7 hours ago [-]
So that when they're overseas, they can route their internet traffic through their Apple TV at home in the US, and any streaming service they use will think they're in the US and not give them trouble about "Hulu isn't available in your location".
Mandatum 1 days ago [-]
I live reading copy that’s obviously written by nerds. This is the least corporate announcement I’ve seen from a corporation in a long time.
No mention of how much they live trust and privacy or how they’re going to make your experience more delightful.
ant6n 1 days ago [-]
Yeah, sounds like a bunch of tech gobbledigook. I guess it’s written for the users of these services, and they know what all this jargon means.
cstrahan 1 days ago [-]
Tailscale is a company that provides a VPN (“Virtual Private Network”) service. If you don’t find yourself thinking “man, I really wish this one computer over here could share the same network with that computer over there, despite not being on the same WiFi access point or physical Ethernet network”, then their service (and the news regarding it) aren’t for you.
Why would someone want a VPN? There are a bunch, but here are some examples:
1) You want to connect to one of your machines at home while you’re at a coffee shop, or on vacation. Maybe so you can check security cameras, I dunno.
2) You’re on vacation outside of your home country, and you would like to watch a video stream that is blocked in the country you’re vacationing in. I experienced this in the Bahamas — If I recall, I was wanting to watch a UFC fight, but the UFC app refused to stream to the Bahamas (it was this and/or other Disney/Hulu whatever services refusing to play in the Bahamas). By routing traffic through your ISP back home: problem solved. (This what “exit node” is referring to — a computer through which internet traffic flows on your behalf)
3) You want to play a game with a friend that only supports multiplayer play on the same network, but your friend isn’t physically there with you in the same house. So just put the two of you on the same virtual network and now you can play together.
ant6n 2 hours ago [-]
I bet they run a useful service. But their post doesn’t really speak well to people who don’t already use the service, because it doesn’t define the used names (e.g. it’s only implied that the service is a VPN, why not just say it up front). That’s why I think it’s not a great press release.
bawana 1 days ago [-]
but why is this better than running a vpn client on your pc? For example,when I want to watch streams restricted in my country, I fire up the ExpressVPN client on my laptop, connect to Switzerland, and then my restrictions disappear. Why should get another piece of hardware, wires and complexity (what happens when this box doesnt connect to the internet but it has no keyboard,, display or mouse to guide troubleshooting?)
cpuguy83 1 days ago [-]
Because Tailscale is a [1] direct connection. No middleman service with access to your traffic.
[1] In some cases this is not possible and there are relays setup to help route traffic.
What's in the traffic is opaque to these nodes. You can also choose to use your own nodes.
If you are interested here is a great post on how this works: https://tailscale.com/blog/how-nat-traversal-works/
lxgr 1 days ago [-]
Most streaming services block commercial VPNs and even data center IP ranges at this point.
Some VPN vendors bypass that by reselling access to residential IPs (witting or unwitting on the side of the person paying for the ISP service), but even that is hit and miss.
> Why should get another piece of hardware
Many people already have an Apple TV or Android TV streaming box.
aspenmayer 1 days ago [-]
The GL.iNet routers have a mobile and desktop config site and buttons to configure/reset the device as well as a two-position hardware switch, the function of which is configurable also. This is not to mention they can run OpenWRT/LEDE and there are vendor created “clean” firmware images to do so. They’re one of the best devices for this use case and price point. I don’t think the situation you’re worried about is a reasonable concern for someone already expected to be competent to manage the router generally to begin with, and if they also want to do the things Tailcale does, they can and should be able to troubleshoot the problem space. The stock firmware is a modified OpenWRT with a web GUI and some optional extras, but it’s the most functional consumer router I’ve used.
miki123211 1 days ago [-]
> With up to three users available on our Free plan, you’ve got tools to make a media drive available to other trusted people in your life. You can share a collection of family photos and home videos into a faraway relative’s tailnet, without worrying about locking down the server for public internet access.
It's important to point out here that, in addition to this, the free plan also lets you send invite links to specific devices, which other people can add on their own accounts. That way, nobody has to go for the (quite expensive and obviously company-focused) free plan, you can share your device with as many friends as you like, and you're not sharing anything else beyond that single device.
Operyl 1 days ago [-]
Using it as an always-on exit node is actually a pretty nifty feature, I hadn’t thought about that as a viable feature before now.
cube2222 1 days ago [-]
This is by the way kind of how remote access with apple home works.
The Apple TV serves as a local gateway relaying all the commands to your local IoT devices.
On a side note, tailscale is lovely. I have nothing but good things to say about them.
Operyl 1 days ago [-]
Yup, either a HomePod, Apple TV, or iPad left at home can act as a HomeKit hub.
(Yes, you can technically use an iPad as a hub if you are on the old Home architecture)
Operyl 1 days ago [-]
Good change, then! It wasn’t a great experience for most people. iPads are rarely static home fixtures now, and they were the only ones capable of dying.
drcongo 18 hours ago [-]
Yeah, that was always a weird choice. The one time I went on holiday without first checking to see which device was acting as my primary home hub it turned out to be my iPad, which I'd taken with me, and all my security cameras were "unavailable" for the week. I'm sure the system is supposed to just switch to a different primary hub in that situation (I have about 15 candidates), but it didn't.
ignoramous 23 hours ago [-]
> This is by the way kind of how remote access with apple home works.
Tailscale continues to be one of the more impressive services I've ever used. Going to install this on my Apple TV immediately. I often travel and use public Wi-Fi, so this is massively useful as my PC and my laptop are not always on (so I can't use them as an exit node). Pretty genius honestly.
drexlspivey 1 days ago [-]
The bigger news is that you can add VPNs on Apple TV with tvOS 17, I had to run it on my router before
fmajid 1 days ago [-]
Still better to run it on your router. Apple’s had VPN leaks, and also exempted its own services from VPN or Little Snitch firewalling. Separation of roles means not having to trust Apple.
ignoramous 23 hours ago [-]
Wait until Apple bundles in 5G eSIMs for connectivity for just Apple apps to bypass the physical firewalls.
fmajid 8 hours ago [-]
I think SmartTV vendors will get there first.
FireBeyond 1 days ago [-]
I don't care either way, but I did note the ignorance of the elephant in the room as to why 99% of people would care about Tailscale and native VPN support on their Apple TV... and it's not "avoiding sketchy wifi networks".
fotta 1 days ago [-]
> With a Tailscale exit node, you’re in control and you get the internet connection you’re used to. This new feature could come in handy if you’re traveling with your Apple TV and want to access the same geo-restricted channels you can see from home.
They do call this out towards the end.
cassianoleal 1 days ago [-]
How's this supposed to work? If I'm travelling with my Apple TV and use it as an exit node, it's as geo-restricted as I am, wherever I am.
ezfe 1 days ago [-]
This blog post isn't just for using it as an exit node. Traveling with the Apple TV and using Tailscale lets you exit-node back to your house.
Traveling without the Apple TV and the exit-node can be your Apple TV.
cassianoleal 18 hours ago [-]
Perhaps the blog post isn't, but the quoted text is:
> With a Tailscale exit node, you’re in control and you get the internet connection you’re used to. This new feature could come in handy if you’re traveling with your Apple TV and want to access the same geo-restricted channels you can see from home.
ezfe 11 hours ago [-]
Yes, but the tail scale exit node referenced in that quote isn't necessarily the Apple TV.
Larrikin 1 days ago [-]
You designated a device at home as the exit node and are using that on your Apple TV in a different location.
meowtimemania 1 days ago [-]
The main use case I see is sharing streaming services like youtube TV with family.
zikduruqe 1 days ago [-]
I run my own DNS server at home, and have Tailscale installed on it also. I use this so when I am away from home, I can continue to use it via Tailscale and/or an exit node for full on VPN-like solution.
I can now, move Tailscale off that server, and put it on my Apple TV to use as my network for my DNS server when I am away from the house.
radicaldreamer 1 days ago [-]
You can already do that officially... but maybe not region-locked sports
drewnick 1 days ago [-]
Definitely not region locked sports. My YT TV account is based on the other side of the country and I can't watch our local teams quite frequently. I've been using wireguard and a dedicated wifi network to tunnel through a fiber connection "back home" and it then thinks I am local and all works well. This is much cleaner with tailscale!
sangnoir 1 days ago [-]
It's cheaper if everyone is in the "same household" (i.e. sharing the same public IP as main account)
LoganDark 1 days ago [-]
It's a way to access it remotely without having to forward a port to the whole world. There are other ways to do this, but a VPN is usually the most straightforward option.
It's also a way to proxy your connections through a device at home, of course. Whether the Apple TV is the client or the exit node.
copperx 1 days ago [-]
For sharing Netflix accounts?
fragmede 1 days ago [-]
Arrr, it not be for Netflix.
tredre3 1 days ago [-]
Tailscale isn't useful for piracy. Unless you really want your pirate traffic to always be routed through your home?
tshaddox 1 days ago [-]
The idea is that you host all your pirated media from home, e.g. on a NAS running Plex or Jellyfin, and your home server can stream any of your media to any device (including transcoding it to best fit the device and connection).
Tailscale isn't particularly useful for acquiring the pirated media in the first place, of course.
stirlo 1 days ago [-]
How is this different to running a Plex server on your NAS and streaming directly over regular internet?
FloatArtifact 1 days ago [-]
You do not punch holes through your routers firewall. There for it's is more secure as a mesh network.
ezfe 1 days ago [-]
Tailscale has Mullvad integration now, so it can be used that way too
nirav72 8 hours ago [-]
So the exit node can route traffic through Mullvad VPN?
I guess it’s more to be able to access the local are stack / jellyfin from everywhere?
unstatusthequo 1 days ago [-]
Because say I want to connect to my own private remote network. I have a server hosted in a datacenter because I self-host. I'd much rather have VPN capabilities than deal with a proxy server and publicly open ports with rules. This is a much tighter way to do things, IMHO.
nickvanw 1 days ago [-]
This is useful - using an exit node with an Apple TV is useful as well for navigating around certain tools that are geo-blocked. Before, you'd have to handle it outside of the device which is much more difficult.
I'm going to play around with this later in the week.
mlfreeman 1 days ago [-]
Will this work with Headscale too?
angott 1 days ago [-]
Tailscale dev here: yes, you can set up a custom coordination server in the settings, just like on the iOS app. Open the tvOS Settings app, then scroll down to Tailscale.
vineyardmike 1 days ago [-]
Genuine question: Does tail scale want people using headscale?
I'm a free-tier personal user, and a little too cheap to give a for-profit corp money when I don't need to just because "I REALLY like the product". If I use headscale does that just cause a headache for the team, or is it good because it reduces traffic to prod?
I'm to cheap to pay when I don't need to, but its such a great product (esp for free) that I'd gladly change how I use the product to be less expensive or problematic.
hzia 1 days ago [-]
Thank you so much for that!! I wondered about this as well. Love how above and beyond you guys are going to support other OSS implementations <3
xeonmc 1 days ago [-]
Is it possible to transparently embed Tailscale into a game to only talk to your self-hosted Headscale server?
Also, is it in theory possible to use WebRTC to negotiate Wireguard connections and not use any control plane?
bananapub 18 hours ago [-]
> Is it possible to transparently embed Tailscale into a game to only talk to your self-hosted Headscale server?
> Also, is it in theory possible to use WebRTC to negotiate Wireguard connections and not use any control plane?
you can write code to do whatever you want I guess, but that's nothing to do with tailscale
b555 1 days ago [-]
can anyone share documentation/paper/video with eli5 of tailscale?
i recently read this with mulvad too and feel stupid that I don't intuitively understand how it works, and what it does and why it's needed.
simonw 1 days ago [-]
It's WireGuard with a really nice UI.
WireGuard is an outstanding mechanism for building secure virtual private networks.
You can run WireGuard on a bunch of different machines (or virtual machines) spread all over the world and give them the ability to talk to each other as if they were on the same LAN, with every packet fully encrypted.
TailScale has productized this. They wrote software for a bunch of platforms that makes it trivial to connect those machines to your "tailnet" - effectively a WireGuard network which their software manages for you.
They tie this to SSO - so you can install their software on your phone and your home server, sign them both in using Google SSO or similar, and now they're able to talk to each other on a secure virtual network.
I suggest trying the TailScale setup process to really understand how good it is.
hot_gril 1 days ago [-]
So it's a VPN, right?
vineyardmike 1 days ago [-]
Its utility is as an "overlay network", but using traditional VPN technology. Yes, it is a virtual network, and it's private, but it's not intended to be used to exit to the internet in a controlled manner, as VPNs are often advertised as.
hot_gril 23 hours ago [-]
Well, the original purpose of a VPN was more as a private LAN (as Tailscale seems to advertise itself as) than as a way to exit to the Internet somewhere else. And it does both still.
Seems like Tailscale is a very souped up VPN, though. You can add more nodes to the network easily, and even have multiple gateways to the Internet.
derefr 19 hours ago [-]
> Well, the original purpose of a VPN was more as a private LAN
You're conflating two concepts.
An "oldschool" VPN connection (using e.g. IPSec) is something that allows your computer to remotely "join" a real, physical LAN. It's basically equivalent to running PPP over IP: your computer "dials up" a daemon running on a server somewhere; that daemon accepts a stream of raw packets from your computer's network stack; and then that daemon dumps those packets out through one of the server's NICs onto a local network segment — where those packets are then handled by the switch they run into as if your computer was directly plugged into that switch. So your computer can acquire an IP address for its VPN "bridge" interface via DHCP from the switch; can talk to other devices on that private network through the switch; can talk to the Internet via NAT through that switch; etc.
Tailscale, meanwhile, creates a software-defined virtual LAN on top of p2p mesh networking of the nodes. There's no actual network segment anywhere that your packets are being dumped out onto; the "switch" handling your packets is a shared distributed abstract-machine that's partly running on your Tailscale client, and partly running on the other nodes' Tailscale clients. That virtual LAN doesn't have a routing table + NAT on it to translate packets into Internet-bound packets. Nor does the LAN have the ability to host L2 services like DHCP. It's just a functional L3 simulation of an L1 network segment, not a faithful emulation of an L1 network segment.
hot_gril 10 hours ago [-]
Ah, makes sense. I realized Tailscale was a virtual network but forgot that a VPN doesn't include that functionality.
ezfe 1 days ago [-]
It's kinda a VPN.
Tailscale on its own is a mesh network that allows your devices to communicate (in a VPN, technically, yes) between themselves.
If you have an exit node, then you can route your traffic to that exit node in the way most people think of a VPN.
It also has Mullvad integration, providing Mullvad servers as exit nodes.
If you use an exit node, then its functionally equivalent to a VPN with fancy features.
efxhoy 17 hours ago [-]
It makes setting up your own peer to peer VPN between your devices.
You have a home server, could be home assistant, a Raspberry Pi, your desktop computer. Access that server and all services on your phone or laptop from anywhere without figuring out ports and worrying about your server being pwned. It all looks like local traffic.
Set the DNS server on your phone to a Pi running AdGuard Home and block all ads and trackers when on 5G, not just in the browser.
Travel abroad with your laptop and designate your computer at home as an exit node and now all the traffic on your laptop looks like it is coming from that country.
Those are just the use cases I am using personally.
It connects all of your computers and devices in a way that feels magical. For example, if I have a Plex server named myplex on port 80 at home, and if I want to access it from my laptop, I just go to http://myplex.
It doesn't matter if I'm at home or anywhere else, if I have internet then that just works. I don't have to open a port on my router, configure DNS, or anything like that, I just install and run Tailscale.
duped 1 days ago [-]
You're on a team of 10 people with 20 different machines between you and want to securely send/receive files, spin up servers and talk to them, etc.
Tailscale makes this really easy, and fast.
ecliptik 1 days ago [-]
It's a 90s LAN, but with encryption and accessible from anywhere.
Stem0037 12 hours ago [-]
Cool! it sounds like a pivotal upgrade, offering both convenience and enhanced security features. I love using Apple TV as the router in my home, when paired with Headscale, it's simply perfect.
ShakataGaNai 1 days ago [-]
This is very cool, and very useful.
For the average, non-technical user, Apple TV as an exit node for other device while traveling is super cool.
But for someone who is out of the country for a duration, it's also super handy. Netflix knows all the popular VPN providers and ban hammers them on a regular basis. But being able to use my Apple TV to watch my normal Netflix (or whomever) from any other country... because they think I'm at home? Super win.
fragmede 1 days ago [-]
Network engineers watching rtt/packet latency very closely can still tell that something fishy is up, but Netflix doesn't really want to block VPNs, they just have to pretend to care enough so that the labels don't pull their content.
lstamour 1 days ago [-]
If one forwards traffic through iCloud+ proxy to mask IP address, I wonder if it’s still possible to tell a VPN, from, say, a perfectly legitimate SpaceX satellite signal received on a boat… ;-)
fragmede 1 days ago [-]
no comment
nose-wuzzy-pad 1 days ago [-]
I’ve installed this on a freshly updated AppleTV 4K with Ethernet and for the life of me I can’t get it to work using the Apple TV as an exit node. I’ve enabled it and approved it in the console.
Unfortunately I can’t ping any hosts through it or make any connections. This is in contrast to my other exit node, which is a docker container running tailscaled with user networking. It continues to work just fine.
Any ideas?
Thanks.
pomatic 7 hours ago [-]
Are your clients set to use the AppleTV as a gateway? That's a fundamental requirement to ensure the packets your devices send in reply get passed back to the tailscale network.
aaomidi 1 days ago [-]
I’ve been working on bringing tailscale into container networking through a driver, it’s still a work in progress but people might already be interested in trying it out:
Thanks for sharing this. I'm thinking this might be useful to run on a VPS and tie to a reverse proxy container. So I could expose services externally without opening up port on my wan side.
lxgr 1 days ago [-]
That's amazing!
I've already been using it in a very similar way on a Chromecast (the one running Android TV), which made me use my Apple TV less and less, to the point where I actually unplugged it. This might just be its ticket back to an HDMI port :)
nirav72 8 hours ago [-]
whoa. I'm going to try installing tailscale on the googletv chromecast dongle. Because one of the biggest issues with Chromecast was that it and the device casting from had to be on the same wireless LAN. So when traveling I had to either use a travel router or turn my phone/tablet into an AP. Tailscale might solve that. I already use tailscale for everything else. Just never thought about installing it on Googletv chromecast. Thanks for the suggestion.
lxgr 7 hours ago [-]
You still won't be able to actually cast to a Chromecast device unfortunately, since that requires mDNS to work, which only works in the same broadcast domain (i.e. you'd need an L2 VPN, but Tailscale is L3).
unstatusthequo 1 days ago [-]
This is great news! Not only does this make a remote Plex / Jellyfin media server easier to deal with, the Apple TV can be an exit node. Solid work, TailScale!
maxmcd 1 days ago [-]
I'm a little unfamiliar with how Plex routing works. Would this make it so that your plex connected media servers don't need to be publicly routabel and the Plex app will know to connect through the tailscale network?
Would you need to reconfigure plex to use the tailscale ip addresses and then the Apple TX Plex app will stream over that address?
ecliptik 1 days ago [-]
I wrote up a guide [1] on using Plex + Tailscale + HTTPS last year to setup Plex so you don't have to expose it through the Plex relays or setup port forwards for other devices on a Tailnet.
I would assume with this announcement, you can keep Plex private to your Tailnet and an AppleTV also on the Tailnet could use it without any port fowarding.
>setup port forwards for other devices on a Tailnet.
Ah. Now I get it.
aaomidi 1 days ago [-]
Depends on how you’ve setup Plex, but you can give it custom access URLs. So you can expose both a public and a private endpoint. Or just a private endpoint, up to you really.
sohrob 1 days ago [-]
Awesome news and boosts the utility of the Apple TV tremendously.
Timber-6539 1 days ago [-]
I wish they would work on their Android client.
Its got a long standing request to add split tunnelling [0] (a standard feature on pretty much every VPN client you'll come across). But it seems in the spirit of re-inventing existing networking technologies, Tailscale also decided to re-invent what a VPN client does.
This alone makes me give this otherwise wonderful project a pass despite all the deservingly good press it gets.
That's great tvOS now allows VPN - hopefully NordVPN will now release on Apple TV App Store.
NordVPN runs great on Amazon Firestick - works for BBC Iplayer and ITVX when you're outside UK.
syntaxing 1 days ago [-]
Is it possible to run a plex or jellyfin server on an Apple TV like a Nvidia Shield? If so, I might seriously consider getting an Apple TV just to run as a media server.
billyhoffman 1 days ago [-]
Sadly an Apple TV can't also be the media server (at least for something like Plex). But just about anything else can run media server, and you can go really low end especially if you don't need it to transcode your media. Some software like Infuse will stream the original media file to the Apple TV, and the transcoding happens on device.
tshaddox 1 days ago [-]
True, but of course if you already have a media server, it can almost certainly already act as a Tailscale exit node.
syntaxing 1 days ago [-]
I more or less have running every through a N100 and it has been great. Would have been awesome to replace it with an Apple TV though
hapticmonkey 20 hours ago [-]
AppleTV cant act as a media server. But as a client it's fantastic.
An AppleTV with an app like Infuse will flawlessly play back 4K HDR or Dolby Vision videos client side (no transcoding) as well as 7.1 lossless TrueHD audio. Unfortunately it wont do TrueHD Atmos.
zakki 1 days ago [-]
I wish there is Tailscale for LG TV.
tacticalturtle 9 hours ago [-]
Switching from WebOS on my LG TV to the Apple TV as the primary interface was honestly one of the best consumer decisions I’ve made this year.
LG TVs get slower and more ad- laden with each update.
ilteris 1 days ago [-]
Never heard of tailscale before. Is it similar to Plex?
nerdbert 1 days ago [-]
Nope, it's a tool for building a private network among machines which can be geographically and internetically distributed. So, more or less a VPN, but not particularly in the sense that people use it today (which is effectively a glorified proxy server).
klinquist 1 days ago [-]
This makes it much easier to use the Xfinity Stream app on your "travel appletv" :)
Spooky23 1 days ago [-]
Can you use this to appear to be in another place for blackout avoidance purposes?
dangoodmanUT 1 days ago [-]
LOVE THIS
jedberg 1 days ago [-]
> But even if you don’t have a media server to connect to, you can use Tailscale’s Apple TV app to select another device in your tailnet ... to use as an exit node. This will route all your Apple TV’s traffic through that connection ... making your traffic appear to originate from the machine of your choice.
Oh look all of those family Netflix devices are in one home again!
1 days ago [-]
Rendered at 02:36:07 GMT+0000 (Coordinated Universal Time) with Vercel.
Pretty huge. Many non-techy users don't like the idea of keeping a computer on 24/7, but a smart TV is just fine.
Also, the Apple TV 4k only draws 0.5 watts at idle and less than 3 watts when streaming movies[0], so I imagine it pulls less than 1 just tunnelling traffic. Computers pull 15W+ at idle, and that's with low end components.
0: https://www.apple.com/environment/pdf/products/appletv/Apple...
But of course this is a different use case and not always an option. Not if you want to use Tailscale. Probably unless that Apple TV is already connected to one of this “VPN WiFi” with Tailscale on top (no idea what the functionality or performance impact is).
Anyone using glinet routers for that purposes and have any tips?
My Apple TV constantly goes to sleep.
Is Tailscale doing some type of “busy wait” to prevent tvOS from going to sleep?
It may just be a problem for me, but as i have ~3TB of photos in iCloud (2 x 2TB), and unless i want to buy laptops with 2TB storage, there is no practical way of backing up the contents of iCloud, so i use a Mac Mini M1 with an external drive, syncrhonize data locally, and then back it up from there.
Do you use any special tools?
It does require each user to login again every time the mac mini is rebooted, but fortunately that only happens when new releases come around, so 3-4 times every year.
I do periodically check if new photos have been downloaded. I care less about documents as the relevant documents are more likely to also be stored on the laptops, and thus backed up through the normal backup routine on the laptops.
I do wish Apple would come up with a solution to this problem though. The official instructions[1] feels like something from 2003.
[1]: https://support.apple.com/en-us/HT204055
That wish is in the opposite direction of Apple’s brand identity: “let us handle everything for you with our white glove service [you can pay, right?]”
Linus Tech Tips has a video about it: https://www.youtube.com/watch?v=1vpepaQ-VQQ&themeRefresh=1
At $200, it was 4x the price, though.
My friends have Apple TVs that don't stutter, for 3+ years.
Why would a non-techy user want to volunteer to be an exit node?
This potentially would be even easier for me, given they all have Apple TVs already. This isn't a public exit node - it's only available to other users (i.e. people you know and have granted access to) of your own TailScale setup.
Same for non-techy folks who have second homes in foreign countries, or even just travel a lot - an Apple TV running this new app back in their main property will allow them for free to browse the web as if they are actually at their main property, including any TV services they enjoy.
The terms "VPN gateway" or "VPN server" are still valid and less easily confused with Tor's use of "exit node".
In a tailscale setup, an "exit node" has specific meaning and the term makes sense as far as I'm concerned:
https://tailscale.com/kb/1103/exit-nodes/
No mention of how much they live trust and privacy or how they’re going to make your experience more delightful.
Why would someone want a VPN? There are a bunch, but here are some examples:
1) You want to connect to one of your machines at home while you’re at a coffee shop, or on vacation. Maybe so you can check security cameras, I dunno.
2) You’re on vacation outside of your home country, and you would like to watch a video stream that is blocked in the country you’re vacationing in. I experienced this in the Bahamas — If I recall, I was wanting to watch a UFC fight, but the UFC app refused to stream to the Bahamas (it was this and/or other Disney/Hulu whatever services refusing to play in the Bahamas). By routing traffic through your ISP back home: problem solved. (This what “exit node” is referring to — a computer through which internet traffic flows on your behalf)
3) You want to play a game with a friend that only supports multiplayer play on the same network, but your friend isn’t physically there with you in the same house. So just put the two of you on the same virtual network and now you can play together.
[1] In some cases this is not possible and there are relays setup to help route traffic. What's in the traffic is opaque to these nodes. You can also choose to use your own nodes. If you are interested here is a great post on how this works: https://tailscale.com/blog/how-nat-traversal-works/
Some VPN vendors bypass that by reselling access to residential IPs (witting or unwitting on the side of the person paying for the ISP service), but even that is hit and miss.
> Why should get another piece of hardware
Many people already have an Apple TV or Android TV streaming box.
It's important to point out here that, in addition to this, the free plan also lets you send invite links to specific devices, which other people can add on their own accounts. That way, nobody has to go for the (quite expensive and obviously company-focused) free plan, you can share your device with as many friends as you like, and you're not sharing anything else beyond that single device.
The Apple TV serves as a local gateway relaying all the commands to your local IoT devices.
On a side note, tailscale is lovely. I have nothing but good things to say about them.
(Yes, you can technically use an iPad as a hub if you are on the old Home architecture)
Apple killed Back to My Mac, which sounded a lot like Tailscale exit nodes: https://datatracker.ietf.org/doc/html/rfc6281
They do call this out towards the end.
Traveling without the Apple TV and the exit-node can be your Apple TV.
> With a Tailscale exit node, you’re in control and you get the internet connection you’re used to. This new feature could come in handy if you’re traveling with your Apple TV and want to access the same geo-restricted channels you can see from home.
I can now, move Tailscale off that server, and put it on my Apple TV to use as my network for my DNS server when I am away from the house.
It's also a way to proxy your connections through a device at home, of course. Whether the Apple TV is the client or the exit node.
Tailscale isn't particularly useful for acquiring the pirated media in the first place, of course.
I'm going to play around with this later in the week.
I'm a free-tier personal user, and a little too cheap to give a for-profit corp money when I don't need to just because "I REALLY like the product". If I use headscale does that just cause a headache for the team, or is it good because it reduces traffic to prod?
I'm to cheap to pay when I don't need to, but its such a great product (esp for free) that I'd gladly change how I use the product to be less expensive or problematic.
Also, is it in theory possible to use WebRTC to negotiate Wireguard connections and not use any control plane?
https://github.com/tailscale/libtailscale
> Also, is it in theory possible to use WebRTC to negotiate Wireguard connections and not use any control plane?
you can write code to do whatever you want I guess, but that's nothing to do with tailscale
i recently read this with mulvad too and feel stupid that I don't intuitively understand how it works, and what it does and why it's needed.
WireGuard is an outstanding mechanism for building secure virtual private networks.
You can run WireGuard on a bunch of different machines (or virtual machines) spread all over the world and give them the ability to talk to each other as if they were on the same LAN, with every packet fully encrypted.
TailScale has productized this. They wrote software for a bunch of platforms that makes it trivial to connect those machines to your "tailnet" - effectively a WireGuard network which their software manages for you.
They tie this to SSO - so you can install their software on your phone and your home server, sign them both in using Google SSO or similar, and now they're able to talk to each other on a secure virtual network.
I suggest trying the TailScale setup process to really understand how good it is.
Seems like Tailscale is a very souped up VPN, though. You can add more nodes to the network easily, and even have multiple gateways to the Internet.
You're conflating two concepts.
An "oldschool" VPN connection (using e.g. IPSec) is something that allows your computer to remotely "join" a real, physical LAN. It's basically equivalent to running PPP over IP: your computer "dials up" a daemon running on a server somewhere; that daemon accepts a stream of raw packets from your computer's network stack; and then that daemon dumps those packets out through one of the server's NICs onto a local network segment — where those packets are then handled by the switch they run into as if your computer was directly plugged into that switch. So your computer can acquire an IP address for its VPN "bridge" interface via DHCP from the switch; can talk to other devices on that private network through the switch; can talk to the Internet via NAT through that switch; etc.
Tailscale, meanwhile, creates a software-defined virtual LAN on top of p2p mesh networking of the nodes. There's no actual network segment anywhere that your packets are being dumped out onto; the "switch" handling your packets is a shared distributed abstract-machine that's partly running on your Tailscale client, and partly running on the other nodes' Tailscale clients. That virtual LAN doesn't have a routing table + NAT on it to translate packets into Internet-bound packets. Nor does the LAN have the ability to host L2 services like DHCP. It's just a functional L3 simulation of an L1 network segment, not a faithful emulation of an L1 network segment.
Tailscale on its own is a mesh network that allows your devices to communicate (in a VPN, technically, yes) between themselves.
If you have an exit node, then you can route your traffic to that exit node in the way most people think of a VPN.
It also has Mullvad integration, providing Mullvad servers as exit nodes.
If you use an exit node, then its functionally equivalent to a VPN with fancy features.
https://tailscale.com/kb/1151/what-is-tailscale/
https://tailscale.com/blog/how-tailscale-works/
Set the DNS server on your phone to a Pi running AdGuard Home and block all ads and trackers when on 5G, not just in the browser.
Travel abroad with your laptop and designate your computer at home as an exit node and now all the traffic on your laptop looks like it is coming from that country.
Those are just the use cases I am using personally.
It doesn't matter if I'm at home or anywhere else, if I have internet then that just works. I don't have to open a port on my router, configure DNS, or anything like that, I just install and run Tailscale.
Tailscale makes this really easy, and fast.
For the average, non-technical user, Apple TV as an exit node for other device while traveling is super cool.
But for someone who is out of the country for a duration, it's also super handy. Netflix knows all the popular VPN providers and ban hammers them on a regular basis. But being able to use my Apple TV to watch my normal Netflix (or whomever) from any other country... because they think I'm at home? Super win.
Unfortunately I can’t ping any hosts through it or make any connections. This is in contrast to my other exit node, which is a docker container running tailscaled with user networking. It continues to work just fine.
Any ideas?
Thanks.
https://github.com/aaomidi/ContainerScale
I've already been using it in a very similar way on a Chromecast (the one running Android TV), which made me use my Apple TV less and less, to the point where I actually unplugged it. This might just be its ticket back to an HDMI port :)
Would you need to reconfigure plex to use the tailscale ip addresses and then the Apple TX Plex app will stream over that address?
I would assume with this announcement, you can keep Plex private to your Tailnet and an AppleTV also on the Tailnet could use it without any port fowarding.
1. https://forums.plex.tv/t/remote-access-using-tailscale-magic...
Ah. Now I get it.
Its got a long standing request to add split tunnelling [0] (a standard feature on pretty much every VPN client you'll come across). But it seems in the spirit of re-inventing existing networking technologies, Tailscale also decided to re-invent what a VPN client does.
This alone makes me give this otherwise wonderful project a pass despite all the deservingly good press it gets.
[0] https://github.com/tailscale/tailscale/issues/6912
An AppleTV with an app like Infuse will flawlessly play back 4K HDR or Dolby Vision videos client side (no transcoding) as well as 7.1 lossless TrueHD audio. Unfortunately it wont do TrueHD Atmos.
LG TVs get slower and more ad- laden with each update.
Oh look all of those family Netflix devices are in one home again!