March 31, 2026

Mesh or mess?

Article URL →HN comments →

I Traced My Traffic Through a Home Tailscale Exit Node

He routed all his web through home—genius move or just a fancy VPN

TLDR: A tinkerer routed all web traffic through home using Tailscale, making it act like a VPN so sites see the home address. Comments split: some praise Tailscale’s easy setup and cheeky Wi‑Fi bypass tricks, others insist plain WireGuard is faster, simpler, and avoids trusting a private company.

One nerd rerouted all his internet through a tiny box at home using Tailscale—and the comments immediately lit up. The post explains that turning on an “exit node” makes your device send all web traffic through home, like a VPN (a private tunnel), so coffee shop Wi‑Fi sees nothing but encrypted chatter and websites think you’re coming from your house. Cue the brawl: the DIY crowd yells “just use WireGuard,” while others cheer Tailscale’s easy setup.

The sharpest elbows came from purists asking if Tailscale is anything more than a fancy wrapper over WireGuard. One user demanded speed numbers, worried the home tunnel could slow everything down. Another dropped a spicy office hack: if you connect before joining a locked‑down guest Wi‑Fi, Tailscale stays up and slips past blocks that kill OpenVPN—cue the “stealth Wi‑Fi ninja” memes. Meanwhile, a feel‑good subplot stole hearts: a commenter says the free remote‑help app RustDesk works “no server needed” when both sides have Tailscale, making family tech support way less painful.

So is this magic or marketing? Fans love the convenience—identity login, automatic device discovery, no port‑forward headaches. Skeptics distrust a private company layer and swear raw WireGuard forever. Either way, the home‑IP cosplay is strong, and the drama even stronger.

Key Points

  • A home Tailscale exit node was deployed on a small LXC container running on Proxmox to route internet traffic through the home network.
  • Traceroute to github.com showed the home ISP hop, confirming that internet traffic egresses via the exit node’s public IP.
  • With an exit node, Tailscale operates in full-tunnel mode for internet traffic; without it, only tailnet traffic is tunneled.
  • Tailscale uses WireGuard for the data plane and adds a control plane for identity/SSO, peer discovery, NAT traversal, route distribution, MagicDNS, and fast revocation.
  • Exit nodes advertise 0.0.0.0/0 and ::/0 to the control plane; eligible clients select them, and if direct connectivity fails, DERP provides encrypted relay fallback.

Hottest takes

"is Tailscale actually providing any values to this use case beyond what you get from a raw Wiregaurd exit node" — mightyham
"If your device is connected to your tailnet before joining a given WiFi, it will stay connected afterward" — devilbunny
"I haven't used it because I use witeguard the traditional way" — comrade1234

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.