Today we’re expanding the list of devices that can run Tailscale, bringing secure remote networking to the Apple TV. The newly released tvOS 17 offers support for VPNs, and we’re proud to say Tailscale is among the first to use this new feature. You can now add your Apple TV directly to your tailnet, unlocking three powerful new use cases that we’re excited to share.
If you run a media server that isn’t publicly exposed, it lets you jump in to browse stuff w/o needing to forward additional ports.
Another use is if you want to bring the device with you on vacation. You can VPN back home and have your traffic exit out of your house which may be useful for streaming services that require traffic be “in the same household”.
I think that’s only if they detect that you’re connected to an IP address that they recognize as part of a commercial VPN service, since i’m sure they have a list.
I use netflix when connected to tailscale VPN on both my phone and apple tv and it works fine, since the exit node that netflix is receiving my connection from isn’t a commercial VPN IP
The bulk of the traffic between two Tailscale nodes is direct between the nodes. They mainly use the Tailscale servers to help them find each other (NAT hole punching) and establish a connection.
You’re kidding! I thought all the traffic went through tailscale. So it’s basically just establishing the connection, then I’m only limited by upload/download speed of the NAS and the client?
Man, that’s great news. Though I may have some extra set up to do because I tried once with a decent internet connection and couldn’t get plex working over tailscale.
Plex has issues with VPNs unfortunately. It wants you to go through them whenever you connect to your server, and this means it needs to know where your server IP/domain is. But if you have situations where the IP/domain changes, like a VPN, it can get confused.
It’s one of the reasons that made me give up Plex back in the day. (Holding your accounts hostage was the other one.)
Jellyfin or Emby, yeah. But it’s more of an artificial limitation for Plex so it’s worth checking that they haven’t fixed it by any chance since the last time I tried.
The way these apps work is that the mobile app scans the local network for the server. That works when you’re connected on WiFi at home but typically not when you’re connecting over VPN, because a VPN isn’t usually configured with broadcast. So the app for all three (Plex/Jellyfin/Emby) will discover the server just fine on WiFi but choke on VPN. To work around this, the mobile app [should] allow you to also enter the server address manually. Plex used to have this too but removed it at some point, so now it only relies on autodetect. 🤷
So now the only way it can work on Plex is if you keep the same server address/name when you’re on WiFi and when you’re on VPN, let the app detect it once on WiFi, then it “just works” on VPN too… but that can be problematic if the address/name is different on VPN, which is 90% of cases.
Between Emby and Jellyfin it’s a toss-up, the main reason I’m using Jellyfin (I used to use Plex and Emby too) is because it’s 100% free. Emby switched essential features like transcoding behind paywall at some point, and Plex locked pretty much everything useful behind paid Plex pass and you have to login to their website every time, so you can’t use it if your external internet connection drops even if your local network is fine.
It’s going to depend on the devices involved, but I get about 600 megabit or so between two computers over tailscale on my network (really, wireguard). That’s what, 10 HD video streams? Of course, it’s going to depend on device cpu capability and network bandwidth.
On your own network? I’m not sure the reason to use tailscale between computers on the same network, nor if that’s really relevant to the discussion. If tailscale was capable of 600mbps from outside the network then that would be another story
That 600mbps is the throughput of the encryption on those devices. It’s no different crossing networks, but the speed will be limited by the network speed. The benefit of a p2p vpn is that you don’t need to shut it off when you join the same network. The devices remain accessible at the same ip whether they are on the same network, or if one is somewhere else. The overhead is negligible and you gain the security isolation that would normally require subnets and a firewall.
In the end, yes, I can stream HD video just fine from another network. For most people, the limitation will be their home ISP’s uplink speed.
If you run a media server that isn’t publicly exposed, it lets you jump in to browse stuff w/o needing to forward additional ports.
Another use is if you want to bring the device with you on vacation. You can VPN back home and have your traffic exit out of your house which may be useful for streaming services that require traffic be “in the same household”.
Have we figured out if this solves the Netflix password sharing limitation yet?
I haven’t tried it. AFAIK Netflix won’t work on iOS if you have a VPN active so I don’t have high hopes for Netflix.
I think that’s only if they detect that you’re connected to an IP address that they recognize as part of a commercial VPN service, since i’m sure they have a list.
I use netflix when connected to tailscale VPN on both my phone and apple tv and it works fine, since the exit node that netflix is receiving my connection from isn’t a commercial VPN IP
I’m surprised any VPN would be strong enough for streaming video of anything other than potato quality
The bulk of the traffic between two Tailscale nodes is direct between the nodes. They mainly use the Tailscale servers to help them find each other (NAT hole punching) and establish a connection.
You’re kidding! I thought all the traffic went through tailscale. So it’s basically just establishing the connection, then I’m only limited by upload/download speed of the NAS and the client?
Usually yes! There will be some minor overhead from both nodes keeping in touch with the Tailscale command server but mostly they talk to each other.
Read this though to see if there’s a case where direct connection might not be possible: https://tailscale.com/kb/1181/firewalls/
Man, that’s great news. Though I may have some extra set up to do because I tried once with a decent internet connection and couldn’t get plex working over tailscale.
Plex has issues with VPNs unfortunately. It wants you to go through them whenever you connect to your server, and this means it needs to know where your server IP/domain is. But if you have situations where the IP/domain changes, like a VPN, it can get confused.
It’s one of the reasons that made me give up Plex back in the day. (Holding your accounts hostage was the other one.)
oh wow, thanks for that insight. So jellyfin in this use case would be superior?
Jellyfin or Emby, yeah. But it’s more of an artificial limitation for Plex so it’s worth checking that they haven’t fixed it by any chance since the last time I tried.
The way these apps work is that the mobile app scans the local network for the server. That works when you’re connected on WiFi at home but typically not when you’re connecting over VPN, because a VPN isn’t usually configured with broadcast. So the app for all three (Plex/Jellyfin/Emby) will discover the server just fine on WiFi but choke on VPN. To work around this, the mobile app [should] allow you to also enter the server address manually. Plex used to have this too but removed it at some point, so now it only relies on autodetect. 🤷
So now the only way it can work on Plex is if you keep the same server address/name when you’re on WiFi and when you’re on VPN, let the app detect it once on WiFi, then it “just works” on VPN too… but that can be problematic if the address/name is different on VPN, which is 90% of cases.
Between Emby and Jellyfin it’s a toss-up, the main reason I’m using Jellyfin (I used to use Plex and Emby too) is because it’s 100% free. Emby switched essential features like transcoding behind paywall at some point, and Plex locked pretty much everything useful behind paid Plex pass and you have to login to their website every time, so you can’t use it if your external internet connection drops even if your local network is fine.
Here’s an in-depth comparison of all three: https://github.com/Protektor-Desura/Archon/wiki/Compare-Media-Servers
It’s going to depend on the devices involved, but I get about 600 megabit or so between two computers over tailscale on my network (really, wireguard). That’s what, 10 HD video streams? Of course, it’s going to depend on device cpu capability and network bandwidth.
On your own network? I’m not sure the reason to use tailscale between computers on the same network, nor if that’s really relevant to the discussion. If tailscale was capable of 600mbps from outside the network then that would be another story
That 600mbps is the throughput of the encryption on those devices. It’s no different crossing networks, but the speed will be limited by the network speed. The benefit of a p2p vpn is that you don’t need to shut it off when you join the same network. The devices remain accessible at the same ip whether they are on the same network, or if one is somewhere else. The overhead is negligible and you gain the security isolation that would normally require subnets and a firewall.
In the end, yes, I can stream HD video just fine from another network. For most people, the limitation will be their home ISP’s uplink speed.