Lots of people already have Apple TVs and the Tailscale integration is pretty good and can serve as an always online exit node. So no new hardware required. Could even remotely walk a non-techie through the process without too much effort.

personally, I've just upgraded my family's wifi to Ubiquiti and can then use Tailscale Wireguard running on the gateway as a proxy! (with their permission)

I don’t work in technology, so my knowledge base is almost certainly in the bottom 10% (or lower) of HN readers. I can install Linux, or a BSD, and following guides I can be reasonably certain that I am doing so safely, which puts me comfortably in the top 10% of all users out there.

It’s not what I’m comfortable setting up for myself that is the issue; I am willing to put up with oddities for something that is just for my convenience and amusement. The problem is what I am knowledgeable enough to fix from far away if and when it goes wrong, and how to explain to my very non-technical family how to access it.

I have a NAS, and I could roll my own with that (in fact it’s my exit node at home, because I’m fairly sure it has better encryption speed than the AppleTV), but when something I’m in charge of maintaining goes in someone else’s house, the last thing I want to spend my spare time doing is trying to diagnose and fix issues over the phone with people who don’t own a computer.

It’s not the perfect solution to every situation. It is reliant on Tailscale and Apple, and there are cheaper, more capable systems (like the RPi) out there if you have the knowledge and inclination to set them up. But it’s a very, very straightforward solution that is unobtrusive and easy to maintain and thus is extremely well-suited for my needs. I thought it might be for OP as well. Anyone who is willing to shell out €360 a year for a truly residential-IP VPN should at least be made aware that it’s an option.

> Wireguard and remove Apple and Tailscale from the equation entirely

I agree you could send them a preconfigured pi, but can we stop pretending talescale is just wireguard - there is a lot of convenience in the NAT traversal that you otherwise need router config and/or a publically routable server to achieve.

Check out the instructions from Tailscale: https://tailscale.com/kb/1280/appletv

Doesn’t have to be an apple box either. A raspberry pi is what I’m using. I’m in the exact same situation, living in one country temporarily but citizen of another, and I have an exit point in my home country at my parents place on a raspberry pi. Basically any computer will work.