Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
tda 6 hours ago

I just set this up the other day, and I got my ping to drop from 16 to 10ms, and my bandwidth tripled, when connecting from a remote natted site to a matter desktop my house. Together with Moonlight/Sunshine I can now play Windows games on my Linux desktop from my MacBook, with 50mbps/10ms streaming. So far so good!

Not a single port forwarded, I just set my router up as peer node.

nickburns 5 hours ago | parent | next [-]

Neat use case. But in fairness, you've simply 'offloaded' NAT traversal/port forwarding to automagic helper protocols over which you have no control even if you wanted it.

flowstraume 33 minutes ago | parent | prev | next [-]

I'm confused. I wanted to do this too with an OpenWRT router, but I was under the impression I still had to open a 40000 port so my NAT devices can see it. Wouldn't it still be on the exposed public Internet?

FrenchTouch42 4 hours ago | parent | prev | next [-]

May want to give Apollo a try: https://github.com/ClassicOldSong/Apollo (re Sunshine)

stavros an hour ago | parent [-]

Why?

tietjens an hour ago | parent [-]

It handles virtual displays better in case you want your pc screen to be off while streaming. There might be other reasons.

stavros an hour ago | parent [-]

Oh nice, virtual displays is a feature I've been wanting, thanks!

jak6jak 3 hours ago | parent | prev | next [-]

That seems really exciting! If you wanted to share game streaming to a general public would they have to install tailscale on their device/login? How does that work? Am I right in assuming that tailscale is built mostly for sharing resources with people you trust instead of the general public?

6 hours ago | parent | prev | next [-]
[deleted]
arjie 6 hours ago | parent | prev | next [-]

What hardware do you use on the networking side?

tda 4 hours ago | parent [-]

Nothing special, an edgerouter that allows installing tailscale

arjie 29 minutes ago | parent [-]

Ah, perfect. The Mikrotiks weren't as straightforward earlier but maybe it's easier now. Glad to know it works on EdgeOS. Did you just use this? https://github.com/jamesog/tailscale-edgeos

aborsy 6 hours ago | parent | prev [-]

There are several ports open (you dont open them, Tailscale does), including for peer relay. Some are vpn ports, but the ports for relay servers are not for VPN so my guess is that the software that listens to those ports is a lot less secure (compared to Wireguard or OpenVPN).

tda 4 hours ago | parent [-]

Yes my router has open ports, but it does not do any port forwarding. So I can 'directly' connect any device behind my router without my router needing to know any specifics of which device that is. And I don't need to do any port forwarding of anything on my network and thus expose them to the whole internet; I just expose them to the users of my tailscale network (only me)

toomuchtodo 4 hours ago | parent [-]

Does your router not support UPNP for dynamic port punching?

bityard 3 hours ago | parent [-]

UPnP allows literally any random piece of software inside your network to open and forward arbitrary ports on your firewall. Bad idea!

gzread 34 minutes ago | parent | next [-]

Why are you running software that randomly opens firewall ports?

toomuchtodo 3 hours ago | parent | prev [-]

Within my risk appetite on trusted network segments. I have bigger issues if malware is operational within the trust boundary, it can do what it needs using outbound connections just fine (recon, lateral movement, etc). Your risk appetite might differ.