Remix.run Logo
Panda4 4 hours ago

Is there any side effects of leaving the phone connected to Tailscale VPN all day?

ctippett a few seconds ago | parent | next [-]

I have a static route configured on my home's gateway that enables any device on my network to access Tailscale. I have Tailscale turned on my on my iPhone pretty much all the time anyway, but even if I didn't I'd still be able to access services I have hosted that are only accessible on my tailnet.

cevn an hour ago | parent | prev | next [-]

I remember having problems using tailscale vpn 24/7 and pihole on my home network with the phone pointed at the 192.168 address for DNS. Pages would take 5s to resolve and start loading.

Unfortunately, Pihole was less important than Tailscale and I have to put up with mobile ads.

Grombobulous 2 hours ago | parent | prev | next [-]

If you are okay with internet exposure on some level, Cloudflare Tunnel is a really fantastic product:

https://developers.cloudflare.com/tunnel/

It’s obviously not a magical security layer that eliminates all issues related to public Internet exposure, but in my opinion it is good enough for the average home user.

1una an hour ago | parent [-]

Note that Cloudflare Tunnel blocks requests above 100MiB, which makes it impossible to upload long videos. This is being addressed in https://github.com/immich-app/immich/pull/22385

Grombobulous an hour ago | parent [-]

Oh good callout, I had only tried it for not-giant-upload services.

dawnerd an hour ago | parent | prev | next [-]

I leave my phone connected 24/7 and don’t notice any downsides. Only have to disable it on some networks when traveling to make awful captive portals work.

KomoD 3 hours ago | parent | prev | next [-]

Could impact battery usage, possibly?

But the way I do access Immich externally is not with Tailscale directly on my phone but involves exposing a caddy instance, running on a $1 VPS, to the internet.

If requests include a specific very long header (which I randomly made up), it then forwards those requests to my real Immich instance, which runs on my NAS. Headers can be configured within the mobile app. It has worked really well for me so far.

rmunn an hour ago | parent [-]

Here's some data. Well, technically anecdata, I suppose.

My phone has been powered on but inactive all night; I charged it to 80% before going to bed, then unplugged it and left it where I can reach it from my bed, as is my habit. (I'm in an Asian timezone, in case you hadn't guessed, so it's morning for me while it's evening in America right now). Its battery is now at 73%. The Android battery report says 6% battery usage from Kindle (makes sense, I started reading a book when I woke up), 0.7% from Signal (haven't sent any messages yet today but have received a few), and 0.3% from Tailscale.

So when you're not using the Tailscale network actively, you'll hardly notice the battery drain.

kpozin 3 hours ago | parent | prev | next [-]

If Tailscale is on, I can't concurrently run a DNS-blocking local VPN, so I see ads in mobile Chrome.

philips 3 hours ago | parent | next [-]

I use nextdns with tailscale.

https://tailscale.com/docs/integrations/nextdns

ls612 an hour ago | parent | prev | next [-]

Put a Pihole container on your homelab which you have the Tailscale exit node on and then set it as the forced Tailnet DNS.

anon7000 3 hours ago | parent | prev [-]

Could host it in the tailnet?

dawnerd an hour ago | parent [-]

You can but it’s a lot slower.

ls612 4 hours ago | parent | prev [-]

No lots of people including myself do this for homelab access purposes it just works (tm).