From every remote development session feeling like gambling, to now just opening your computer and it works—the only difference is P2P.

I wonder how many people have had the same experience when starting remote development: staring at the screen, feeling like you're not working but waiting—waiting for SSH to connect, waiting for VPN to stabilize, waiting for files to transfer... until your mind goes blank and you even forget what you were about to do.

This article won't pile on too many technical details, but it won't completely avoid them either. You need to understand some concepts a bit to see why Tailscale feels like a real relief to me, not just 'another networking tool'.

How I Managed Before

My previous remote development setup was roughly like this: the server at home, and I connect to it from outside via SSH using my laptop to handle work. Sounds normal, right? In theory, yes.

But the reality is that whether SSH can connect and how fast it connects depends entirely on whether the server has a stable public IP and whether the public bandwidth is sufficient.

Public IP: if you're using a residential broadband plan, it's basically a game of luck—you might have it today and lose it tomorrow, and some ISPs won't give you a public IP at all.

To solve this, I had to do an extra layer of port forwarding, forcibly "exposing" the machine on the home intranet to the public internet, and then I could connect from outside. Does this method work? Yes. Is it easy to use? No.

The entire connection path is: my laptop outside goes to the public network, then passes through the home router from the public network, and finally reaches the server. Every hop has latency, every hop can go wrong. When the home broadband acts up or the IP is reclaimed, you can only stare at the slowly blinking cursor on the screen and ponder life.

The worst thing isn't the slowness, but the helplessness of "I don't know which part is malfunctioning." Is it my home network? Is the ISP pulling some trick? Or did the server crash? No one tells you; you can only check each component one by one, and usually after you finish, the problem resolves itself and you never know why.

Once, I spent 40 minutes debugging why SSH wouldn't connect, and finally found that the SSH port on the server had crashed, making it impossible to connect. There's no early warning for such things, no way to detect them externally; you can only wait.

What Problem Does P2P Actually Solve?

Before talking about Tailscale, I want to first explain the concept of P2P, because it's the core of Tailscale and the most fundamental difference from traditional VPN.

Traditional VPN works essentially as "centralized forwarding." All traffic must first be sent to a central server, which then forwards it to the target machine. This central server is the choke point of the entire network and the performance bottleneck. Your data packet travels from your computer to the central server, then back to the target server—the physical path may go across half the city or even farther. (Imagine: you live in Beijing and want to say something to a friend three kilometers away, but you have to call the switchboard in Shanghai first, and let the switchboard relay it.)

The P2P approach is completely different. Its goal is to let two machines directly "see" each other and communicate point-to-point, without going through any intermediate server. Traffic only travels between the two endpoints, not an extra step.

The benefits are very direct:

First is latency. Latency is closely related to the physical distance the data packets travel. Under P2P, the data packet takes the shortest path—if you and the target machine are in the same building, the packet really just goes around in that building, maybe just a few milliseconds. In traditional VPN, the same two machines, the packet goes out and comes back, easily doubling or tripling the latency.

Second is stability. Traditional VPN has a single point of failure—once the central server goes down, everyone's connections fail together. In a P2P network, each pair of connections is independent; one node failing does not affect communication between other nodes.

Third, and I think the most important point—you no longer need a public IP to act as a "target." In traditional solutions, you have to expose a machine to the public internet to access it from outside. P2P's connection establishment is different: both machines first connect to a coordination server (only to greet and exchange connection information), then use NAT traversal technology to directly establish a connection channel between the two machines. After the coordination server completes its mission, it drops out, and the actual data traffic takes the direct path. (This process is a bit like two people who don't know each other's phone numbers, but through a common friend they exchange numbers, and then they call each other directly—the friend no longer needs to be involved.)

Actually, there is no real "center." So-called protocols, servers, gateways are just illusions people create for a sense of security. Since all souls are connected in The Wired, there should be no distance between two machines.

It's not that I am connecting to you; we were never separated in the first place.

— Present Day, Present Time. AHAHAHA!!

What Is Tailscale and Why This One

Tailscale is a networking tool based on WireGuard. WireGuard is a next-generation VPN protocol that has become famous in recent years for its simple code, strong encryption, and good performance. (Its codebase is about one-fifth the size of OpenVPN, but not because of shortcuts—it's simply more focused and modern in design.)

But WireGuard itself is just a protocol, and configuring it has a learning curve. You need to manually manage keys, configure routes, and handle various situations. What Tailscale does is wrap all those hassles and give you an out-of-the-box experience: install the client, log in with your account, and devices automatically join your private network domain.

That's it. Nothing you need to configure manually.

Even better, Tailscale's free tier is quite generous to individual users—it supports up to 100 devices. (That's enough for all the devices I could ever buy in my lifetime...)

Subnet Routing: Connect One, Access a Whole Range

Just being able to connect to the main machine at home is not enough. Often, you have other things on the LAN: NAS, printer, internal servers, router admin pages... These devices themselves won't install the Tailscale client, but you want to access them from outside.

Tailscale has a feature called Subnet Router, specifically designed for this.

Simply put, enable the Subnet Router feature on the machine at home that has Tailscale installed, and it "broadcasts" the local network segment (e.g., 192.168.1.0/24). Then you can directly access any device on the home LAN via Tailscale, as if you were at home.

How Big Is the Experience Gap?

Some people might think, isn't this just another VPN tool? How big a difference can it be? But after using it, you'll understand—it feels much more reliable. It's not that the network speed increased much, but the connection becomes stable and predictable. With P2P direct connection, latency is basically fixed at a low level, no longer fluctuating with the public network conditions. No need to gamble on today's network.

This change is subtle, but subtle things sometimes have the greatest impact. Remote development is easily interrupted by small frictions—waiting, reconnecting, troubleshooting... Each one consumes attention. Eliminating them may not make you develop faster, but it makes things smoother, which is different.

How Simple Is the Configuration?

For networking tools, you might think: sounds good, but configuration must be a hassle, right?

To be honest, it's much, much simpler than I expected. The whole process is roughly like this:

Go to the Tailscale official website to register an account, then install the client on every machine that needs to be networked—Windows, macOS, Linux, iOS, Android all have native clients (complaint: the Windows client is really ugly), and Linux can also install directly via script. After installation, log in with the same account, and devices automatically appear in your "network."

Subnet Router configuration requires one extra step. Select a machine on the LAN, enable the Subnet Router feature, then approve it in the Tailscale admin panel. Done. You can then access the entire home LAN from outside.

No keys to manually configure, no port forwarding to set up, no VPN server to maintain. Otherwise, why wouldn't we just use OpenVPN?

It's Not a Silver Bullet, But It Solves the Core Problem

Tailscale is not without limitations. P2P direct connection relies on NAT traversal, which may not work smoothly in some network environments (e.g., double NAT, carrier-grade NAT, or enterprise firewalls). In such cases, Tailscale automatically falls back to relay mode, forwarding traffic through its DERP servers. The latency at that point is much higher than direct connection—very, very high, with large fluctuations, almost unusable.

Also, Tailscale's coordination servers are hosted overseas. If your network environment is complex, the initial connection establishment may take some time. (Of course, if you're really not comfortable, Tailscale also has an open-source self-hosted solution called Headscale, which lets you set up your own coordination server, but that's beyond the scope of this article.)

But these are edge cases. Under most home broadband and regular corporate networks, Tailscale's P2P connections can be established smoothly, with fairly stable latency.

Final Ramblings

I'm not someone who likes tinkering with tools. I prefer tools that sit quietly, do their job, and don't bother me. Tailscale is one of the few tools I've used that truly does that.

The biggest hidden cost of remote development is not slow network speed, but uncertainty. You never know whether today's network will be good or bad; you always have to factor in "what if I can't connect." Tailscale's real value is that it greatly reduces this uncertainty.

If you're still using the traditional SSH + VPN solution, or if you think remote connections are supposed to be this troublesome—give Tailscale a try. It won't take much time.

Then you might have the same strange feeling as me: Wow, so remote development can be like this—how did I survive all those years before? (It's like finally replacing a bad mattress, then looking back at the old one and wondering how you ever managed to sleep on it.)