Tailscale & Jellyfin
from SiriusCybernetics@lemmy.ca to jellyfin@lemmy.ml on 04 Oct 2023 12:52
https://lemmy.ca/post/6589325
from SiriusCybernetics@lemmy.ca to jellyfin@lemmy.ml on 04 Oct 2023 12:52
https://lemmy.ca/post/6589325
Has anyone tried Tailscale to connect to Jellyfin?
I am not very knowledgeable about networking. I found I can connect to my Jellyfin server if I set under Networking “Allow remote connections” and in the remote IP address filter I put the remote IP that Tailscale assigns to my iPhone.
Is this how it’s supposed to work? I didn’t expect to have to use Remote Access Settings. I thought the point of Tailscale is to make it like you are on a local network.
threaded - newest
When you install Tailscale on a device, that device is now a part of a virtual private network, and gets its own IP, usually starting with 100.*
So if you usually access your Jellyfin instance 192.168.0.1:8096, and you install Tailscale on your server and a client device, check which IP Tailscale assigned your server and replace 192.168.0.1 with that IP. Make sure to keep the port in the url (the thing after the colon. Jellyfin’s default webui port is 8096).
The main benefit here is not having to open a port. You can still access the port that Jellyfin’s webui is behind without exposing it to the internet.
Thanks for the explanation. That part is clear, and I can access the server/Mac computer from my iPhone using the 100.x IP address. But if I’m on cellular I need to have Remote Access Settings enabled in order to connect.
Edit: Actually on Wifi too on the same local network I need remote access enabled if I’m using the 100.x IP addresses. Using the usual IP pre-Tailscale I don’t need remote access on wifi.
I have put
In Networking > Server address settings > LAN networks
No idea if this is correct/secure/best practice but it works
Note the description of this setting:
Also while I have your attention, set your Tailscale network to use Quad9 (9.9.9.9) as the global dns server. This will somewhat limit the amount of snooping your ISP can do into your internet activity.
tailscale.com/kb/1054/dns/
Or you can run PiHole in a docker container, put its IP into Tailscale and completely get rid of all ads as long as you’re connected to Tailscale!
I have Networking > Server address settings > LAN networks blank/default. That sounds like a feature that allows you to specify things as local (maybe that allows for higher bit rate streaming while away or something). I haven’t looked into this at all. For me when I’m away from home lower bandwidth is probably better.
I use tailscale and it connects as if I’m on the local network. I use the work profile on my phone to isolate Jellyfin and tailscale so I don’t have to drop off my main VPN when I’m not home.
When I turn Tailscale on my iPhone disconnects from AdGuard DNS/VPN. Could I avoid this by using a profile like you described?
I’m not familiar with the work profile on iOS, but on Android, the work profile runs on a separate network. This allows one to have two VPNs running at a time. One for non-work profile and others in the work profile.
Reading on how iOS work, I don’t think they separate the network layer. It’s just a storage container and they limit what apps can interact within the work container.
The only option for you would be to provide an exit node on your network that’s behind the VPN you want. I think… if you want to use tailscale.