Summarizer

Tailscale VPN Security

← Back to Claude Code On-the-Go

Users largely praise Tailscale for its ability to simplify secure remote development, frequently leveraging it to link mobile devices to home hardware or cloud VMs for flexible, AI-driven coding sessions. The consensus highlights how the service effectively functions as a robust firewall, often negating the need for complex port forwarding or traditional security tools like fail2ban while maintaining a seamless connection across diverse devices. However, the discussion also surfaces critical concerns regarding the security of forwarded SSH keys and the potential for lockout if a session expires or the service fails. Ultimately, while participants view these setups as transformative for personal projects and "vibecoding," many acknowledge that strict corporate security policies typically prohibit such remote access for professional, large-scale codebases.

13 comments tagged with this topic

View on HN · Topics
This is a pretty sophisticated setup. I particularly like how it uses Tailscale. I've been using the simpler but not as flexible alternative: I'm running Claude Code for web (Anthropic's version of Codex Cloud) via the Claude iPhone app, with an environment I created called "Everything" which allows all network access. (This is moderately unsafe if you're working with private source code or environment variables containing API keys and other secrets, but most of my stuff is either open source or personal such that I don't care if the source code leaks.) Anthropic run multiple ~21GB VMs for me on-demand to handle sessions that I start via the app. They don't charge anything extra for VM time which is nice. I frequently have 2-3 separate Claude Code for web sessions running at once, often prompted from my phone, some of them started while I'm out walking the dog. Works really well!
View on HN · Topics
I don't like claude code web due to its lack of planning mode. I found the result is often lackluster compare to claude code cli. My current setup: Tailscale + Terminus(ipad) + home machine(code base) Need to look into how to work on multiple features at the same time next.
View on HN · Topics
Same here, I’m vibecoding a toy project where I never looked at the code from my phone, but I always seat for work. I’m using happy app and that’s good enough for now, I have the desktop in tailscale but I access it that way just for testing
View on HN · Topics
You also don't need fail2ban, if the entire VM is behind a firewall that only allows the tailscale coordination traffic, nothing is going to reach the VM for fail2ban to work on.
View on HN · Topics
Hah, I set up basically the same thing on Saturday during a long car ride. Couple of differences: I’m an opencode user and I used a different VPS provider (though I use vultr for other things). It was my first time actually sitting down and using tailscale, which was quite easy to get going. Did everything from my phone, didn’t even have my laptop with me.
View on HN · Topics
I have a feeling most of these folks are talking about personal projects or work on relatively small products. I have a good amount of personal projects that I haven’t written a line of code for. After bootstrapping an MVP, I can almost entirely drive by having Claude pick up GitHub issues. They’re small codebases though. My day job is mostly a gigantic codebases that seem to still choke the best models. Also there’s zero way I’d be allowed to tailscale to my work computer from my phone.
View on HN · Topics
This is interesting. Particularly the notifications flow. I run a simpler setup with webssh on my iPhone over WG back to my LAN and manage Claude that way. It’s fine, and can handle disconnects (with some big cons). I can run code-server via browser on my iPad and can get all the same benefits mosh provides. One thing to note: the VM seems like an absolute waste of money. If you are using tailscale, might as well connect back to bare metal VMs you can run at home. Save yourself some coin.
View on HN · Topics
I've been running a variation of this for the past 3 weeks. I swapped out the default pi agent back to Claude Code because I didn't like the smaller feature set. Bought a phone line and communicate with my agent via iMessage on a clamshelled mac. A Tailscale network connect the head agent to all the computers on my network including my laptop, a few raspberry pi's, steam deck, and all the IoT devices in my house. As I discover new uses, I ask it to make skills and it is remarkable what it's been able to handle all through the single chat interface because it has 24/7 access to all my computers' file systems and my home network. It's been really fun to see how far I can take it, and the skills framework built into CC/Codex now make it feel infinitely extensible.
View on HN · Topics
I'm almost there. I also have tailclscale/SSH/Claude sessions on a VM. The thing I'm missing is a phone that makes it comfy. I could just SSH feom my standard S23, but what I've got my eye on is one of those foldable things. Has anyone used one like a laptop? Keyboard on the bottom half, terminal on the top? Does it work decently?
View on HN · Topics
What happens when your tailscale session expires? Or if tailscale dies. How do you log back in to fix it?
View on HN · Topics
I do the same, but with ConnectBot and Gemini CLI. I have found ssh sufficiently good (mosh required some port forwarding dance, that Tailscale may have solved for the author).
View on HN · Topics
“ Worst case: Claude does something unexpected on a disposable VM.” .. with a valid SSH key unless I’m reading it wrong?
View on HN · Topics
I think the SSH key that has push permissions is SSH-forwarded. It is quite a sophisticated setup (in both a good and a bad sense).