Behind a router and firewall, computers, servers and media players talk to each other without worrying about hackers and other Internet pests.

Outside; at the airport, in the café or on the train, it's very different. It's tricky to safely open up a router to access a server or connect to a computer from the outside.

Not any more. Say hello to Tailscale.  Building on Wireguard included in Linux 5.6, the team behind Tailscale has created something extraordinary: seamless GAN Global Area Networking across firewalls and routers.
All without the hassle of configuring firewalls, fiddling with port forwarding, rigging an external VPN server and digging through thousands of lines of log files. No hacking. No configuration files.

It just works on Mac, Windows, Linus and Android; SSH, webserver, ftp, Remote Desktop, SCP Secure Copy, SSHFS, all of the above and then some. And it runs like clockwork - no bandwidth limits or anything like that.

How this works technically is serious black magic. The technology is called NAT Traversal with ICE Interactive Connectivity Establishment and it is sorcery.

Install the client and authenticate to Tailscale's Coordination Server. Your client sends your public key, you get information about other computers on the network and access to their public keys. Now you have a personal global network - point-to-point over encrypted Wireguard tunnels through firewalls and routers. It's indescribably good.

What can you do now? Well, why not connect to a computer over x2go to share desktops, files, applications, printers and audio.

Secure the cloud server with Tailscale by restricting SSH to Tailscale's network interface. With a simple instruction to the firewall, sudo ufw allow in on tailscale0 to any port 22 and it was done. Tailscale has written a slightly more detailed guide on how to do this.

All without a single to edit a single configuration file or any changes to the firewall or router. Just great.