How Tailscale+Rustdesk Makes Remote Access Simple and Truly Private

Added: 2026-05-05

[00:00:00]How do you access your home devices from another location? This is actually quite a complex problem that the average user doesn't understand how to solve. Do this wrong and you've exposed your home network to security attacks. Do it the old-fashioned enterprise way and you'll be breaking the bank with new hardware.

[00:00:19]But what if I told you you can do all this for free with a MeshVPN and to end encrypted and I'll even show you how to access your desktop like you're at home very easily. This new method is made possible by tail scale and this is such a gamecher and really makes the idea of private network such a simple thing to accomplish. Now if you're running a home lab you can have complete access to everything remotely. If you have security cameras, you can monitor them without having to connect to some host server of your security cam provider or having them keep recordings. You can access your backups from any location, even while traveling. What I'm going to teach you today will eliminate security risk and even privacy risk. If you're giving yourself remote access via port forwarding on your router, stop that unsafe practice. Now, I'll explain the mechanics of the Tailscale MeshVPN so you're not blindsided with undisclosed behaviors. And then I'll introduce you to a platform independent way to access your desktop using something called Rustesk. Ready for new discovery? Stay right there.

[00:01:40]In the home setting, the common way to enable remote access is to enable port forwarding. Let's say you want remote desktop access to a Windows computer at home. You go to your router settings and enable port forwarding and then you open the port 3389.

[00:01:57]Or if you have a Linux computer at home and you want access, the port for SSH is port 22. Or if you have a security camera using RTSP, the vendor will tell you to do port forwarding via port 554.

[00:02:13]These are such dangerous moves. Don't ever ever ever do this. It would be a simple matter for hackers to scan for these ports on the open internet. And this is how there are published sites showing live cameras of people's homes everywhere. In an enterprise setting, if you're working from home and need access to a corporate network, normally they'll give you a username and password and you install software like Sonic Wall. And then this connects you to a Sonic Wall appliance that gives you access to the enterprise network. Sonic Wall is a VPN and security device. You definitely don't need this. And frankly, this is limited too because for personal use, it is one way. Let's say it's the other way around. You're at home and you need to access a security camera at your vacation home. Sonic Wall is a centralized VPN. It's not useful for the distributed use where you can be anywhere and need to access devices from different places. It's time to dump these old technologies and they really don't fit a home user or small business owner. And these technologies add a security risk.

[00:03:25]Dellscale MeshVPN.

[00:03:28]The concept of a meshVPN is that after you set it up, you are always connected to all your devices that are on the mesh with an IP address that looks like this.

[00:03:40]100.x.x.x.

[00:03:43]As long as you have some form of internet connection on all your devices, they automatically connect to the mesh.

[00:03:49]The way this works is actually on each device. When you reboot each device, it will connect to the internet as usual.

[00:03:55]Then the tail scale server application will run and then announce itself with the IP address to your mesh. This part is controlled by a tail scale server which acts as a router. So this router server is just resolving the IP address for the mesh. Because the connection established by each device is outgoing and there are rarely any firewall stopping outgoing traffic on your local network. Then the tail scale server process is often able to punch through your network restrictions and connect to the tail scale router. In most cases, you actually establish a peer-to-peer connection between the two tail scale connected machines. In more complex cases, like a situation where you're running a VPN router in between or situations where the UDP protocol is blocked, then you connect to tail scale servers called Derp DEP. These servers then act as a relay and forward traffic to each device. In 90% of scenarios like a typical home setup, you will not be using a derp relay and this is all automatic. You don't need to get involved with this level.

[00:05:08]Tail scale is end to end encrypted. The idea of a relay potentially involved in traffic management can be scary for the security-minded. So I'll tell you that there is no real risk. All devices connect to each other using WireGuardVPN. This is again all installed by Tailscale. So you don't have to understand the fine points. What this means is that all the traffic is end to end encrypted as that is what a VPN provides. While this is a VPN, do not confuse this with a VPN like BiceVPN that you use to access the open internet as that is different. This is a VPN for your own private network. The VPN portion here provides the encryption layer. So even when the traffic is relayed, the relaying servers are only handling encrypted traffic. So none of your data will ever leak out.

[00:06:01]Tailscale login drawback.

[00:06:05]From a privacy perspective, the main drawback to using Tailscale is that it has no credential processing whatsoever.

[00:06:12]Instead, the credentials are provided by thirdparty platforms. This simplifies it for tailscale as no credential can ever be hacked from it and those third party platforms are Google, Microsoft, Apple, GitHub or a credential provider like open ID. This bothered me enough that I looked for some alternative way to run Tailscale. You can if you have the tech expertise set up your own cloud server and then install the self-hosted project called Headscale. I tried this and I have to tell you it was so problematic and buggy and I couldn't get it to work even with AI assistance. So I had to re-examine the risks of tail scale.

[00:06:55]Remember that this is used to control your own devices. There is no external monitor to see your traffic since as I said they are encrypted. In my case I use an existing GitHub account login as my tail scale credential and for me it was the lesser of all evils. It's low risk, but I'm at least being open with you that this may be a concern for some of you if you want truly invisible traffic. In any case, after using Tailscale itself, it was ludicrously simple to use and I connected a variety of devices. I had Ubuntu devices, Pop OS, Ubuntu servers, Zoran, Proxmox, Windows, and Android. I even connected to an AWS server. For the most part, the only time you have to use the credential provider like GitHub in my case was during the initial setup. So I don't want to overstate this.

[00:07:50]Tail scale is free.

[00:07:53]Tails scale is free at least for the use I'm teaching you about today. Tails scale is a new company and started up during the co period and this quickly grew to a company with a valuation of over 1 billion today. So, the question is, how do they make money if it's free?

[00:08:11]And what do you get with free? Well, it's pretty amazing actually. A single user can connect up to 100 separate computers into your local mesh. That's per mesh. And you can share devices via link to two more additional users. You could even go more complex than this and connect to multiple meshes managed by separate credentials. But seriously, 100 devices is enough for even a small business to manage a ton of machines, even externally. So, a tech professional could provide services to a client that has up to 99 computers, all connected to tailscale with the one computer reserved for the tech. Or alternatively, a site could invite a tech to access a computer by sharing a tail scale link.

[00:08:57]The limitation on the personal plan is that a single person manages the entire tail scale with his credentials and that's where free ends. In a corporate scenario, if you want multiple people to manage the mesh with their own credentials, then you have to advance to the premium tier, which starts at $6 a month per user and up to $18 per user per month for enterprise use. That's where they make the money. So this is not limited to just personal use though that is what I'm teaching you today.

[00:09:34]How to install tail scale.

[00:09:37]As I said installing tail scale is super easy. Just go to tailscale.com.

[00:09:42]Sign up for free using a credential provider and then you will install the software on each device. On Linux, I just cut and paste this simple command in terminal.

[00:09:59]After you run it and it completes, you will be told to run pseudo tail scale up. And this fires up the tail scale server and it will give you a link. Then run the link on your browser and it will give you the dialogue to connect the machine. If the machine is remote and you're connecting it via SSH, then you can run the link on your current machine. Obviously, you can't access a remote browser if you're using SSH, but that doesn't matter where you run it, which is cool. On Windows, you go to tailscale.com and log in first. Then it provides the tail scale download and then you get the dialogue to connect the server to the network. On Android, I installed a tail scale app and logged in and then I was able to directly access my servers. For example, I was able to use a Synology NAS server without using the open internet. Then when you have many devices connected, you can see all of them on tailscale.com with all the IP addresses assigned and these IP addresses remain fixed. So regardless of where you are, these computers appear to be on your local LAN with the IP address 100.x.x.x.

[00:11:18]Accessing a desktop via Rustes.

[00:11:22]If you're a Linux user, you can use existing tools like SSH or FileZilla to get direct access to your files or control each device. But what if you want to actually control the desktop as if you're in front of the machine? For Windows users, you already know how to use remote desktop or Team Viewer.

[00:11:39]However, this is not such a smooth solution when you have non-windows devices. The solution that works with all platforms and is pretty seamless is called Rust Desk. I've actually connected Linux to Windows, Windows to Linux, Linux to Linux, all accessed at the desktop level and for all intents and purposes, it behaves like a remote desktop and it's pretty snappy at 1080p.

[00:12:04]First, you go to rustes.com, then download the software for your particular operating system. There's an MSI for Windows, for example. For iuntu, there's a deb file. We'll assume here that you're already running on tail scale for simplicity. So it'll be like connecting to a local machine. On Windows, install by clicking on the MSI and follow the prompts. On Ubuntu, install the dev file by opening it using App Center. After installation, run the Rust Desk app on all the machines. And what's simple here is that the app is the same for both server and client.

[00:12:39]Both are always active. After installing on each machine, tap the three dots next to your machine ID and go to security.

[00:12:48]Then click on unlock security settings.

[00:12:50]You may have to enter your pseudo password on Linux. This enables access to security settings. This is important.

[00:12:57]Scroll down to enter permanent password and enter a password. Then scroll down further to enable direct IP access and it will show a port number which you just leave alone. That's it. From here on, just write down the machine ID and your global password and you connect to that desktop at any time. The direction of who access client and who's the server is up to you. For ease of use, you can look at your device connections on Rust desk and rename it so you can recognize the machine without having to remember the ID. Super simple and safe.

[00:13:35]When used this way, there's no relay server. It's direct peer-to-peer and you're operating solely inside your MeshVPN.

[00:13:44]Next level use for more advanced users. I will take you to the next level. I'm running some servers using Proxmox and I also have cloud servers running on AWS and other data centers. Using tail scale, you can actually close all ports coming into the server using the normal access tools like SSH at port 22 or webmin at 10,000 or proxmox at 8,06. Everything appears as a LAN. So basically, it simplifies the security setup especially if you're running many virtual machines in a rack server. By using tail scale, you act like you're in a data center itself. I would still maybe open up SSH access in the cloud to a single emergency IP address in case of emergency, but that's all you would need. Everything else will be handled through tails scale. This now elevates tails scale to a nice security tool. I have the ability to access 100 devices per mesh network and that is way more than sufficient to maintain servers either in my home lab at AWS or at a collocation data center. For my collocation machines, I'm typically running Proxmox. And in this case, I don't even need anything else since Proxmox already has a built-in web UI.

[00:15:06]So, while I'm teaching you this as a tool for personal use, it is actually much more sophisticated than that. But we're still in the free tier here.

[00:15:16]A long sought after solution.

[00:15:20]This combo solution of tail scale plus the occasional rust desk is an amazing new solution. Whether I need to access a rack server or my home local AI server or my home security camera, I'm always on. There's nothing to set up. The mesh is always active. I don't have to manually switch it on. If the machines are on, they will be on tail scale. This was such a difficult problem to solve in the past and required risky approaches like port forwarding. Now the solution is simplified. I'm actually surprised that many more people aren't aware of this. I'm glad I'm able to spread the word.

[00:15:59]Folks, this tech channel is a little different because I focus on privacy solutions so that we have control over the tech instead of someone controlling us. I have a social media platform called Braxme where many users are able to discuss privacy issues in an identity safe environment and critically analyze tech solutions from beginner to advanced levels. Join us there and be part of the community and maybe share your knowledge as well.

[00:16:27]To support this channel, we have a store on Braxme where you can gain access to privacy products we have created ourselves. We have Braxmail for identity safe email. We have Brax virtual phone for anonymous phone numbers. We have BitesVPN to guard your IP address and obscure your location. We have other products like the Google phones and flashing services. We have two crowdfunding projects on indiegogo.com.

[00:16:56]You may have heard of the Bra 3 phone which is shipping its second batch now.

[00:17:01]This is all found at a different website which is bratech.net which is a sister organization to mine and you will also discover the new BRA openslate tablet running Android or Linux also on [music] bratech.net.

[00:17:17]Again these products are being sold on indiegogo.com.

[00:17:22]Thank you very much to all those supporting us on Patreon locals and YouTube memberships. Your contributions are very encouraging. You are appreciated. See you next time.