WireGuard is an outstanding mechanism for building secure virtual private networks.
You can run WireGuard on a bunch of different machines (or virtual machines) spread all over the world and give them the ability to talk to each other as if they were on the same LAN, with every packet fully encrypted.
TailScale has productized this. They wrote software for a bunch of platforms that makes it trivial to connect those machines to your "tailnet" - effectively a WireGuard network which their software manages for you.
They tie this to SSO - so you can install their software on your phone and your home server, sign them both in using Google SSO or similar, and now they're able to talk to each other on a secure virtual network.
I suggest trying the TailScale setup process to really understand how good it is.
Its utility is as an "overlay network", but using traditional VPN technology. Yes, it is a virtual network, and it's private, but it's not intended to be used to exit to the internet in a controlled manner, as VPNs are often advertised as.
Well, the original purpose of a VPN was more as a private LAN (as Tailscale seems to advertise itself as) than as a way to exit to the Internet somewhere else. And it does both still.
Seems like Tailscale is a very souped up VPN, though. You can add more nodes to the network easily, and even have multiple gateways to the Internet.
> Well, the original purpose of a VPN was more as a private LAN
You're conflating two concepts.
An "oldschool" VPN connection (using e.g. IPSec) is something that allows your computer to remotely "join" a real, physical LAN. It's basically equivalent to running PPP over IP: your computer "dials up" a daemon running on a server somewhere; that daemon accepts a stream of raw packets from your computer's network stack; and then that daemon dumps those packets out through one of the server's NICs onto a local network segment — where those packets are then handled by the switch they run into as if your computer was directly plugged into that switch. So your computer can acquire an IP address for its VPN "bridge" interface via DHCP from the switch; can talk to other devices on that private network through the switch; can talk to the Internet via NAT through that switch; etc.
Tailscale, meanwhile, creates a software-defined virtual LAN on top of p2p mesh networking of the nodes. There's no actual network segment anywhere that your packets are being dumped out onto; the "switch" handling your packets is a shared distributed abstract-machine that's partly running on your Tailscale client, and partly running on the other nodes' Tailscale clients. That virtual LAN doesn't have a routing table + NAT on it to translate packets into Internet-bound packets. Nor does the LAN have the ability to host L2 services like DHCP. It's just a functional L3 simulation of an L1 network segment, not a faithful emulation of an L1 network segment.
You have a home server, could be home assistant, a Raspberry Pi, your desktop computer. Access that server and all services on your phone or laptop from anywhere without figuring out ports and worrying about your server being pwned. It all looks like local traffic.
Set the DNS server on your phone to a Pi running AdGuard Home and block all ads and trackers when on 5G, not just in the browser.
Travel abroad with your laptop and designate your computer at home as an exit node and now all the traffic on your laptop looks like it is coming from that country.
Those are just the use cases I am using personally.
It connects all of your computers and devices in a way that feels magical. For example, if I have a Plex server named myplex on port 80 at home, and if I want to access it from my laptop, I just go to http://myplex.
It doesn't matter if I'm at home or anywhere else, if I have internet then that just works. I don't have to open a port on my router, configure DNS, or anything like that, I just install and run Tailscale.
i recently read this with mulvad too and feel stupid that I don't intuitively understand how it works, and what it does and why it's needed.