Tailscale: Free Mesh VPN For Your AI Workloads

You can run Claude Code on your laptop. Great. Now you want it on your desktop too. Now you want a dedicated always-on box where Chrome automations can run twenty four hours a day without taking over your main machine. Now you want a VPS in a datacenter for the headless stuff that does not need a screen. All of a sudden you have four or five machines, each one running pieces of your work, and they need to act like one system.

The traditional way of stitching machines together over the internet is a nightmare. VPN servers on your router, port forwarding rules, dynamic DNS, hoping your internet provider does not block inbound connections, praying nothing changes when your modem reboots, and exposing services to the open internet that really have no business being there. I never really bothered with any of that. It always looked like more pain than it was worth, and I figured I would just live without remote access until something better came along.

Then my friend Billy Sticker told me about something called Tailscale, and the better answer turned out to already exist.

What Tailscale Is

Tailscale is a mesh VPN. That sounds complicated but the idea is simple. You install a small app on every device you own. Each device signs in to your account. From that moment on, all your devices see each other as if they were sitting on the same wifi network at home, even if they are spread across the country.

Phone on cellular. Laptop on hotel wifi. Desk workstation on home Ethernet. VPS in some far-away datacenter. They all peer with each other directly, end-to-end encrypted, no traffic flowing through some central server. The technical name for what is happening is NAT punch-through, but you do not need to care about that. You just need to know that it works, it is fast, and it is invisible.

And here is the kicker. It is completely free for personal use up to 100 devices, not a trial, not a freemium ladder where the good stuff is locked behind a paywall. The personal plan covers almost any home setup you can dream up.

My Setup: Five Devices, One Mesh

Here is what my own Tailscale network looks like.

Five devices. The phone goes everywhere with me. The MacBook Pro is my main travel laptop. The Studio is my desk workstation. The Remote Mac is a dedicated always-on box where I park browser automations and Chrome extensions that need to run around the clock without competing for resources on my main machine. The VPS is a Linux server in a datacenter for headless work.

Without Tailscale, getting any of these machines to talk to each other across the public internet would be a small project. With Tailscale, every machine has a stable name and IP that works from anywhere, and any machine can SSH into any other machine the same way I would on my home wifi. That is the whole game.

How To Set It Up

The install takes about ten minutes start to finish. Here is the short version.

Step one. Sign up for a free Tailscale account at tailscale.com. There is nothing to enter except your email or a Google login.

Step two. On every device you want on the mesh, install Tailscale. On macOS, get the app from their website directly, not from Homebrew. Trust me on this, the Homebrew package does not work properly on a Mac because the daemon needs root permissions that Homebrew cannot give it. The official app from the website includes a system extension that handles all of that correctly. On Linux, follow their install guide for your distro. On iOS or Android, it is a normal app store install.

Step three. Sign in to your account on each device. That is it. Within a few seconds the device shows up in your Tailscale dashboard and is reachable from every other device on your network.

Step four, and this is the one that matters more than it sounds. Use Tailscale's MagicDNS hostnames in your SSH config instead of local network IP addresses. If your SSH config points to something like 192.168.1.220, that only works at home. If you change it to use the Tailscale hostname for that machine, the same alias works whether you are at home or sitting somewhere else in the world.

That is the whole setup. After that, every machine on your account behaves like it is on the same wifi network you are on right now.

Stress Test It Before You Need It

Here is the part I learned the hard way. The only way to know your remote access actually works is to actually use it from a remote network. Otherwise you are just hoping.

You do not have to leave the house to do this. Turn off the wifi on your laptop, connect it to your phone hotspot instead, and try to SSH into every one of your other machines. If they all answer, you are good. If any of them time out, you have a problem to fix now, while you are sitting in front of your modem, not later when you are actually on the road and the stakes are higher.

When I did this the first time, I found a bunch of stuff broken that I had no idea about. So here are the gotchas to look for.

A machine might be logged out of Tailscale and you would not know. Tailscale gives you no notification when a device signs out of your account. The system extension can be running, the app can be open, and it can still be quietly disconnected. Check every machine, especially the always-on ones, and make sure each one is actually signed in. This was the failure that bit me hardest. My always-on box had been logged out for a full week and there was no warning.

A machine might be asleep when you need it. On macOS, run pmset to disable system sleep on any box you want reachable around the clock. The setting you want is sudo pmset -a sleep 0 disksleep 0. Display sleep is fine, that just turns the monitor off. System sleep is what kills the network connection and makes the machine unreachable.

Stale duplicate nodes from past re-auths. Every time a device logs out and back in, Tailscale can register it as a brand new device with a numbered suffix instead of reusing the original entry. Over time this leaves phantom nodes cluttering your dashboard. Fix it by setting an explicit hostname on the device with tailscale set --hostname=somename so future re-auths claim the same identity instead of spawning duplicates. Then clean up the stale entries in your Tailscale admin.

Two Tailscale installs fighting each other. I mentioned this above but it bears repeating. On a Mac, only ever use the app from tailscale.com. If you also have the Homebrew version installed, it will sit in the background crash looping forever and clogging up your launchd logs while doing nothing useful. Uninstall it.

SSH configs that only point to LAN IPs. If your SSH aliases use 192.168.something addresses, they will only work at home. Either replace them with Tailscale MagicDNS hostnames or add a second set of aliases (I keep both, with names like studio for LAN and studio-ts for Tailscale, so I can pick the fastest route depending on where I am).

A failsafe for waking the box you actually want to reach. If your main workstation does fall asleep for some reason, you will not be able to wake it with Tailscale alone. Wake-on-LAN packets only work on the local network, not over the internet. So drop a tiny wake-on-LAN script on your always-on box. Then if your main machine ever sleeps, you can SSH into the always-on box through Tailscale, run the script, and the always-on box will send the magic packet over the local network to wake your main machine. Belt and suspenders.

Run the hotspot test once a month or so. It catches things while they are still cheap to fix.

Why This Matters More Every Year

Here is the thing. Five years ago, my own setup was one laptop, one desktop, maybe a NAS. They were all on the same wifi network at home and I shared files between them when I needed to. There was no need for a mesh VPN because there was nothing to mesh.

The story is different now. AI has changed what you do across multiple machines. You want Claude Code running on your main laptop, your desktop, AND a server. You want browser automations running on a dedicated machine so they do not interfere with your daily work. You want headless Chrome on a VPS for scraping or scheduled jobs. You want voice agents that pick up calls twenty four hours a day. All of these are real workloads that benefit from being spread across machines.

The minute your work stops fitting on one device, you need a way for those devices to reach each other and for you to reach all of them. Tailscale solves that the cleanest. And again, on the personal plan, it is free.

I am not predicting the future here. I am telling you what is already happening on my own setup. Five devices, one network, $0 a month.

Where Claude Code Fits In

I run Claude Code across my whole mesh. The reason that works is that Tailscale gives me one network and Claude Code can SSH into every machine in parallel. That combination is quietly powerful. I describe what I want, Claude figures out which machine the work belongs on, SSHes in, and does it. Sometimes that means editing a file on my laptop. Sometimes it means deploying code to the VPS. Sometimes it means kicking off a browser automation on the always-on box. All from one conversation.

That is the deterministic pattern in action. Claude handles the judgment, the network handles the reach. If you take away either one, the whole thing falls apart. Tailscale is the quiet half of that pairing.

Try These Prompts In Claude Code

Once Tailscale is set up and your SSH aliases work from anywhere, here are a few prompts I actually use across my mesh. Drop any of them into a Claude Code session and tweak the machine names for your own setup.

Health check the whole mesh:

SSH into every machine in my SSH config, check whether Tailscale is signed in, check uptime, check disk space, and give me a one-line summary for each machine.

Set up the wake-on-LAN failsafe I described above:

Write a small Python script that sends a wake-on-LAN magic packet to my desk workstation. SSH into my always-on box, drop the script in /usr/local/bin, make it executable, then test that I can run it remotely from this laptop.

Pull the latest code on every machine in parallel:

SSH into each of my machines in parallel, run git pull on every repo under ~/apps, and report any that have uncommitted changes or merge conflicts.

Run the hotspot stress test from the article:

SSH into each Tailscale hostname in my SSH config, run hostname and uptime, and report which ones answered and which timed out. Anything that times out is a problem to fix before I leave the house.

The point of these is to give you a starting shape. Once you get used to thinking about your machines as one mesh instead of as separate boxes, the prompts you write get more interesting. "Check the logs on the VPS for errors in the last hour." "Restart the browser automation on the Remote Mac if it has stalled." "Pull fresh data from the database on the VPS and run an analysis on my laptop." All one network, one conversation.

Want to try Claude Code? Get started here

What To Do Right Now

If you have more than one machine and you are doing anything serious with AI on them, set up Tailscale today. It is free for personal use, it takes about ten minutes, and it removes the entire "how do I reach my other machines" problem from your life.

Then, before you actually need it, run the hotspot stress test. Hotspot your laptop off your phone, try every SSH alias you have, fix anything that times out. Better to find the broken pieces while you are sitting at your desk than to discover them when you are stuck somewhere with nothing but a hotspot and a closing window of work time.

Need help getting any of this set up? Create a ticket today

See Also

• Claude Code, the AI coding agent that ties the mesh together by being able to SSH into every machine in parallel
• The Deterministic Pattern, why splitting AI work into deterministic and non-deterministic layers makes everything more reliable