Neat use case. But in fairness, you've simply 'offloaded' NAT traversal/port forwarding to automagic helper protocols over which you have no control even if you wanted it.
replyMay want to give Apollo a try: https://github.com/ClassicOldSong/Apollo (re Sunshine)
replyWhy?
replyIt handles virtual displays better in case you want your pc screen to be off while streaming. There might be other reasons.
replyOh nice, virtual displays is a feature I've been wanting, thanks!
replyAgreed with OP. It's very handy. I made the switch after trying to tinker with running third party utilities to do this and running into issues. I found Apollo and it all just worked. Now I can stream in 4K HDR to my living room TV (which is not even what my physical PC display is). It's compatible with all the regular clients too which is nice.
replyI'm confused.
I wanted to do this too with an OpenWRT router, but I was under the impression I still had to open a 40000 port so my NAT devices can see it. Wouldn't it still be on the exposed public Internet?
replyThat seems really exciting! If you wanted to share game streaming to a general public would they have to install tailscale on their device/login? How does that work? Am I right in assuming that tailscale is built mostly for sharing resources with people you trust instead of the general public?
replydeleted
replyWhat hardware do you use on the networking side?
replyNothing special, an edgerouter that allows installing tailscale
replyAh, perfect. The Mikrotiks weren't as straightforward earlier but maybe it's easier now. Glad to know it works on EdgeOS. Did you just use this? https://github.com/jamesog/tailscale-edgeos
replyThere are several ports open (you dont open them, Tailscale does), including for peer relay. Some are vpn ports, but the ports for relay servers are not for VPN so my guess is that the software that listens to those ports is a lot less secure (compared to Wireguard or OpenVPN).
replyYes my router has open ports, but it does not do any port forwarding. So I can 'directly' connect any device behind my router without my router needing to know any specifics of which device that is. And I don't need to do any port forwarding of anything on my network and thus expose them to the whole internet; I just expose them to the users of my tailscale network (only me)
replyDoes your router not support UPNP for dynamic port punching?
replyUPnP allows literally any random piece of software inside your network to open and forward arbitrary ports on your firewall. Bad idea!
replyWhy are you running software that randomly opens firewall ports?
replydeleted
replyWithin my risk appetite on trusted network segments. I have bigger issues if malware is operational within the trust boundary, it can do what it needs using outbound connections just fine (recon, lateral movement, etc). Your risk appetite might differ.
reply