How can I hide behind a 3rd party VPN service so that I can mask my ip address from other nodes in my Tailscale? The use case is to mask my phone’s IP address as I move from (WiFi) network to network.
I assume you’re trying to hide your public IP address so that other devices on your tailnet won’t be able to track your phone’s general location?
As far as I can tell, there’s no easy way to get the endpoint IP (the public IP of the node) from another node.
They might be able to get it if a relay isn’t used, and they use Wireshark or a similar tool to trace and look at the packets for tailscale (wireguard)
The only way they can see it is if they have access to the Tailscale admin portal and check from there.
Just a quick question…
Why do you want to hide your IP from other nodes? You a spy or sumthing?
Your tailscale ip addresses are internal addresses, I can’t think of a reason you’d want to hide them from other nodes.
You tailscale IP doesn’t change when you change wifi networks.
Like the other commenter has asked, can you elaborate on what you’re trying to do?
Your question isn’t really clear.
Can you elaborate a bit?
Tailscale doesn’t really work that way. It’s primary use is to punch past NAT and CG-NAT to form a virtual network of it’s own. Trying to run it over a vpn will solve nothing. You can’t hide from the other nodes on your account.
From whom or what are you trying to hide?
Your question makes very little sense. TailScale is a VPN and it encrypts all of your traffic as long as you’re using an appropriate exit node, regardless of your device’s IP address. Meaning nobody knows what traffic is going to and from your device, only that traffic is moving.
That’s right. I’m trying to hide my public IP address. If I set my router as a tailscale node and am constantly connected to tailscale, my ISP will know the public ip address associated with the connection and hence would be able to track my location.
Technically, yes.
But that would require effort from them to know you’re using Tailscale, and also actively log your connections to determine where you were at certain times.
That’s a lot of effort to track you specifically.
So, if you really worry about them tracking you, why are you using them as an ISP in the first place? If you dont trust them this much
Unless you’re doing illegal shit, or you’re a person of interest for a govt agency or corporate entity that wants to get you, you are worring too much.
So, if you really, really want to hide your activity from your ISP:
Get a VPS somewhere overseas and setup tailscale on it
Setup WireGuard server on it, and connect your phone to that wireguard vpn when you’re out touching grass
Setup routing for Wireguard network to your Tailscale network on the VPS