Show HN: TailGuard – Bridge your WireGuard router into Tailscale via a container

Summary

TailGuard A simple Docker container app which allows connecting existing WireGuard servers to the Tailscale network, in case the device running WireGuard is locked in and/or does not support Tailscale binaries. The network topology will look roughly like this: +---------+ | device1 |\ +---------+ \ VPS +---------+ \ +---------+ +-----------+ +-----------+ | device2 |----| tailnet |----| TailGuard |<---->| WireGuard | +---------+ / +---------+ +-----------+ +-----------+ +---------+ / | device3 |/ +---------+ As usual, the tailnet is virtual and in reality connections are point-to-point, but all connections to WireGuard are tunneled through the TailGuard server with a fixed and persistent connection. As long as you have access to a server as close to the WireGuard server as possible (ideally with a minimal ping), for example a VPS, you can connect any WireGuard device to your tailnet. Benefits Why would you want to do this? For most use cases it may be easier to connect your device with WireGuard directly, but there are a couple of benefits with this bridged approach: the WireGuard tunnel private key is stored only on a single machine, making the key management less work if you have a new device, you can simply log in to your tailnet with SSO, without having to transfer keys it's easier to switch between exit nodes in your tailnet, without having to reconnect to different VPNs you can have access to both your tailnet and WireGuard concurrently on your mobile device, which doesn't support multiple VPNs you can connect your home network to your tailnet using your router, which only supports WireGuard but not Tailscale Installation The simplest way to start TailGuard is to simply download a WireGuard client config and save it as wg0.conf . After that you can create an IPv6 network (optional, but recommended) and start the container: docker network create --ipv6 ip6net docker run -it \ -v ./wg0.conf:/etc/wireguard/wg0.conf -v ./state:/tailguard/state \ --cap-add NET_ADMI...