Tailscale user:
hello, you all have created a very cool product. I want to deploy it company wide, but I can not because I can not figure out how to expose the internet at a particular node so the Apple device I am using has access to the mesh server network AND secure internet from our public facing server. Apple iOS products (practically speaking) really only allow connection to one VPN at a time.

For now, the best I can do is use it personally to securely connect to my home server without exposing ports.

Tailscale support:
It’s possible to route all of your traffic through Tailscale node (and out to the internet). What you do is advertise 0.0.0.0/0 from the exit node. Then, all other devices running Tailscale will use the 0.0.0.0/0 device as their default route. There are a couple of limitations at present: no IPv6 support and, for Windows, you need to use an unstable build…but it should work for iOS.
Let us know how it goes!