*Please note I am a total novice so pls excuse any lack of understanding/knowledge.
Scenario:
I am using Synology NAS as a home server to allow family members to use mobile apps (Synology Drive and Synology Photos).
Currently this is set up via Quickconnect, but i wanted to transition away to using Tailscale (i can’t set up portforwarding/ DDNS so cant use openvpn.)
So I’ve managed to connect the Synology NAS and my phone onto the same Tailscale network.
Ive configured subnet router mode so that I am able to use the local IP address on my Mobile apps rather than the tailscale IP addresses.
This allows the apps to be connected when on the home wifi (without Tailscale connected) and also when not at home via the tailscale network. This works flawlessly for the apps on my phone which is connected to same tailscale network as the Synology NAS
For other family users Ive got them signed up for their own Tailscale networks and shared the Synology NAS as a machine to their networks.
For the mobile apps on my families phones if I use the tailscale IP address to connect the apps to the Synology this works when they are connected to Tailscale only (obviously). But this means that they cannot use these apps when connected directly to the home Wi-Fi (without having Tailscale connected) which is not ideal.
If i use the local IP address (as I can do on my phone) on the mobile apps they will not connect via tailscale.
Does anyone have a suggestion as to how I can have the following scenario for mobile apps for my family:
When at home connect to the Synology nas on the home wifi
When not connected to home wifi be able to connect to the Synology just by switching on the tailscale app.
Is there a reason not to use Tailscale when on the home network? Having to turn it on and off is a bit awkward (though I’d do the same on a mobile) but tailscale will work just as well on the home network as a public network. There’s obviously some overhead using tailscale but you’d still get most of the extra speed when at home.
To answer your actual question, I don’t think you can share subnets across accounts at the moment so putting all the devices in your own Tailscale network would be the only way to do that.
Having to leave tailscale connected all the time is not an ideal solution for my use case scenario.
99.9% of the time the apps (used by the family) will be used on a home network and the tailscale option is only there as a occasional solution when the apps may need to be connected outside of the home network
So it seems counter intuitive to leave tailscale connected all the time for the 0.1% chance that it will actually be needed - this if for my particular scenario, obviously if it the percentages were different then this would be a suitable option (thank you for your suggestion in any case )
Your second option is actually what I’ve already decided to do with some specific caveats:
-Add my familys phones onto my TS network using Google login
this causes the my google account to be logged in on family phone
once TS is up and running on their phones delete my Google account from their phone - this will prevent them having access to my google account (drive, photos, mail etc)
i have decided then to disable key expiry (not particularly necessary as could repeat the steps above once the key expired)
This seems to do the trick and works as I wanted it to.
Do you forsee any risks in having this set up…?
I was worried that one mobile phone would be able to access details from another within the same TS network… but cant seems to be able to do this
You can control cross-machine access with the ACL extremely well, but even if you leave the default access anything rule then it’s only going to be the same as two phones on the same local network. Nothing additional to worry about if they’re all on the same WiFi 90% of the time anyway.
I don’t think you’ll have any trouble with that setup as a home - just remember to delete the device from the network in the control panel when lost/breaks/sold/replaced. Unless you give the device away without resetting it, that’s only really to keep the list tidy anyway.
)