DEV Community

Jaga
Jaga

Posted on

Reach your home Mac from anywhere with Tailscale (so Claude Code can come with you)

#claude #networking #productivity #tutorial

If you've started running Claude Code or any other AI coding agent on a Mac at home, you've probably already had this thought: "I should be able to talk to that machine from my phone." Then you tried to actually do it, and you ran into router config, dynamic DNS, port forwarding, and somewhere around the third firewall rule you closed the tab and went back to coding at your desk like a normal person.

The good news is you don't have to do any of that anymore. Tailscale makes "reach my home Mac from anywhere" a ten-minute setup with no network knowledge required, and the free Personal plan covers everything an individual developer needs. This post is the version of that setup I wish I'd had when I started.

What Tailscale actually is (without the marketing)

Tailscale is a mesh VPN built on WireGuard. The shortest possible explanation: install the same app on each of your devices, sign in with the same account, and they can all talk to each other directly over an encrypted connection, no matter what network they're on.

Two things make this different from "regular" VPNs:

  1. Same IP, anywhere. Each device gets a private IP in the 100.x.y.z range that never changes. Your home Mac's Tailscale IP at the cafe is the same as its Tailscale IP from your desk. You stop caring what network you're on.
  2. Direct device-to-device traffic. Your iPad doesn't route data through Tailscale's servers. Tailscale just helps the two devices find each other and hand-shake; the actual traffic goes peer-to-peer over WireGuard. It's fast and the company can't see your data.

A useful mental model: Tailscale is the matchmaker, not the post office. It introduces your devices to each other and then steps out of the room.

Why WireGuard matters

The encryption layer is WireGuard, a relatively new VPN protocol that's "small, fast, and modern." Compared to OpenVPN or IPsec, WireGuard is a few thousand lines of code instead of a few hundred thousand, which means dramatically fewer places for bugs and exploits to hide. You don't have to think about it — Tailscale just uses it under the hood — but it's the reason the connection is both fast and trustworthy.

Pricing

Plan Cost Devices Users
Personal Free Up to 100 Up to 3
Starter $5/user/month Unlimited
Premium Custom Unlimited

For the use case in this post — connecting your own devices to each other — Personal is plenty. I have been running on the free plan for over a year and have never bumped against a limit.

Step 1: Install Tailscale on the Mac

Go to tailscale.com/download and grab the Standalone variant for macOS, not the Mac App Store version. The Standalone variant has fewer sandbox restrictions, which matters for some advanced features later.

  1. Open the downloaded file and drag Tailscale into Applications.
  2. Launch it. A small Tailscale icon appears in your menu bar.
  3. Click the icon → Log in.... A browser opens; sign in with Google, Apple, GitHub, or any other supported identity provider.
  4. macOS will ask permission to add a VPN configuration. Allow it.

When it finishes, click the menu bar icon again. You should see your Mac's Tailscale IP — something like 100.64.0.1. Write that down, you'll use it in a minute. (You can always get it back later with tailscale ip -4 in a terminal.)

Step 2: Install Tailscale on the iPad (or iPhone)

  1. Open the App Store on the iPad and search for "Tailscale."
  2. Install it, open it, tap Get Started.
  3. Sign in with the same identity provider you used on the Mac. This is the only step people get wrong. If you sign in with two different accounts, the devices end up in two different tailnets and can't see each other.
  4. Allow the VPN configuration when iOS asks.

Once you're signed in, the Tailscale app will show a list of all your devices. You should see both your Mac and your iPad. If you do, the network half is done — they can now reach each other.

Step 3: Turn on Remote Login on the Mac

Tailscale gets the two devices on the same private network, but that's not enough to actually SSH into the Mac. macOS ships with an SSH server built in but disabled by default. Turn it on:

  1. System SettingsGeneralSharing
  2. Toggle Remote Login on

That's it. Your Mac is now accepting SSH connections from devices that can reach it — which, thanks to Tailscale, includes your iPad from anywhere in the world.

While you're there, also check your Mac's username so you know what to type later. Easiest way:

whoami
Enter fullscreen mode Exit fullscreen mode

Whatever it prints (e.g. alex) is your username.

Step 4: SSH from the iPad to the Mac

Open any iOS terminal app on the iPad. Many people start with Termius or Prompt 3, and there's also my own MT — Mosh Terminal which I built specifically for this kind of mobile-to-home-Mac workflow. Any of them work for the basic SSH step below.

Run:

ssh alex@100.64.0.1
Enter fullscreen mode Exit fullscreen mode

(Substitute your username and your Mac's Tailscale IP.)

The first time, it will ask if you trust the host fingerprint. Type yes. Then enter your Mac's login password (not your Apple ID — your local Mac password). You should now see your Mac's shell prompt on the iPad.

Congratulations, you're now logged into your home Mac from a tablet that doesn't know what network it's on.

Bonus: ditch the IP address with MagicDNS

Memorizing 100.64.0.1 is annoying. Tailscale has a feature called MagicDNS that lets you use device names instead.

  1. Go to the Tailscale Admin Console
  2. Enable MagicDNS

After that:

ssh alex@mac-mini
Enter fullscreen mode Exit fullscreen mode

works just as well as the IP version. The device name is whatever shows up in your Tailscale device list.

When it doesn't work

Symptom What to check
Connection timed out Is Tailscale on, on both devices? Open the Admin Console and confirm both are "Connected."
Permission denied (password) You're typing your Apple ID password, not your local Mac login password. Use the Mac one.
Connection refused Remote Login is off. Re-check System Settings → General → Sharing.
Could not resolve hostname MagicDNS isn't enabled, or you mistyped the device name. Use the IP directly to confirm, then debug DNS.
Works at home, not at the cafe Some restrictive captive-portal Wi-Fi blocks WireGuard's UDP ports. Tailscale automatically falls back to a relay (DERP), but if you see persistent issues, try tethering off your phone to confirm.

What this unlocks

Once SSH-from-anywhere works, the entire "mobile AI coding" workflow opens up:

  • Start a long Claude Code task at home in the morning
  • Detach the tmux session and walk out the door
  • Re-attach from the iPad on the train, watch the agent's progress, answer its questions
  • Get home, attach from the Mac again, pick up exactly where you left off

The first time it actually works it feels almost too easy. There's no port forwarding to undo, no router rule to maintain, no dynamic DNS account to renew. You just install one app on each device and they find each other.

If you want the next pieces of this workflow, the rest of the series covers them:

  • Keeping your remote sessions alive across disconnects → my tmux primer (link will go here once it's published)
  • Why mobile terminals are painful and what I did about it → MT — Mosh Terminal, the iOS terminal I built for exactly this use case → App Store

I'm a solo iOS developer. I write about gadgets and dev tools at jaga-farm.com. MT — Mosh Terminal is my first App Store release. Find me on X at @jaga_farm.

Top comments (0)