Phase 4 — Remote Access (Tailscale)
Goal: Set up secure remote access to the UNAS2 and mini PC from anywhere in the world without needing to configure the ISP router or open any ports.
Time estimate: 30–45 minutes
What you need: Tailscale account, Bipin's Android, Ahana's iPhone,
mini PC (Windows) — mini PC steps require being at home
Prerequisites: Phase 1 complete (UNAS2 configured, static IP set)
Overview
Tailscale creates a private encrypted mesh network (called a tailnet)
between all your devices. Each device gets a permanent 100.x.x.x IP
address that works from anywhere — unlike your local 192.168.1.x
addresses which only work at home.
Your tailnet (private network)
├── Bipin's Android 100.x.x.x
├── Ahana's iPhone 100.x.x.x
├── Mini PC (Windows) 100.x.x.x ← acts as bridge to UNAS2
└── (UNAS2 not directly on Tailscale — accessed via mini PC)
Why isn't the UNAS2 directly on Tailscale? The UNAS2 runs UniFi Drive — a locked OS with no package manager or shell access. Installing Tailscale on it directly is not officially supported and would require unsupported SSH access. Instead, the mini PC (which is always on) acts as a bridge — it is on Tailscale and has the UNAS2 mapped as a local network drive. When you connect remotely via Tailscale to the mini PC, you can access the UNAS2 through it.
Why Tailscale works with your ISP router: Tailscale uses NAT traversal — it punches through your ISP router without needing any port forwarding or router configuration. This is the correct solution for ISP-locked routers.
Step 1 — Create Your Tailscale Account
- Go to tailscale.com
- Click Get Started
- Sign up using your Google account — keeps everything under one identity
- This creates your personal tailnet — your private network
Step 2 — Install on Bipin's Android ✅
Completed during initial setup.
- Open Play Store → search Tailscale
- Install and open the app
- Sign in with your Google account
- Your Android appears in the Tailscale dashboard at login.tailscale.com
Step 3 — Install on Ahana's iPhone ✅
Completed during initial setup.
- Open App Store → search Tailscale
- Install and open the app
- Sign in with Bipin's Google account — both phones must be on the same tailnet
- Ahana's iPhone appears in the Tailscale dashboard
Both devices show the message: "Done! Your devices can now connect from anywhere." Each device has a permanent
100.x.x.xTailscale IP address.
Step 4 — Install on Mini PC (Windows) (When Back Home)
- On the mini PC, go to tailscale.com/download/windows
- Download and run the Windows installer
- Open Tailscale from the system tray → Sign in
- Sign in with your Google account
- The mini PC appears in the Tailscale dashboard
- In Tailscale settings on the mini PC → enable Run on startup — critical so Tailscale starts automatically after any reboot
Step 5 — Configure Subnet Routing on Mini PC (When Back Home)
This is the key step that lets your phone reach the UNAS2 through the mini PC when you are away from home.
On the mini PC:
- Open a Command Prompt as Administrator
- Run:
tailscale up --advertise-routes=192.168.1.0/24This tells Tailscale to advertise your entire home network (192.168.1.0/24) through the mini PC
In the Tailscale dashboard online:
- Go to login.tailscale.com
- Find the mini PC in your device list
- Click the ... menu → Edit route settings
- Approve the
192.168.1.0/24subnet route
On both phones (Tailscale app):
- Open Tailscale → Settings
- Enable Accept routes
Once this is done, when you are away from home your phone can reach
192.168.1.2 (the UNAS2) directly via Tailscale as if you were on
your home network — the mini PC acts as the bridge.
Step 6 — Verify Remote Access (When Back Home)
Test from your phone while on mobile data (turn off WiFi):
- Open FolderSync or a file manager on your Android
- Try to connect to
192.168.1.2via SMB - You should be able to browse your NAS Shared Drives remotely
If it works, Tailscale is fully configured. You now have complete remote access to your NAS from anywhere in the world.
How Remote Access Works in Practice
From your Android (away from home):
- Tailscale is running → your phone can reach 192.168.1.2
- Open any SMB file manager app → connect to UNAS2 as normal
- FolderSync syncs automatically even when away from home
From Ahana's iPhone (away from home):
- Tailscale running → can reach 192.168.1.2
- PhotoSync can connect to the NAS remotely
From mini PC (away from home — e.g. travelling with laptop): - Connect to Tailscale → full access to home network - UNAS2 mapped drives appear and work as if at home
For family members (streaming — separate setup): - Family does NOT use Tailscale — they use Cloudflare Tunnel to access Jellyfin and Overseerr - See Phase 5 and Phase 6 for family access setup
Current Status
| Device | Status | Tailscale IP |
|---|---|---|
| Bipin's Android | ✅ Connected | Check dashboard |
| Ahana's iPhone | ✅ Connected | Check dashboard |
| Mini PC (Windows) | ⬜ Pending — when back home | — |
| UNAS2 | Not applicable — accessed via mini PC | — |
Verification Checklist
- [ ] Tailscale account created at tailscale.com
- [ ] Bipin's Android connected to tailnet ✅
- [ ] Ahana's iPhone connected to tailnet ✅
- [ ] Mini PC Tailscale installed (pending)
- [ ] Mini PC set to run Tailscale on startup (pending)
- [ ] Subnet routing
192.168.1.0/24advertised from mini PC (pending) - [ ] Subnet route approved in Tailscale dashboard (pending)
- [ ] Accept routes enabled on both phones (pending)
- [ ] Remote access to UNAS2 tested successfully from mobile data (pending)
Troubleshooting
Device not appearing in Tailscale dashboard: Make sure you signed in with the same Google account on all devices. Each device must use the same account to be on the same tailnet.
Cannot reach UNAS2 remotely after subnet routing is set up: Confirm the mini PC is powered on and Tailscale is running (check system tray). Confirm the subnet route is approved in the Tailscale dashboard. Confirm Accept routes is enabled on your phone.
Tailscale not starting after mini PC reboot: Go to Tailscale settings on Windows → confirm Run on startup is enabled. Also check Windows Task Manager → Startup tab to confirm Tailscale is enabled there.
Slow remote access to NAS: Remote access speed is limited by your home upload speed. For browsing files and documents this is fine. For streaming video remotely, use Jellyfin via Cloudflare Tunnel instead (Phase 5) which handles transcoding and adaptive bitrate.
Tailscale disconnecting frequently on iPhone:
iOS aggressively manages VPN connections to save battery. This is
normal — Tailscale reconnects automatically when needed. For
PhotoSync auto-backup, the phone only needs to be on local WiFi
(not Tailscale) since it connects directly to 192.168.1.2 at home.
Phase 4 complete. Proceed to Phase 5 — Media Library.