Requesting Tailscale VPN built-in option. or CLI access to add manually

In addition to the current built-in VPN options, requesting an option to add Tailscale as a native option, or provide CLI functionality to add it manually.

Case use: For those of us who only have CGNAT as our home Internet connections - When traveling, instead of requiring each device to connect to the Tailscale VPN manually, the router automatically provides a Tailscale VPN connection, transparently offering that connection to all devices.

In particular:

  • AppleTV - (no VPN options available natively)
  • Remote System Monitoring/Administration
  • Remote Camera access

Tailscale installation on a router level can be accomplished quite easily with Open Source solutions (e.g. OpenWRT) - would prefer to reduce adding yet another router in the mix for this solution.

TIA

3 Likes

Holy cow, +1 on this. I’m a huge fan of Tailscale and would love to see this integration.

I would like to see at least a Wireguard VPN Implementation. Tailscale is using Wireguard in the background, so that would be a good starting point.

Yes, I also definitely would like to see this feature!

+1!

i do this today with their OpenVPN license, and route all media players over it’s connection (I use torguard with streaming option fwiw), I can forward ports too, but I don’t now that i have static IP with t-mobile business internet unlimited, I use their inseego 3000 5g. No SA with static ip, but my ping is sub ~23ms

Any updates to Wireguard and/or TailScale implementation?

1 Like

Hi All,

Curious to understand why not use OpenVPN?

Could you elaborate why you’d want TailScale or Wireguard alongside OpenVPN, PeplinkVPN etc…?

1 Like

Probably because of the performance penalty when using OpenVPN. WireGuard can be much more efficient for the same SoC on the router.

1 Like

Hi…

Sorry… I just a network engineer…
But… Can I ask, where you find this information?

Reading about Wireguard, the only think that I found is:

and
https://en.wikipedia.org/wiki/VPN_service#comparison

About OpenVPN

Nothing about to be more efficient then OpenVPN.

1 Like

“ It aims to be lighter and better performing than IPsec and OpenVPN, two common tunneling protocols.”

It’s what I meant by more efficient.

I have tested numerous routers with tiny SoCs running WireGuard and OpenVPN, and every time, I achieved significantly higher throughput with WireGuard.

Dictionary…
a purpose or intention…

1 Like

Do you have tested WireGuard ?

Depending on your router model, you might be able to run Tailscale in Docker or as a VM.

1 Like

yep… Using another network vendor. small network device.

SIDE_A
cpu: Atheros Hornet, MIPS 24Kc, 400 MHz
ram: 64 MB, DDR2
(1 x WAN, 1 x LAN, 1 x LTE CAT-4, WiFi4)

SIDE_B
cpu: Atheros Wasp, MIPS 74Kc, 550 MHz
ram: 128 MB, DDR2
(1 x WAN, 3 x LAN, 1 x LTE CAT-4, WiFi4)

I don’t see any difference.

also… because the kind of customer that I have…
I use IPSEC/SpeedFusion for site to site and keep using openvpn for client to site.

1 Like

Wireguard-backed VPN environments (such as Tailscale, Headscale, etc.) are rapidly becoming commonplace in both homelab-style environments and enterprise environments. It’s lightweight, faster (mainly by less overhead), and native to linux kernels. IPSec has high overhead and requires significant CPU resources to use. OpenVPN is great, but it’s not near as lightweight (re: codebase), only slightly slower, and supports additional cryptography protocols (both good and bad). There’s no reason to argue against something that’s newer because there’s “other things that will do the same thing” as this is the same argument IPv6 deniers use to delay migrations of their IP space :slight_smile:

If Peplink wants to continue being ahead of the curve against direct competitors, it needs to maintain a competitive advantage by offering features that users want and/or need. I feel that we’re already just slightly behind the curve in some respects (wifi 6e, though not a big deal, and full IPv6 support, a pretty big deal).

@Captain_Nik asked why we would use it over the existing infrastructure and for me personally, we use Tailscale quite a bit across dozens of customer environments. So much so that we actually use a Raspberry Pi at a lot of locations to build the tunnels since the Peplinks cannot support. As I said, wireguard is already a part of linux and, while I’m not writing Peplink’s software, it’s not going to require a complete rewrite of the device firmware to support. Due to Wireguard’s nature we could already support it on docker-capable devices today if host networking was permitted by Peplink for those containers.

ref: WireGuard vs OpenVPN: 7 Key Differences in 2025

2 Likes

Oh, one last thing.

At the Peplink summit in Savannah the Wireguard conversation came up to what I felt was a pretty dismissive set of responses, despite several of the attendees genuinely interested in Wireguard support. While I can respect everyone has use cases and needs and, as network engineers, we ALL have biases and think “product X is garbage,” just remember that we all have to deal with this when we pitch Peplink products to engineers who haven’t heard of it before, or who just assume “it’s some random brand that doesn’t do anything different than my Cisco/Juniper/Aruba kit.” It’s hard as Peplink sellers to have to fight against an ingrained set of opinions when you know that your product (Peplink, in this case) can solve the client’s needs better at a lower price point.

1 Like

I think the feedback provided merits at least a discussion by the Developer Team - @Giedrius ?

1 Like

Hi Christopher, Nik,

There are various VPN protocols, each with its pros and cons. Among them, WireGuard is probably my favourite, aside from Peplink’s own implementation :slight_smile:

At Peplink, our primary focus is on reliability. Peplink’s VPN implementation, which operates in the Linux kernel, offers advanced packet handling capabilities to create a more stable and robust connection. Therefore, comparing Peplink VPN to WireGuard is somewhat like comparing apples to oranges.

However, there are cases where our partners and clients require 3rd party VPN solutions. For example, we developed a special build that allowed OpenVPN to run as a docker on the BR2 Pro 5G, with all traffic routed through SpeedFusion. This was for a public safety application where an open-source VPN protocol was required by government regulations, while SpeedFusion was needed for bonding multiple WAN connections to ensure reliable connectivity.

We are always open to discussions on how we can further enhance and improve SpeedFusion which we continsiouly do for almost 20 years :wink:

2 Likes