Tailscale is a free VPN service that gives you secure point-to-point encrypted access to any of your devices wherever they are in the world through practically any network, public or private. Unlike most VPNs you might have heard of, Tailscale does not give you private access to the internet - just to your other devices.
For more information, see https://tailscale.com/kb/1151/what-is-tailscale.
This features allows you to securely route traffic from the internet to your local service, via Tailscale. It creates a TLS secured reverse proxy from a public web address to a service running on your computer with the specified port.
What this means for Foundry is next to no setup to give anyone access to your Foundry instance. The player doesn't need to download any software, and you don't need to set up any port forwarding or firewall rules.
For information on how it works, see https://tailscale.com/kb/1223/funnel.
Possibly! If you've tried port forwarding but hit walls with CGNAT or network wide firewalls, especially in cases like apartment building and university networks, this might be the silver bullet that means you don't have to go and pay for an external hosting service.
Please make sure you read the whole page before committing to try this out. While it's quite straightforward, you are using closed source third party software to expose Foundry to the whole internet. This inherently comes with some risks, similar to port forwarding.
Tailscale Funnel is current a beta feature. While Tailscale don't have a history of removing beta features, they could in theory adjust access to the feature or remove it at any time, and will not guarantee any level of technical support. They may also make breaking changes to the feature, but will give some advance warning in these cases. I've been using Tailscale Funnel for other services for the last year without any issues, but your mileage may vary.
There is also a bandwidth limit to Tailscale Funnel, which is undisclosed, but in my testing I have never hit this limit even with streaming 4k video. In the worst case this will just slow loading down and may cause lag or delays in updates for your players.
Potentially more of an advantage than disadvantage, but from the internet your Foundry server will have HTTPS with a certificate signed by Let's Encrypt. You do not need to do any configuration on the server for this to work.
These setup steps should generally work no matter what operating system or network configuration you have. I have tested this on a Windows 11 PC, and a Debian container running on a Proxmox server.
tailscale funnel 30000 (Replace the 30000 port with whatever port your Foundry instance is set up to use if needed)tailscale funnel status on your host computer and it should show you!tailscale funnel --bg 30000 to run it in the background. To later shut this down, you can simply use the command tailscale funnel off.
As with any self hosting, you are exposing your Foundry instance, and to some extent your computer, to the internet as a whole. While Tailscale encrypts all the traffic between the server and the client, from the perspective of the internet it's a clean open path straight to your server. You should expect to have the same risks as when port forwarding.
Make sure you have set a password for the Gamemaster account on any Foundry world you create, otherwise someone malicious that happens upon your server (or is watching the Tailscale public DNS records for new servers!) could easily gain access and do damage.
It is good practice to disable the funnel using tailscale funnel off any time you aren't running the Foundry server. This prevents any accidental access to other services running on your machine that might happen to use the same port.
If you only want people you trust to be able to access the Foundry server, you can ask them all to set up and install Tailscale accounts of their own and share your machine with them. More details on this are available at https://tailscale.com/kb/1084/sharing. In this instance it's more like Hamachi, although with a much cleaner and less intrusive interface!
If you've hit a hurdle setting up your Tailscale Funnel and want to share how you fixed it, please contribute to the wiki and add it here!
You can change the name used on the Tailscale admin page - go to https://login.tailscale.com/admin/machines, click on your machine, click ‘machine settings’, then 'edit machine name'