Tailscale needs an Internet-bound control plane to aide node discovery and VPN management. When that plane is offline, nodes try to cache each others’ endpoints, but this doesn’t persist upon reboot. So a peer discovery from cold start is impossible without an internet connection, even when that peer is on the same LAN.

To work around this problem, one could selfhost a LAN-only Headscale server and it’d probably work. Or just connect via LAN directly if Wireguard encryption and Tailscale features aren’t needed. But this means inconveniently switching and managing multiple VPNs/address spaces.

The problem has been raised on Tailscale’s issue tracker. Seeing relevant issues, it seems like the best bet is on local discovery mechanisms like mDNS/Bonjour. Though that’ll likely take a while to get supported.

With all that said, does anyone know of a current good way to still use the same mesh VPN to connect to LAN machines, sans-Internet? I’m open to hear about Tailscale alternatives and how they implement it too

TIA!