Remote Access

Access your AI coding agents from anywhere in the world using Tailscale.

Connection Types Comparison

Choose the right connection type for your situation:

Feature	Local WiFi	Tailscale VPN	Tailscale Funnel
Latency	1-30ms (fastest)	30-100ms	Variable (higher)
Encryption	TLS + Certificate Pinning	WireGuard	TLS 1.3
Phone app required	Broski only	Broski + Tailscale	Broski only
Public URL	No	No	Yes
Setup complexity	None	Install on both devices	Enable in admin console
Works from anywhere	No (same WiFi)	Yes	Yes
Best for	Home/office use	Secure remote access	Sharing, demos

Why Tailscale?

By default, Broski works on your local WiFi network. To code from anywhere (coffee shop, airport, another city), use Tailscale - a zero-config VPN that creates a secure connection between your devices.

✓Free for personal use (up to 100 devices)
✓Secure - WireGuard encryption (military-grade)
✓No port forwarding - works behind NATs and firewalls
✓Fast - peer-to-peer when possible
✓Stable IP - 100.x.x.x addresses that don't change

How It Works

Same WiFi

iPhone

→

192.168.1.x:18274

Fast, local only

System

Away from Home (Tailscale VPN)

iPhone

anywhere

→

100.x.x.x:18274

WireGuard encrypted

System

home

Away from Home (Funnel)

iPhone

anywhere

→

https://mac.ts.net

TLS encrypted

Tailscale Edge

→

System

home

Broski automatically detects when Tailscale is available and includes the Tailscale IP in the connection QR code. When scanning, your phone tries both IPs and uses whichever works.

Desktop Setup

Install Tailscale on your system

Download from tailscale.com or use the command below

Use Google, Microsoft, GitHub, or email

Verify connection

Your system will get a Tailscale IP like 100.x.x.x

Installation Commands

macOS (Homebrew):

bash

brew install --cask tailscale

macOS (App Store):

Search "Tailscale" in the Mac App Store

Linux (Ubuntu/Debian):

bash

curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up

Windows:

Download from tailscale.com/download

Verify Installation

bash

# Check Tailscale status
tailscale status

# Get your Tailscale IP
tailscale ip -4
# Should output: 100.x.x.x

Phone Setup

iOS

Open the App Store
Search for "Tailscale"
Download and install
Open Tailscale and sign in with the same account
Enable the VPN when prompted

App Store Link

Android

Open the Play Store
Search for "Tailscale"
Download and install
Open Tailscale and sign in with the same account
Allow VPN connection when prompted

Play Store Link

Important

You must sign in with the same Tailscale account on both your system and phone. Different accounts cannot see each other.

MagicDNS (Human-Readable Hostnames)

Instead of remembering IP addresses like 100.64.0.15, MagicDNS lets you use hostnames like macbook.tail1234.ts.net.

Enable MagicDNS

Go to Tailscale Admin Console
Navigate to the DNS tab
Enable MagicDNS

Find Your Hostname

bash

tailscale status --json | grep DNSName
# Example output: "DNSName": "macbook.tail1234.ts.net"

Once enabled, Broski will automatically include your MagicDNS hostname in the QR code.

Tailscale Funnel (Public HTTPS)

Funnel exposes your bridge to the public internet via HTTPS. Your phone doesn't need Tailscale installed - just scan the QR code from anywhere.

When to use Funnel

Use Funnel when you can't install Tailscale on your phone (work phone, borrowed device) or for quick demos and sharing.

Enable Funnel

Go to Tailscale Admin Console
Click on your machine
Under "Funnel", click "Enable"
Accept the Funnel policy

Start Bridge with Funnel

bash

broski --funnel

The QR code will now include a public HTTPS URL like https://macbook.tail1234.ts.net.

Funnel Security Details

Feature	Details
Encryption	TLS 1.3 (same as banking websites)
Certificate	Automatic Let's Encrypt via Tailscale
Authentication	Still requires your Broski auth token
Rate limiting	Handled by Tailscale edge
Access logging	Available in Tailscale admin console

Security Note

Funnel makes your bridge publicly accessible on the internet. While it's protected by your auth token and TLS encryption, be mindful that it's publicly reachable. Use --new-token to rotate your token if needed.

When to Use Which Connection

Scenario	Recommended Connection
Working from home/office	Local WiFi (fastest)
Coffee shop or coworking space	Tailscale VPN
Traveling (hotel, airport)	Tailscale VPN
On cellular data	Tailscale VPN
Work phone (can't install apps)	Tailscale Funnel
Quick demo to a colleague	Tailscale Funnel
Maximum security required	Tailscale VPN
Sharing access temporarily	Tailscale Funnel + new token after

Troubleshooting

"Connection failed" over Tailscale

• Verify Tailscale is enabled on both devices
• Check both devices show as "Connected" in the Tailscale app
• Test connectivity: tailscale ping <phone-ip>
• Ensure same Tailscale account on both devices

System not showing Tailscale IP

Verify Tailscale is running:

bash

tailscale status
# Should show "Connected" and your IP

Slow connection / high latency

• Tailscale tries direct P2P, but may relay through servers
• Check if connection is relayed: tailscale netcheck
• Ensure your router allows UDP (WireGuard uses UDP)
• Try disabling any VPN that might interfere

Funnel not working

• Ensure Funnel is enabled in the admin console
• Check your machine has Funnel capability enabled
• Verify with: tailscale funnel status

Phone not finding devices

• Open the Tailscale app on your phone
• Ensure VPN is enabled (toggle should be on)
• You should see your system in the device list
• Try signing out and back in with the same account

Alternatives to Tailscale

While Tailscale is recommended, other VPN solutions also work:

•WireGuard - Self-hosted, more technical setup required
•ZeroTier - Similar to Tailscale, also free for personal use
•Cloudflare Tunnel - If you want to use your own domain
•ngrok - Quick public URLs, but less suitable for always-on

Next Steps

Background Service

Run the bridge automatically on boot

Network Troubleshooting

Solve WiFi, firewall, and connection issues