[USG Flex H] - Wireguard/Tailscale

Maverick87

Hello everyone,

Today I've tried to configure the Tailscale VPN, but I've some questions about:

1. Why is not possible to use Wireguard? I think that Wireguard is more affidable than Tailscale. Tailscale is a service on-top of Wireguard, end of support/develop, end of Tailscale service; instead Wireguard is a low level app, that works directly with IP/FW Rules. Tailscale is a service, Wireguard the protocol;
2. As per #1 using Tailscale, can implement less security than Wireguard. Using Tailscale send my network packets to an external service, I don't connect directly with my FW/LAN, I pass all my packets to Tailscale that forward to my LAN;
3. For use the Tailscale direct connection, I need to open UDP port. How is possible to do that? I see some packets pass from my phone ISP carrer, to my WAN IP on the Tailscale port. In this case I need to open the FW rule from ANY to Zywall on the UDP Port; is really this the configuration? Is really safe allow the UDP port to ANY? Can I change the default Tailscale UDP port? I see that per default there are 2 FW rules from Tailscale to any and from Tailscale to Zywall, but seems that the direct connection don't use those rules.
4. I need to have a direct connection also for use Tailscale only for browse local network? What is the difference between a direct connection instead of relay or DERP also in terms of security/privacy?
5. Is possible to configure multiple Tailscale VPNs? Can be interesting use one VPN for internal use only, and one for internal use+exit mode.

Thank you so much