It’s fully encrypted over Tailscale and doesn’t open up your router which port forwarding does. With port forwarding there is a risk that if Roon has vulnerabilities they could be exposed by bad action software to gain access to your network and data but this would require the software coming in from outside such as bad email attachment etc, bad sites. As long as your security aware should not cause a problem. Using Tailscale is a more secure way to connect but it also has more latency. Someone could get access to your account if you’re not following good password security etc. No methods are 100% guaranteed secure as they all have some human interaction which is the main weakness in any security system.
There may be a small security advantage - due to the authentication to the tunnel performed by tailscale (rather than on your Roon Server) combined with the need to supply the correct encryption keys.
However, this security advantage may be offset by reliability issues. Some have reported that tailscale does not work in some situations where port forwarding does work. I don’t know if the particular cause was identified - it is unlikely to be the encryption/decryption overheads since, at audio streaming data rates, this is unlikely to place much demand upon either Tailscale tunnel endpoint device.
Also, the use of Tailscale adds yet another element in that the Tailscale servers have to be working - and they are not under your control.
A working Port Forwarding setup (with, if not using uPnP, suitable DHCP reservations for the Roon server so that it’s ip address on your local network does not change) is always likely to be more reliable than the Tailscale solution - just because it is simpler.
Finally, the encryption/decription that has to take place on ether end of the Tailscale tunnel does not come for free. It may be marginal but it will mean that more processor power is required at each end which may affect the battery life of your mobile.
In 6 months of using not had single issue with Tailscale being down. Advantage for me it allows me to control other areas of my home stuff away from home.
My understanding is that tailscale is much safer than a port forward approach. I’d recommend looking into this a bit more to understand the security implications better. I use tailscale for arc access and it works really well.
@Abrahams_Bogere Tailscale does add a battery penalty but it isn’t huge. I tend to turn it on when I need it and off when not using it.
Lawrence systems is a reliable source that I use for this sort of thing, so you may find this link helpful:
It does use a little more battery but this has improved I feel They are always updating the app and this has been mentioned in the notes. Arc heard the phone up not Tailscale but will depend on what your doing. If you’re using lots of DSP it’s good to take its toll on the cpu of the phone.