The thing about something like TailScale or ZeroTier or Nebula is that it’s dynamic. These all behave similar to a multiplayer game … a use case every residential firewall should “just get.”

The ports that are “opened” can change regularly, they’re not some standard port that can just be checked to see if it’s open (typically).

Compare that to the average novice opening port 51822 for wireguard or 22 for SSH and you start to see the difference. With those ports, you’ve got a pretty good idea what’s on the other side and it might even be willing to talk to you and give you error messages or TCP ACK packets to confirm it’s there (e.g. SSH).

This advice is as you can probably imagine more relevant to things like OpenVPN that are notoriously hard to correctly configure or application protocols like SSH or HTTP.

With these mesh VPNs you also don’t have to worry about your home dynamic IP changing and breaking your connection at inopportune times… And that’s a huge benefit (IMO). It’s also very easy to tie in new devices to the network.

A lot of it is about outsourcing labor to programs that know how to set up a VPN and make management of it easy. That ties into security because … a LOT of security issues boil down to misconfiguration.