5 min read

Securely transfer files across networks using LocalSend and Tailscale

Sometimes your devices are connected to different networks, but you need to send a file between them. Using LocalSend and Tailscale, you can quickly and securely transfer your files between these devices.

Some time ago I discovered the open-source file sharing service LocalSend whilst browsing the GitHub explore page.

As my devices (phone, laptop, etc.) run on different operating systems, it's difficult to share files between them. Some approaches that I've used are uploading them to OneDrive, sending myself e-mails, and creating a Bitwarden Send link. This always felt quite inefficient, and only the last one is truly secure.

Installing LocalSend

Installing LocalSend is super easy. On the downloads page you can download clients for Windows, macOS, Linux, Android, and iOS devices. All you need to do now is open the LocalSend application.

LocalSend desktop application on Windows

Configuring Tailscale

Using Tailscale is probably the easiest way to connect devices together that I've ever experienced. Because of it's advanced NAT traversal techniques, it can directly connect your devices together without anyone being able to perform a MITM attack using the WireGuard protocol. It offers a generous free tier for up to 100 devices. For the purposes of this article, I will assume that you already have Tailscale installed and connected to all of your devices.

Why not use Taildrop?

Recently Tailscale announced their Taildrop file sharing functionality. Whilst this is a cool feature, it does not support sending files to and from nodes that have ACL tags, a common use case. The user interface of LocalSend is also better at the moment.

Unfortunately, LocalSend restricts the multicast mask to /24, this is not enforced by Tailscale by default. Your device addresses assigned by Tailscale could be 100.123.142.91 and 100.108.230.16, these devices will thus not be able to find each other.

It's possible to create an IP pool on the access control page that makes sure that future devices added to your tailnet stay in a certain range:

Note: This is a beta feature, the syntax might have changed when you are reading this.

{
  "acls": ["..."],
  "nodeAttrs": [
    {
      "target": ["autogroup:member"],
      "ipPool": ["100.x.y.0/24"]
    }
  ]
}

You can choose any 64 <= x <= 127 and any 0 <= y <= 255 (any address in the range 100.64.0.0/10).

If you have already added your devices, you can manually edit the IP of each device that you want LocalSend to automatically detect:

Edit an IPV4 address in the Tailscale machine overview

After reconnecting Tailscale, your devices will pop up in the LocalSend application:

Phone visible in the LocalSend Windows application

Transferring Data

The LocalSend applications are really intuitive. They all follow the same design, as they are made using the amazing Flutter framework.

In the following example I've sent a text message to my phone. My laptop is connected to Wi-Fi and my phone is connected to 4G. Normally they would not be able to see each other, but because they are both connected to Tailscale, they can!

Transferring a text message

Fun fact: I actually sent the screenshot of my phone to my computer using the exact same setup. It only took a couple of seconds!

Configuring ACL Policies

Imagine being a household with multiple devices connected to Tailscale. You might want to limit who can send files to each other using LocalSend. Using access policies you can limit who can send and receive files:

{
  "tagOwners": {
    "tag:localsend": ["autogroup:admin"]
  },
  "acls": [
    {
      "action": "accept",
      "src": ["tag:localsend"],
      "dst": ["tag:localsend:53317"]
    }
  ],
  "nodeAttrs": [
    {
      "target": ["autogroup:member"],
      "ipPool": ["100.91.232.0/24"]
    }
  ]
}

Note: I am using IP addresses in the range 100.91.232.?/24 in my example.

Now, configure the ACL tags in the machine overview:

Example of edit dropdown in machines tab with "Edit ACL tags" selected

Restart Tailscale on all of your devices (and possibly LocalSend), and they will show up!

Alternatives

If you are fully bought into the Apple ecosystem, AirDrop is of course an obvious alternative (although this might expand to other devices in the near future). The difference with our solution is that we can also send files to family members or coworkers that might not be in our Bluetooth range.

Another popular open-source alternative is PairDrop. It works a bit differently in the sense that you have to deploy it to a server. If you ever want to share files with users outside your tailnet, this can be a great hosted alternative. The benefit of LocalSend is that it's a simple desktop application/app that works without needing any hosting infrastructure or pairing codes.

Let me know if you use any other alternatives 😀.

Conclusion

In this article I showed you how to configure Tailscale and LocalSend such that you can securely send files (such as photos or documents) to devices connected to different networks.

This is great if your phone is having trouble connecting to the Wi-Fi (and you have mobile reception). It is also useful when you want to quickly send a file to a family members' laptop down the hallway. In small business environments you can even set up LocalSend for your distributed team!

I've already used LocalSend a bunch, and it's a great product. I'm excited to hear about your use cases!

Subscribe to the RSS iconRSS feed for more content like this.

The contents of this article are licensed under the CC BY-NC-SA 4.0 license.