May want to give Apollo a try: https://github.com/ClassicOldSong/Apollo (re Sunshine)

Any idea how this solution compares to parsec?

Why?

It handles virtual displays better in case you want your pc screen to be off while streaming. There might be other reasons.

Oh nice, virtual displays is a feature I've been wanting, thanks!

Agreed with OP. It's very handy. I made the switch after trying to tinker with running third party utilities to do this and running into issues. I found Apollo and it all just worked. Now I can stream in 4K HDR to my living room TV (which is not even what my physical PC display is). It's compatible with all the regular clients too which is nice.

Neat use case. But in fairness, you've simply 'offloaded' NAT traversal/port forwarding to automagic helper protocols over which you have no control even if you wanted it.

I recently tried whitelisting IPv6 prefixes at the network border and running straight IPv6 traffic from end to end.

It works really well so long as there's an encrypted transport, although I'm a little annoyed that the routes are very different and the ping times are different too. Although at the moment I can't remember if they're worse ¯\_(ツ)_/¯

That seems really exciting! If you wanted to share game streaming to a general public would they have to install tailscale on their device/login? How does that work? Am I right in assuming that tailscale is built mostly for sharing resources with people you trust instead of the general public?

I'm confused. I wanted to do this too with an OpenWRT router, but I was under the impression I still had to open a 40000 port so my NAT devices can see it. Wouldn't it still be on the exposed public Internet?

What hardware do you use on the networking side?

Nothing special, an edgerouter that allows installing tailscale

Ah, perfect. The Mikrotiks weren't as straightforward earlier but maybe it's easier now. Glad to know it works on EdgeOS. Did you just use this? https://github.com/jamesog/tailscale-edgeos

On RouterOS you just need hardware that supports containers, then you can just run the offical tailscale image.

Otherwise there's native ZeroTier and WireGuard, but no Tailscale.

Yes my router has open ports, but it does not do any port forwarding. So I can 'directly' connect any device behind my router without my router needing to know any specifics of which device that is. And I don't need to do any port forwarding of anything on my network and thus expose them to the whole internet; I just expose them to the users of my tailscale network (only me)

UPnP allows literally any random piece of software inside your network to open and forward arbitrary ports on your firewall. Bad idea!

Within my risk appetite on trusted network segments. I have bigger issues if malware is operational within the trust boundary, it can do what it needs using outbound connections just fine (recon, lateral movement, etc). Your risk appetite might differ.

Why are you running software that randomly opens firewall ports?

malware. Got any no-name IOT devices on your network? Got some Huawei built hardware anywhere? Playing some new indie game from developers in romania?

I had to install openwrt on my router so that I could restrict access to upnp by mac address just to my gaming pc (imo this should be standard on any router as an advanced setting, most are just upnp yes/no) so that I can still play online games.