It’s a virtual mesh network.

I’ve used it to:

Access a single machine (one client on a machine at home, one client on my laptop)

Connect multiple machines on disparate networks to each other (each machine has a client and is joined to my TS network)

Enable complete access to my home network using Subnet Routing (one machine at home has the TS client, with subnet routing enabled)

Provide access to a single service for anyone using Funnel (one machine at home running TS client, with Funnel configured for a specific service)

It all depends on how you configure it. I find running Tailscale on a Raspberry Pi with Subnet Routing configured provides most of what I need:the ability to access any device on my home network (including printers, digital photo display, TV, router, etc), from anywhere I install the TS client.

It’s a central server (that you could actually self-host publicly if you wanted to) whose purpose it is to facilitate P2P connections between your devices.

If you were outside your home network and wanted to connect to your server from your laptop, both devices would be connected to the TS server independently. When attempting to send IP packets between the devices, the initiating device (i.e. your laptop) would establish a direct wireguard tunnel to the receiving device. This process is managed by the individual devices while the central TS service merely facilitates communication between the devices for the purpose of establishing this connection.