How to Fix Jellyfin Not Working With Tailscale Step by Step

Jellyfin is a powerful open-source media server solution that enables you to organize, manage, and stream your media content to any device. Tailscale, on the other hand, is a modern VPN built on WireGuard that allows you to securely connect your devices from anywhere. Combining Jellyfin with Tailscale can make for a seamless, secure home media streaming setup that works beyond your local network. But what happens when Jellyfin is not working correctly with Tailscale?

In this article, we’ll walk through a detailed step-by-step guide to fixing Jellyfin not working with Tailscale. Whether you’re running Jellyfin on Windows, Linux, or a NAS, these instructions will help you troubleshoot and resolve the connectivity issue.

Step 1: Define the Problem Clearly

Before jumping into solutions, it’s important to identify how Jellyfin is failing. Is it:

  • The Jellyfin web interface won’t load over the Tailscale network?
  • Streaming content over Tailscale is laggy or fails entirely?
  • Devices on Tailscale can’t discover the Jellyfin server?

Knowing the specific issue helps pinpoint where things might be going wrong.

Step 2: Ensure Tailscale is Working Properly

First, confirm that Tailscale itself is functioning correctly. On every device involved—your Jellyfin server and the device you’re trying to access from—perform the following:

  1. Check Tailscale status with the command: tailscale status
  2. Make sure the device is connected and shows the correct IP (usually in the 100.x.x.x range)
  3. Try pinging the server’s Tailscale IP from the client device

If the ping fails, Tailscale isn’t set up properly or firewall rules are blocking the connection. Confirm that Tailscale is allowed through on your firewall and that the subnet routing or ACLs (Access Control Lists) aren’t unintentionally restricting traffic.

Step 3: Use the Correct IP Address and Port

Jellyfin usually runs on port 8096 (HTTP) or 8920 (HTTPS). Make sure you use the correct Tailscale IP address of the server and append the correct port in your browser:

http://100.x.x.x:8096

If you tried accessing Jellyfin using a hostname, it might not be resolvable unless Tailscale MagicDNS or your own DNS solution is configured.

If you haven’t enabled HTTPS, make sure you’re not trying to access it over https:// unless Jellyfin has been set up with a certificate.

Step 4: Verify Jellyfin’s Listening Interfaces

This is one of the most common culprits. By default, Jellyfin might be bound to localhost or only the local LAN IP, which means it won’t respond to requests coming from your Tailscale IP. To fix this:

  1. Go to your Jellyfin configuration folder:
    • On Linux, this is usually at /var/lib/jellyfin/config/network.xml
    • On Windows, typically found in C:\ProgramData\Jellyfin\config\network.xml
  2. Open network.xml with your favorite editor
  3. Find and set the <BindAddress> to either 0.0.0.0 (to listen on all interfaces) or the specific Tailscale IP
  4. Restart the Jellyfin service

Now, Jellyfin should respond to requests from any network interface, including Tailscale.

Step 5: Check Firewalls and Port Filters

If you still can’t reach Jellyfin, firewall rules could be the roadblock. Ensure that:

  • The firewall on your Jellyfin server allows incoming traffic on port 8096 (or 8920 if using HTTPS)
  • Your router or OS is not limiting access to specific IP ranges
  • On Linux systems, check ufw or iptables rules

For example, using UFW on Ubuntu:

sudo ufw allow 8096/tcp

Also, confirm Tailscale’s port forwarding or relay settings aren’t being blocked by strict firewall environments.

Step 6: Enable or Check MagicDNS (Optional)

Tailscale’s MagicDNS feature allows you to address devices on your network using their device name rather than their IP. This makes accessing Jellyfin from various devices simpler.

To turn it on:

  1. Log in to the Tailscale Admin Console
  2. Go to DNS settings
  3. Enable MagicDNS
  4. Make sure your devices are configured to use Tailscale DNS

Now you should be able to access Jellyfin at something like jellyfin-device-name.tailnet-name.ts.net:8096, avoiding hardcoded IPs.

Step 7: Access Control and ACL Rules

Tailscale provides powerful ACL (Access Control List) capabilities to restrict which users or devices can access what. If you are unable to connect to Jellyfin from a specific device, your default ACL may be blocking it.

In your Tailscale admin panel:

  1. Click on Access Controls
  2. Review the acls section to see if traffic from your client device to the server is being allowed
  3. Update the ACL rules and save

You can also use Tailscale’s “Check connectivity” tool from the admin console to quickly identify access issues between devices.

Step 8: Look Inside Jellyfin Logs

If everything seems correct but access issues persist, it’s time to look at the Jellyfin logs for clues. The logs may show connection attempts, errors, or other useful information that pinpoints the problem.

Check the logs at:

  • Linux: /var/log/jellyfin/jellyfin.log or ~/.config/jellyfin/log
  • Windows: Located inside the AppData or ProgramData folders under Jellyfin logs

Look out for errors like:

System.Net.Http.HttpRequestException: Connection refused

These can imply firewall or binding issues.

Step 9: Tip for Mobile Devices

When accessing Jellyfin over Tailscale using the mobile app, sometimes the app will not recognize the server when using the Tailscale IP. You may have to:

  • Manually enter the server IP and port
  • Ensure the mobile device is connected to Tailscale VPN
  • Try using the MagicDNS name instead of the IP

Additionally, check if mobile data or security settings are blocking VPN traffic.

Step 10: Last Resort — Restart and Reset

If all else fails, sometimes just restarting everything helps. Restart the Jellyfin server, the Tailscale service, and both client and server devices. Sometimes network state or service lockups can cause temporary issues that resolve after a reboot.

Alternatively, uninstall and reinstall Tailscale and reconfigure Jellyfin’s bind settings from scratch to ensure clean configuration.

Final Thoughts

Combining Jellyfin with Tailscale can elevate your self-hosted entertainment experience, especially when you’re on the move or managing a remote family media server. While configuring them to work together may require some network and firewall tweaking, following this step-by-step guide should help you quickly identify and fix issues when Jellyfin is not working with Tailscale.

Addressing the problem systematically—Tailscale status, IP routing, firewall rules, and Jellyfin’s binding—can eliminate guesswork and get you streaming again securely and reliably.

So go ahead, grab some popcorn, reconnect your VPN, and enjoy Jellyfin wherever you are!

You May Also Like...

About The Author

David Turner