Tailscale does support this. Using the Subnet routing feature you can expose other devices on the network to the Tailnet. I had to use this for a while with TrueNAS because of the way it handles TS integration (eventually I moved to using a reverse proxy).

The best part of tailscale is that you can use an Apple TV as a subnet router and exit node. So even if you do not have any home networking equipment, you can utilize this by just using the Apple TV app. This is particularly great if you have a second home etc.

Oh, will have to investigate that a bit.

> from my understanding, it generates always tailnet ip for hosts

It does, but it should connect over LAN when both devices are on the same network. The tailnet IP doesn’t exist outside the WireGuard network, so it’s up to the WireGuard routing algorithm.

I thought it was Tailscale that always selects which IP to use as endpoint for other devices, and set that up for Wireguard? If I'm wrong, could I replicate that behavior (using relay on WAN, direct connection on LAN) with Wireguard without external configuration tools?

Hmm, yes, I think you’re right. Tailscale does handle the connection here, not Wireguard.

I’ve digged into it a bit and I believe it first connects over a relay, then the devices try to find a more optimal route. So for LAN, they would exchange their local IPs and try to connect over those. If they are indeed on the same LAN, they connect directly: https://tailscale.com/kb/1257/connection-types

This is not without issues, however: https://github.com/tailscale/tailscale/issues/7206

Tailscale DNS might cause a bit of trouble, but the overhead isn’t too bad, I’m measuring ~1ms ping difference, which is a lot in relative terms, but in absolute it makes 0.5ms into 1.5ms.

Yep, and there is no "ip alias" type of things. On zerotier, I route my home server ip to zerotier ip and then it just works.