Not sure what you mean by reimplementing a VPN. I was talking about restricting the type of traffic that flows through Tailscale. Tailscale is still the only software responsible for handling external traffic in this scenario.
I use Tailscale as a reasonably secure and hassle-free entrypoint into my own network. I could alternatively just expose my SSH / HTTPS servers to the internet, but that would require much more effort to maintain. Not to mention that it would expose my network to even more attackers, not just theoretical ones.
I also believe that traffic inside homes should be secured regardless since routers can be hacked. So in my case, I didn't consider it a duplicated effort. I had my traffic already encrypted and authenticated when I started using Tailscale.
