The point is… It does not really matter, as long as your password is not trivial the security relies more in the algorithm than in the chosen password.

With bcrypt + round parameters, password stretching or any other key derivation technique, even weak passwords cant be cracked in a realistic time frame

The outbound connections problems as stated here? https://tailscale.com/docs/integrations/synology

The only thing I can tell is that it is totally worthless.

Because you can not have an uga ipv6, then obviously you will have an ula served via dhcpv6 with ipv4 local address (double stack).

And in this point you will realize that most computers implementation select which ip address to use following prio: ipv6 uga -> ipv4 -> ipv6 ula

So even if you do all the things right, your clients will not use it because ipv4 is there and you cannot deselect it because I assume you still want connectivity

Funny, right? :)

Here you have: https://ntfy.sh/

And because it is you you launch the connection is pretty secure… Assuming telegram servers are not compromised…

You will need to explain a bit further this statement to mild knowledged internet stranger…

Because the point of waf is exactly about reducing the exposed surface…