Enabling always-on VPN for Tailscale on AndroidTV

To enable the Always-On VPN feature for Tailscale:
adb shell settings put secure always_on_vpn_app com.tailscale.ipn
Explanation:
With an ADB command it is possible to enable the Always-On VPN feature of Android for Tailscale. This feature should be available since Android 7 or FireOS 6.
The following steps are required to enable it:
- Install ADB (Android Debug Bridge).
- Change to the ADB directory using the Windows CMD or the Windows or Linux Terminal using the CD command.
- Find out the (local) IP address of your Android TV or FireTV. Enable ADB debugging in the TV device settings.
- Run the following command and replace "IP" with the (local) IP of your device (for Windows, add ".exe" after "adb") and then allow the connection on the TV:
adb connect <IP>
- run the following command
adb shell settings put secure always_on_vpn_app com.tailscale.ipn
- Confirm by running the below command:
./adb shell settings list secure
And looking for the following:
always_on_vpn_app=com.tailscale.ipn
Bonus:
Two other usefull commands, but as far as I know they are not necessary because they are already disabled by default, but for the sake of completeness I list them here.
The first disables the VPN lockdown feature, i.e. no data can be transferred without an active VPN connection. If this were active (set to 1) and no exit node was set up in Tailscale, Internet access would no longer work, which is logical since Tailscale does not normally route normal Internet connections outside its own tailnet. The second command removes all applications that are exempt from the VPN lockdown feature from the whitelist.
adb shell settings put secure always_on_vpn_lockdown 0
adb shell settings put secure always_on_vpn_lockdown_whitelist
Source for reference:
https://github.com/tailscale/tailscale/issues/7824