Difference between revisions of "TailScale"
(29 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
> | |||
> | |||
{{{!}} class="wikitable" style="float: right; width: 322px;" border="2" | {{{!}} class="wikitable" style="float: right; width: 322px;" border="2" | ||
{{!}}+ Proven on: | {{!}}+ Proven on: | ||
{{!}}- | {{!}}- --="" debian="" | ||
{{!}} style="text-align: center; width: 60px;" {{!}} [[File:Logo Debian.png{{!}}60px{{!}}link=https://www.debian.org/{{!}}center{{!}}middle{{!}}frameless]] | {{!}} style="text-align: center; width: 60px;" {{!}} [[File:Logo Debian.png{{!}}60px{{!}}link=https://www.debian.org/{{!}}center{{!}}middle{{!}}frameless]] | ||
{{!}} style="text-align: center; width: 40px;" {{!}} 11 (bullseye) | {{!}} style="text-align: center; width: 40px;" {{!}} 11 (bullseye) | ||
{{!}} (later versions too...) | |||
{{!}}- --="" pfsense="" | |||
{{!}} style="text-align: center; width: 60px;" {{!}} [[File:Logo pfSense.png{{!}}60px{{!}}link=https://www.pfsense.org/{{!}}center{{!}}middle{{!}}frameless]] | |||
{{!}} style="text-align: center; width: 40px;" {{!}} 2.6.0 | |||
{{!}} | {{!}} | ||
<br> | <br> | ||
{{!}}} | {{!}}} | ||
* [https://tailscale.com/kb/1017/install/ Tailscale quickstart] (Get individual machines onto your private TailScale network) | |||
= Installing on Linux = | |||
'''As always...''' | '''As always...''' | ||
Start with: | Start with: | ||
*<code>sudo apt update</code> | *<code>sudo apt update && sudo apt upgrade</code> | ||
*<code> | A note about [[PVE LXC Containers#Using Tailscal on an LXC{{!}}LXCs & TailScale]] | ||
I'd suggest just using the script method that they provide on [https://tailscale.com/kb/1031/install-linux this page]. | |||
* <code>curl -fsSL https://tailscale.com/install.sh {{!}} sh</code> | |||
The first time you start it by entering <code>tailscale up</code> it will display a URL. Open a web browser & go to this URL to authorise the machine on your tailnet. | |||
From this point on, <code>tailscale up</code> will be done automatically on bootup. | |||
= Installing on Other Things = | |||
* [https://tailscale.com/kb/1079/install-android Installing on Android] | |||
* [https://tailscale.com/kb/1022/install-windows Installing on Windows] | |||
* [https://tailscale.com/kb/1016/install-mac Installing on Mac] | |||
* [https://tailscale.com/kb/1131/synology Installing on Synology DSM] | |||
= The Actual Day-to-Day usage = | |||
In general, Tailscale is pretty much transparent. | |||
Mostly, you do all the same things you would expect on an IP-based network. | |||
The big difference is that every machine on your tailnet has a secondary address that pretty much ignores the non-tailnet topology. (i.e.: As long as the machine is connected to the Internet in general, it's reachable by the tailnet IP address.) | |||
Reaching it by that address requires that the machine you're accessing from have tailscale installed & running. | |||
= TailScale | = TailScale on pfSense = | ||
* [https://www.youtube.com/watch?v=Fg_jIPVcioY A Tailscale Package for pfSense!] (video) | * [https://www.youtube.com/watch?v=Fg_jIPVcioY A Tailscale Package for pfSense!] (video) | ||
** exit node | ** exit node | ||
Line 31: | Line 60: | ||
* <span style="font-size: 18pt;">[https://www.wundertech.net/how-to-set-up-tailscale-on-pfsense/ How to Set Up Tailscale on pfSense]</span> | * <span style="font-size: 18pt;">[https://www.wundertech.net/how-to-set-up-tailscale-on-pfsense/ How to Set Up Tailscale on pfSense]</span> | ||
== | == The Steps == | ||
=== Installing === | |||
# Select '''System, '''then''' Package Manager.''' | |||
# Search for '''Tailscale''', then install the Tailscale package. | |||
# Select '''VPN''', then '''Tailscale '''to launch the Tailscale settings. | |||
# At this point, we need to configure the pre-authentication key. This can be created on the [https://tailscale.com/ Tailscale website]. If you don?t already have an account, create one, then log in and select '''Settings''', then '''Keys.''' | |||
# Select '''generate auth key '''so that we can create the key for pfSense. Select '''Generate Key '''(the settings can stay as default)'''.''' | |||
# After the key has been generated, '''copy '''it, then go back to the '''Authentication '''section of Tailscale on pfSense. | |||
# Paste the key that was just created, then select '''save.''' | |||
# After saving, select '''Settings''', then enable Tailscale and '''Save'''. | |||
=== Setup === | |||
# Inside the Tailscale settings on pfSense, enable the '''offer to be an exit node for outbound internet traffic from the Tailscale network '''option. Also, set the '''Advertised Routes '''as your local subnet (that you'd like to be able to access from external networks), then '''save.''' | |||
# On the Tailscale website, select '''Machines''', then the three ellipses next to your pfSense system, then '''Edit Route Settings'''. | |||
# Select '''use as exit node'''. The exit node functionality is now set up and can be used by client devices. | |||
# <span style="color: rgb(132, 63, 161);">On whatever application you're using, select</span> <span style="color: rgb(132, 63, 161);">'''Use Exit Node '''and change the exit node to be pfSense. If you do</span> <span style="color: rgb(132, 63, 161);">''not ''want to use the exit node, select</span> <span style="color: rgb(132, 63, 161);">'''None''', but ensure that</span> <span style="color: rgb(132, 63, 161);">'''Allow LAN Access '''is enabled so that you?re able to connect to your local devices</span>. (WTF does this actually mean???) | |||
# Tailscale is now configured! You can now add other devices or simply connect to Tailscale from an external network to access all of your local devices. | |||
=== Accessing It === | |||
==== On a Linux machine with TailScale installed ==== | |||
Start Tailscale with the command line: | |||
* <code>sudo tailscale up --accept-routes</code> | |||
At this point, the network maintained by the above pfSense router is accessible by IP addresses from this machine... | |||
== Yet to be figured out... == | |||
* Going the other direction | |||
** i.e.: setting up pfSense to add a TailScale shared network to the local network | |||
* Accessing the remote network using hostnames | |||
= HeadScale = | = HeadScale = | ||
* [https://github.com/juanfont/headscale Headscale] | * [https://github.com/juanfont/headscale Headscale] | ||
[[Category:ServerBuilding]] | [[Category:ServerBuilding]] |
Latest revision as of 17:38, 20 October 2024
> >
11 (bullseye) | (later versions too...) | |
2.6.0 |
|
- Tailscale quickstart (Get individual machines onto your private TailScale network)
Installing on Linux
As always...
Start with:
sudo apt update && sudo apt upgrade
A note about LXCs & TailScale
I'd suggest just using the script method that they provide on this page.
curl -fsSL https://tailscale.com/install.sh | sh
The first time you start it by entering tailscale up
it will display a URL. Open a web browser & go to this URL to authorise the machine on your tailnet.
From this point on, tailscale up
will be done automatically on bootup.
Installing on Other Things
The Actual Day-to-Day usage
In general, Tailscale is pretty much transparent.
Mostly, you do all the same things you would expect on an IP-based network.
The big difference is that every machine on your tailnet has a secondary address that pretty much ignores the non-tailnet topology. (i.e.: As long as the machine is connected to the Internet in general, it's reachable by the tailnet IP address.)
Reaching it by that address requires that the machine you're accessing from have tailscale installed & running.
TailScale on pfSense
- A Tailscale Package for pfSense! (video)
- exit node
- subnet router
- 6:20 - configuration
- 7:30 - mention of headscale
- 16:15 - Subnets
- 19:30 - Firewall rules
- 20:32 - routing limitations
- 27:30 - Outbound NAT
- How to Set Up Tailscale on pfSense
The Steps
Installing
- Select System, then Package Manager.
- Search for Tailscale, then install the Tailscale package.
- Select VPN, then Tailscale to launch the Tailscale settings.
- At this point, we need to configure the pre-authentication key. This can be created on the Tailscale website. If you don?t already have an account, create one, then log in and select Settings, then Keys.
- Select generate auth key so that we can create the key for pfSense. Select Generate Key (the settings can stay as default).
- After the key has been generated, copy it, then go back to the Authentication section of Tailscale on pfSense.
- Paste the key that was just created, then select save.
- After saving, select Settings, then enable Tailscale and Save.
Setup
- Inside the Tailscale settings on pfSense, enable the offer to be an exit node for outbound internet traffic from the Tailscale network option. Also, set the Advertised Routes as your local subnet (that you'd like to be able to access from external networks), then save.
- On the Tailscale website, select Machines, then the three ellipses next to your pfSense system, then Edit Route Settings.
- Select use as exit node. The exit node functionality is now set up and can be used by client devices.
- On whatever application you're using, select Use Exit Node and change the exit node to be pfSense. If you do not want to use the exit node, select None, but ensure that Allow LAN Access is enabled so that you?re able to connect to your local devices. (WTF does this actually mean???)
- Tailscale is now configured! You can now add other devices or simply connect to Tailscale from an external network to access all of your local devices.
Accessing It
On a Linux machine with TailScale installed
Start Tailscale with the command line:
sudo tailscale up --accept-routes
At this point, the network maintained by the above pfSense router is accessible by IP addresses from this machine...
Yet to be figured out...
- Going the other direction
- i.e.: setting up pfSense to add a TailScale shared network to the local network
- Accessing the remote network using hostnames