Proven on:

11 (bullseye)

WIP!!!

As always...

Start with:

• sudo apt update
• sudo apt upgrade

TailScale HowTo

• Tailscale quickstart (Get individual machines onto your private TailScale network)

Installing on Linux

I'd suggest just using the script method that they provide on this page.

• curl -fsSL https://tailscale.com/install.sh | sh

The first time you start it by entering tailscale up it will display a URL. Go to this URL to authorise the machine on your tailnet.

From this point on, tailscale up will be done automatically on bootup.

A note about LXCs

LXCs do not give access to a /dev/tun device & this is needed for Tailscale to work.

If you're running the LXC on Proxmox, You can add this feature by editing the containers configuration file.

The following instructions are copied (and/or adapted) from this page.

For example, using Proxmox to host an LXC with ID 112, the following lines would be added to /etc/pve/lxc/112.conf:

lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file

If the LXC is already running it will need to be shut down and started again for this change to take effect.

TailScale & pfSense

• A Tailscale Package for pfSense! (video)
  • exit node
  • subnet router
  • 6:20 - configuration
  • 7:30 - mention of headscale
  • 16:15 - Subnets
  • 19:30 - Firewall rules
  • 20:32 - routing limitations
  • 27:30 - Outbound NAT
• How to Set Up Tailscale on pfSense

The Steps

Installing

1. Select System, then Package Manager.
2. Search for Tailscale, then install the Tailscale package.
3. Select VPN, then Tailscale to launch the Tailscale settings.
4. At this point, we need to configure the pre-authentication key. This can be created on the Tailscale website. If you don?t already have an account, create one, then log in and select Settings, then Keys.
5. Select generate auth key so that we can create the key for pfSense. Select Generate Key (the settings can stay as default).
6. After the key has been generated, copy it, then go back to the Authentication section of Tailscale on pfSense.
7. Paste the key that was just created, then select save.
8. After saving, select Settings, then enable Tailscale and Save.

Setup

1. Inside the Tailscale settings on pfSense, enable the offer to be an exit node for outbound internet traffic from the Tailscale network option. Also, set the Advertised Routes as your local subnet (that you'd like to be able to access from external networks), then save.
2. On the Tailscale website, select Machines, then the three ellipses next to your pfSense system, then Edit Route Settings.
3. Select use as exit node. The exit node functionality is now set up and can be used by client devices.
4. On whatever application you're using, select Use Exit Node and change the exit node to be pfSense. If you do not want to use the exit node, select None, but ensure that Allow LAN Access is enabled so that you?re able to connect to your local devices. (WTF does this actually mean???)
5. Tailscale is now configured! You can now add other devices or simply connect to Tailscale from an external network to access all of your local devices.

Accessing It

On a Linux machine with TailScale installed

Start Tailscale with the command line:

• sudo tailscale up --accept-routes

At this point, the network maintained by the above pfSense router is accessible by IP addresses from this machine...

Yet to be figured out...

• Going the other direction
  • i.e.: setting up pfSense to add a TailScale shared network to the local network
• Accessing the remote network using hostnames

HeadScale

• Headscale

Now Do A Backup!