Tag: Tailscale

What is Tailscale?

Tailscale is a VPN solution that allows for the connection of multiple devices. What that really means for me, is that once set up I can connect my iPhone, iPad, and laptop to my home lab outside of my home.

How am I using it?

This actually came across my radar when I wanted to be able to connect to my home lab from my desktop. I know that seems simple, but my home lab is set up in a bit of a different way. You see my home lab is double natted behind my main network, and an OPNsense firewall, which we will be covering in a different article. With this setup, I was forced to connect to my home lab from a KVM on a tiny little rack. Setting up Tailscale allows me to now connect to my home lab via my desktop, iPhone, iPad, and laptop whether I am at my desk, at work, in my chair, or while out with friends. I have now fully incorporated Tailscale into my home lab by using to interconnect different servers, physical and cloud.

Setting up Tailscale Account

Setting up Taiscale is probably one of the easiest setups that I have ever done and is completely free for personal use. The free account is sadly not unlimited, but is close enough for most people, limiting our account to 100 devices and 3 users. This process involves 2 major steps, but to create a setup like mine, there are a few more steps that need to be done.

To begin, we need to create an account with Tailscale. I used my personal email, which is licensed through Microsoft 365. This means when I setup my account, I used the Microsoft account, but each login process is similar enough.

Admin Console

Once you have created your account, it time to start setting up the fun part. To help make this more usable, I will split any of the technical steps into two sections, explanation and steps.

This section will cover setting up the Tailscale tenant to create a secure environment for our needs. This will be requiring all users and computers to be approved before they can access our tenant.

1. Log into the admin console
2. Go to the Settings tab on the top
3. Go to User management tab on the left
4. Scroll down to the find the toggle for enabling User Management. The setting is automatically saved.
5. Go Device Management tab on the left
6. Scroll down to the find the toggle for enabling Device Management. The setting is automatically saved.

Adding your first device

Now that we have our account setup up and secured, let’s go ahead and get ready to add our first device. This is a pretty simple process but will vary based on the operating system of the device you are adding. For this section we will be covering adding a Windows device, as that is likely the most common that people will add. Later in this article we will discuss adding it to a mobile device, in this case an iPhone, as well as adding Tailscale to a Linux based OS when we cover connecting this our OPNsense to the tenant.

1. On the Windows device you want to connect, open a browser.
2. Browse to the Taiscale Download page
3. Select the Windows option, if not already selected
4. Click the Download button
5. Once downloaded run the downloaded installer
6. Follow the onboarding process, inputting your credentials as needed.
7. Once it has been installed, you will be taken to a web page that ask you to connect. Press the “Connect” button.
8. Now open the Admin console, and sign in
9. Go to the Machines tab, and you should see your device
10. You will need to click on the “…” icon on the right and click approve.

Congrats you have now added your first device to Tailscale, but this does not really do much for us as we only have 1 node. In the next section we will add our mobile device, an iPhone.

Adding a Mobile Device

One of the many more overlooked features of Tailscale is called Taildrop. This feature allows to move files and photos between devices without the need for a 3rd party software or creating shares. To get a good example of this, we will be downloading the Tailscale app on our mobile device, in this case an iPhone, and sending some images to our Windows device.

1. On your app store of choice, download Tailscale
2. Once downloaded open the app, and you will be asked to sign into your Tailscale account.
3. Once you sign in the process is similar to setting up the Windows device. The only difference being is that you will be asked if you want to setup a VPN on this device, hit “Yes/Approve”
   • Click the Connect button when asked
   • Approve the device in the Admin Console
4. Once you have approved the device, in the Admin Console, open up your photos, or files.
5. Click on the “Share” button, as if you were going to send it in a text/email.
6. Instead of sharing to an text/email we will share it to an app. If using an iPhone, right above where it says “Copy Photo” you should see your apps, scroll all the way to the right and click on “More”
7. Scroll down your list until you see Tailscale, and select it.
8. You will be taken to a new screen with all of your Tailscale connected Device, for now it will just be the Windows device.
9. Select the device you want to send the photo/file to and hit done.
10. Now go to your windows Device
11. Open File Explorer, and go to your downloads
12. You should see the photo/file we just sent over.

This also means that we can communicate between these devices through Tailscale, but sending files from your phone to your computer is not the main reason we wanted to use this service. That reason is being able to connect to our home lab from anywhere in the world.

Adding an OPNsense

If you though adding our phone and Windows device was cool, wait until you see what can happen you add your router/firewall to the mix. If you do not know, OPNsense is an open-source firewall that can be downloaded and installed on a variety of devices, and while it is not the main point of this article, I will cover the basics on it while we go through the section. I will be creating more articles on this at a later time, going over installing OPNsense, hardware possibilities, configuring OPNsense, and some of the plugins that you can install.

OPNsense in the most basic context is a router, meaning that it sits behind your Internet provider’s, AT&T, Comcast, Spectrum, equipment and in front of your home network, bridging the gap between the two. This device also can be configured to provide security for your network in various ways and limit what devices can communicate with other devices. For our needs in this video, we will assume you have OPNsense installed on some device, and in place.

So, there are a couple of different ways we can install Tailscale, such as remoting into the device, and running the Linux curl command, but we will be using the Tailscale plugin on the OPNsense. This makes for a little simpler of an install process and will add Tailscale to the VPN section of the interface, allowing for easier configuration later on.

Once we get it configured, I get to show you why we want to add the OPNsense to the Tailscale client, sharing subnets. Having Tailscale installed on all your devices is nice but installing on each and every device and removing all configs is time consuming. Installing this on an OPNsense, allows us to share out a subnet meaning that we will remotely be able to access any device on that subnet.

1. Log into the OPNsense interface.
2. Go to System > Firmware > Status
3. Press the “Check for updates” button, and let all the updates installed
4. Restart if needed and repeat the updates as needed.
5. Once it is fully updated go to System > Firmware > Packages, not it may take a second to load.
6. Check the “Show community packages” box
7. Search for os-tailscale and click the “+” on the right.
8. Install the plugin
9. Now go back to your Tailscale Admin Console
10. Go to the Settings > Keys
11. Generate a key
    • Give it a description
    • Click the check box for “Pre-approved”
12. Copy the Key
13. Go back to your OPNsense interface
14. Once installed go to VPN > Tailscale > Authentication
15. Paste the key into the Pre-authentication Key field
16. Click Apply
17. Now go to VPN > Tailscale > Settings
18. Ensure the check box that enables the VPN is checked and click apply
19. Go to the Advertised Routes tab
20. Click the “+” sign to add a new route
21. Put the subnet you want to advertise with its CIDR notation, such as 192.168.1.1/24
22. Give it a description and click Save
23. Now we are almost done, we just need to approve the route in the admin Console, now go back to the Tailscale Admin Console
24. Go to the Machines Tab, you should see you OPNsense listed, if not approved, approve it.
25. Click the OPNsense and you should see a Subnet section
26. Click the “Edit” button under the “Approved” area
27. Click the subnet you just setup in the OPNsense, and click approve.
28. If you go back to your device you should now be able to connect to any device on that subnet. You can test this by pinging the Gateway of the share subnet.

Conculsion

While that seems like a lot, you were just able to complete a big step that will allow you to constantly work on your home lab, from any where. This has really helped pushed me to home lab more, since I am not tied to one spot. I have even caught myself working on my home lab while I was cooking dinner. Moving forward, as you guessed with this being the first article I wrote, Tailscale will play an important role in my projects, either being used to connect to apps, host my SSH keys, or connecting different severs/sites.

Thank you for making it through this article, and please leave a comment on what you want you enjoyed about this article, what I can do better, and what articles you want to see.