Tailscale
- Tailscale Website
- GitHub
- CLient open source, original control server component not, although there's
Docs
- How Tailscale works
- Configuring Linux DNS
- Manage your Tailscale resources with Terraform
- Network access controls (ACLs)
- Tailscale on Kubernetes
Install
- Client in Golang, packages in a PPA
- Repology.org
- tailscale snap is outdated
- Download tailscale
Arch:
sudo pacman -S tailscale
Raspberry Pi
Install Tailscale on Rasperry Pi
sudo apt-get install apt-transport-https
curl -fsSL https://pkgs.tailscale.com/stable/raspbian/$(lsb_release -cs).noarmor.gpg \
| sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg > /dev/null
curl -fsSL https://pkgs.tailscale.com/stable/raspbian/$(lsb_release -cs).tailscale-keyring.list \
| sudo tee /etc/apt/sources.list.d/tailscale.list
sudo apt-get update
sudo apt-get install tailscale
DNS
- Tailscale overrides
/etc/resolv.conf, when the tunnel is up local name resolving doesn't work anymore. - Private DNS with MagicDNS
Usage
- State file:
/var/lib/tailscale/tailscaled.state
Parse state file content:
sudo jq -r ._profiles /var/lib/tailscale/tailscaled.state | base64 -d | jq
sudo jq -r '."profile-e35a"' /var/lib/tailscale/tailscaled.state | base64 -d | jq
Further usage
tailscale status
tailscale ip casita
Issues
Captive portals
- Captive Wi-fi portal login didn't show up
- FR: Flag health errors for self-signed or otherwise invalid certificates
Ansible role
see headscale.md
Tailscale on Kubernetes
- Tailscale on Kubernetes
- Helm Charts repository
- Contains currently only the helm chart for Tailscale K8s operator
- K3s Tailscale integration
nftables
This commit adds nftable rule injection for tailscaled. If tailscaled is started with envknob
TS_DEBUG_USE_NETLINK_NFTABLES = true, the router will use nftables to manage firewall rules.