Tailscale: Difference between revisions
Created page with "Tailscale is an awesome mesh VPN. ==Exit Node== For processing the exit node, Tailscale uses iptables with mask 0xFF0000.<br> This may conflict with other applications such as Calico. [https://github.com/tailscale/tailscale/issues/591 This issue] suggests changing the mask used in Calico." |
|||
| (7 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Tailscale is an | Tailscale is an local mesh VPN which sets up direction connections between devices in your Tailscale network. Under the hood, it uses its own userspace wireguard implementation along with NAT traversal. In the event devices cannot connect directly, traffic passes through it's DERP relay servers. | ||
==Exit Node== | ==Exit Node== | ||
| Line 5: | Line 5: | ||
This may conflict with other applications such as Calico. | This may conflict with other applications such as Calico. | ||
[https://github.com/tailscale/tailscale/issues/591 This issue] suggests changing the mask used in Calico. | [https://github.com/tailscale/tailscale/issues/591 This issue] suggests changing the mask used in Calico. | ||
==CLI== | |||
Tailscale comes with the command <code>tailscale</code>. | |||
Some common use cases are: | |||
<syntaxhighlight lang="bash"> | |||
# See other hosts and their tailscale ips | |||
tailscale status | |||
# Check if another host is directly reachable | |||
tailscale ping $HOST | |||
</syntaxhighlight> | |||
==Split DNS== | |||
Tailscale allows you to overwrite the DNS on each client and supports split DNS.<br> | |||
You can combine this with a custom dns resolver (e.g. nextdns) to rewrite certain DNS entries when Tailscale is connected.<br> | |||
One idea could be to let Cloudflare proxy all your websites to get CDN, DDOS protection, etc. But clients with Tailscale can directly connect with your webserver.<br> | |||
* Note that one issue with this is that applications and OSs tend to cache DNS results so switching Tailscale on and off can be an issue. | |||
* If you only need access when Tailscale is connected, you can just stick the Tailscale IP as a public DNS entry. | |||
Latest revision as of 14:30, 22 April 2024
Tailscale is an local mesh VPN which sets up direction connections between devices in your Tailscale network. Under the hood, it uses its own userspace wireguard implementation along with NAT traversal. In the event devices cannot connect directly, traffic passes through it's DERP relay servers.
Exit Node
For processing the exit node, Tailscale uses iptables with mask 0xFF0000.
This may conflict with other applications such as Calico.
This issue suggests changing the mask used in Calico.
CLI
Tailscale comes with the command tailscale.
Some common use cases are:
# See other hosts and their tailscale ips
tailscale status
# Check if another host is directly reachable
tailscale ping $HOST
Split DNS
Tailscale allows you to overwrite the DNS on each client and supports split DNS.
You can combine this with a custom dns resolver (e.g. nextdns) to rewrite certain DNS entries when Tailscale is connected.
One idea could be to let Cloudflare proxy all your websites to get CDN, DDOS protection, etc. But clients with Tailscale can directly connect with your webserver.
- Note that one issue with this is that applications and OSs tend to cache DNS results so switching Tailscale on and off can be an issue.
- If you only need access when Tailscale is connected, you can just stick the Tailscale IP as a public DNS entry.