summaryrefslogtreecommitdiff
path: root/_posts
diff options
context:
space:
mode:
Diffstat (limited to '_posts')
-rw-r--r--_posts/2024-12-08-trying-out-tailscale.md49
1 files changed, 49 insertions, 0 deletions
diff --git a/_posts/2024-12-08-trying-out-tailscale.md b/_posts/2024-12-08-trying-out-tailscale.md
new file mode 100644
index 0000000..90943ae
--- /dev/null
+++ b/_posts/2024-12-08-trying-out-tailscale.md
@@ -0,0 +1,49 @@
+---
+layout: post
+title: Trying out Tailscale
+date: 2024-12-08 19:11 +0100
+lang: "en"
+categories: "tech"
+---
+
+I've been [using Wireguard]({% post_url 2022-11-20-eine-kleine-netzwerk-reise
+%}) for quite a while now, mostly to connect my servers. Also, to connect my
+phone to my network to have "a VPN" in open WiFi networks. With the acquisition
+of [a Chromebook]({% post_url 2024-12-01-new-device-acquired-chromebook %}).
+the number of devices increased by one.
+
+[OpenWRT](https://openwrt.org/) actually has a nice
+[interface](https://openwrt.org/packages/pkgdata/luci-app-wireguard) for
+managing a Wireguard network, and it works good enough. Nevertheless, out of
+*sheet, absolute boredom*, I've been considering setting up
+[Tailscale](https://tailscale.com/) or [Netbird](https://netbird.io/) to
+simplify the whole device and key management. I *briefly* considered
+self-hosting, which is possible with both services (Netbird offers their own
+solution, Tailscale has Headscale), but rejected the idea. Reason being, "too
+much work" (or too overblown, I am not a huge fan of Docker Compose), and also,
+"don't wanna fuck this up". I went with Tailscale in the end, with Netbird
+still kinda "in beta".
+
+You can follow the process [on
+Mastodon](https://furry.engineer/deck/@uvok/113606683580862388) actually, I
+kinda tried to write everything within this thread. I got Tailscale on my
+OpenWRT router as well, however, *not using the opkg package*, but using the
+static binary provided by Tailscale (the opkg version being terribly out of
+date!). The OpenWRT wiki actually has [an
+article](https://openwrt.org/docs/guide-user/services/vpn/tailscale/start)
+explaining what you have to install, in regards of iptables stuff, for… I think
+masquerading to work. [1] I'm kinda worried it will do something bad to my VPS
+using ufw - or at least, ufw overwriting again rules set by Tailscale on the
+start of the daemon…
+
+So far it works quite well. I can't really find a *huge* advantage for
+Tailscale (vs. manual Wireguard). I mean, yeah, I don't have to take care of
+key management. Also, the "Magic" DNS is a nice extra for Tailscale. *However*,
+I *do not like* it messing with resolv.conf, so I disabled it for my servers
+and my router.
+
+Would I recommend this service? No idea, it depends on your use case. It's
+free, however, so there's no damage in trying it out.
+
+[1] Actually, as I'm researching this, Tailscale [now supports
+nftables](https://tailscale.com/kb/1294/firewall-mode)! Yaaay!