diff options
Diffstat (limited to '_posts')
-rw-r--r-- | _posts/2024-12-08-trying-out-tailscale.md | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/_posts/2024-12-08-trying-out-tailscale.md b/_posts/2024-12-08-trying-out-tailscale.md new file mode 100644 index 0000000..90943ae --- /dev/null +++ b/_posts/2024-12-08-trying-out-tailscale.md @@ -0,0 +1,49 @@ +--- +layout: post +title: Trying out Tailscale +date: 2024-12-08 19:11 +0100 +lang: "en" +categories: "tech" +--- + +I've been [using Wireguard]({% post_url 2022-11-20-eine-kleine-netzwerk-reise +%}) for quite a while now, mostly to connect my servers. Also, to connect my +phone to my network to have "a VPN" in open WiFi networks. With the acquisition +of [a Chromebook]({% post_url 2024-12-01-new-device-acquired-chromebook %}). +the number of devices increased by one. + +[OpenWRT](https://openwrt.org/) actually has a nice +[interface](https://openwrt.org/packages/pkgdata/luci-app-wireguard) for +managing a Wireguard network, and it works good enough. Nevertheless, out of +*sheet, absolute boredom*, I've been considering setting up +[Tailscale](https://tailscale.com/) or [Netbird](https://netbird.io/) to +simplify the whole device and key management. I *briefly* considered +self-hosting, which is possible with both services (Netbird offers their own +solution, Tailscale has Headscale), but rejected the idea. Reason being, "too +much work" (or too overblown, I am not a huge fan of Docker Compose), and also, +"don't wanna fuck this up". I went with Tailscale in the end, with Netbird +still kinda "in beta". + +You can follow the process [on +Mastodon](https://furry.engineer/deck/@uvok/113606683580862388) actually, I +kinda tried to write everything within this thread. I got Tailscale on my +OpenWRT router as well, however, *not using the opkg package*, but using the +static binary provided by Tailscale (the opkg version being terribly out of +date!). The OpenWRT wiki actually has [an +article](https://openwrt.org/docs/guide-user/services/vpn/tailscale/start) +explaining what you have to install, in regards of iptables stuff, for… I think +masquerading to work. [1] I'm kinda worried it will do something bad to my VPS +using ufw - or at least, ufw overwriting again rules set by Tailscale on the +start of the daemon… + +So far it works quite well. I can't really find a *huge* advantage for +Tailscale (vs. manual Wireguard). I mean, yeah, I don't have to take care of +key management. Also, the "Magic" DNS is a nice extra for Tailscale. *However*, +I *do not like* it messing with resolv.conf, so I disabled it for my servers +and my router. + +Would I recommend this service? No idea, it depends on your use case. It's +free, however, so there's no damage in trying it out. + +[1] Actually, as I'm researching this, Tailscale [now supports +nftables](https://tailscale.com/kb/1294/firewall-mode)! Yaaay! |