# Tailscale [Tailscale](https://tailscale.com/) 是一個 Mesh VPN 雲端服務,基於 WireGuard 的 end-to-end 加密 VPN 技術,可用於 Peer-to-peer VPN,可穿越 NAT,中央管理控制台,免費版支援 3 個帳號 100 個裝置。 特點: - Peer-to-peer VPN 應用:IoT 設備管理 - Tunnel VPN 應用:Netflix Sharing - 無複雜設定,不是 Client-server 架構 - 支援跨平台系統 - 不需要在防火牆做任何開放通訊埠設定,就可以讓外部電腦存取私有 NAT 網路內的電腦或連網裝置。 - 安全性 - 使用第三方認證供應商,例如 Google, Microsoft AD, GitHub, Okta 等。 - Access Controls Lists (ACLs) - 多個使用者角色 教學: - [Tailscale quickstart](https://tailscale.com/kb/1017/install) - [How you can connect two home labs with a site-to-site VPN (and why you should)](https://www.xda-developers.com/how-connect-two-home-labs-site-site-vpn/) - [How to Set Up Remote Access to Your Local Network Using Tailscale VPN](https://www.howtogeek.com/how-to-remote-access-your-network-using-tailscale-vpn/) - NetBird: [I switched from Tailscale to this fully self-hosted alternative, and I'm loving it so far](https://www.xda-developers.com/switched-from-tailscale-to-fully-self-hosted-alternative-netbird/) - [Headscale: Awesome Self-Hosted Tailscale Control Server - Virtualization Howto](https://www.virtualizationhowto.com/2023/05/headscale-awesome-self-hosted-tailscale-control-server/) Alternatives - [Twingate](https://www.twingate.com/) - 類似的解決方案,5 users for free - [Docs: Twingate](https://www.twingate.com/docs/how-twingate-works) - \[Video\] [the END of VPNs?](https://www.youtube.com/watch?v=IYmXPF3XUwo) ##### Peer-to-peer VPN - 原理:不同的主機啟動 tailnet 後,可以直接互連,但不會影響原本的其他網路架構。 - 適用 IoT 設備管理網路 - Tailnet 模式:預設 ##### Tunnet VPN - 原理:使用特定遠端網路主機作為所有流量的閘道出口 - 適用 Netflix 流量共享、跨境網路跳板 - Tailnet 模式:Exit Node ##### Site-to-site VPN - 原理:主機啟動 tailnet 後,透過其他的 Subnet Router 主機,可以存取同個內網的任一主機或設備,而目的主機或設備不需要安裝 Tailscale - 適用:在安全的網路下存取遠端的設備,例如網路印表機 - Tailnet 模式:Subnet Router ##### Secure Reverse Proxy - 原理:只要一行指令,可以讓任意電腦透過公眾URL (HTTPS-secured) 存取內網的網站服務,不需要 Port Forwarding,類似 Cloudflare Tunnel 服務。 - 適用:需要透過公眾網路,以安全方式存取內網的網站服務,不需要變更防火牆設置。 - Tailnet 模式:Funnel ##### Installation Linux ```bash curl -fsSL https://tailscale.com/install.sh | sh sudo tailscale up ``` ##### Commands ```bash # Connect your machine to your Tailscale network and authenticate in your browser sudo tailscale up # find your Tailscale IPv4 address tailscale ip -4 # Find all IP of devices tailscale status # Custom Hostname sudo tailscale up --hostname= tailscale set --hostname= # Disabling MagicDNS (optional) tailscale set --accept-dns=false ``` ##### Exit Node Advertise a device as an exit node 1. 下載安裝 tailscale client 2. 啟用系統 IP forwarding 3. 連線 tailscale 網路 4. 設定 Exit node 啟用 IP forwarding ```bash echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf sudo sysctl -p /etc/sysctl.d/99-tailscale.conf ``` 連線 tailscale 網路 ```bash sudo tailscale up ``` 設定 Exit node ```bash sudo tailscale set --advertise-exit-node ``` 前往網站管理平台 1. Go to the **Machines** page of the admin console. 2. Locate the device in the list. It should display the **Exit Node** badge. 3. Select the 三點 menu, then select **Edit route settings**. 4. Check the **Use as exit node** box, then select Save. Use exit node ```bash sudo tailscale up tailscale status sudo tailscale set --exit-node= # To stop using an exit node sudo tailscale set --exit-node= ``` ##### Tailscale Serve 這是 Tailnet 類似 Reverse Proxy 的服務,適用遠端存取那些僅開放 localhost 的服務。 如要使用 https,需要到 Tailscale 控制台啟用 HTTPS Certificates。然後存取的網址格式是 https://your-device.tailnet-domain。 ```bash sudo tailscale serve --bg --https=443 127.0.0.1:18789 ``` ##### Tools - [tsui](https://github.com/neuralinkcorp/tsui) - An (experimental) elegant TUI for configuring Tailscale. ##### Tailscale on Proxmox - [Tailscale-LXC/Guide at main · mossc001/Tailscale-LXC · GitHub](https://github.com/mossc001/Tailscale-LXC/blob/main/Guide) - [Tailscale on a Proxmox host · Tailscale Docs](https://tailscale.com/docs/integrations/proxmox) - [Tailscale in LXC containers · Tailscale Docs](https://tailscale.com/docs/features/containers/lxc/lxc-unprivileged) - [Installing Tailscale within an LXC container – techwithbrad.com](https://techwithbrad.com/installing-tailscale-within-an-lxc-container/) ##### ScaleTail 用 Docker 架構整合 Tailscale 與各類服務的專案庫 - [GitHub - tailscale-dev/ScaleTail: Tailscale Sidecar Configurations for Docker · GitHub](https://github.com/tailscale-dev/ScaleTail)