Tailscale: Difference between revisions
imported>Telotortium Initial page stub |
imported>Cablespaghetti Add ipv6 known issue and basic docs |
||
Line 8: | Line 8: | ||
== Basic setup == | == Basic setup == | ||
Enabling tailscale is as simple as adding <code><nowiki>services.tailscale.enable = true;</nowiki></code> to your Nix config. | |||
If you are using features like subnet routers or exit nodes you will also need to set <code><nowiki>services.tailscale.useRoutingFeatures</nowiki></code> to "server", "client" or "both" depending on the role of your machine. | |||
== Configuring TLS == | == Configuring TLS == | ||
Line 21: | Line 23: | ||
* Show how to run for multiple services on a single machine. | * Show how to run for multiple services on a single machine. | ||
}} | }} | ||
== Known issues == | |||
If you encounter issues with IPv6 not working through your NixOS-based exit node, this might be an issue with the tailscale client's detection of whether IPv6 NAT is supported. This is the "checkSupportsV6NAT" function in the tailscale codebase. Enabling <code><nowiki>networking.nftables.enable = true;</nowiki></code> and then rebooting may fix this issue if you are using iptables. | |||
== Running multiple Tailnet-accessible services on a single machine == | == Running multiple Tailnet-accessible services on a single machine == |
Revision as of 13:15, 19 August 2023
From Official Website
Tailscale makes networking easy
Tailscale lets you easily manage access to private resources, quickly SSH into devices on your network, and work securely from anywhere in the world.
Basic setup
Enabling tailscale is as simple as adding services.tailscale.enable = true;
to your Nix config.
If you are using features like subnet routers or exit nodes you will also need to set services.tailscale.useRoutingFeatures
to "server", "client" or "both" depending on the role of your machine.
Configuring TLS
Per Enabling HTTPS in the Tailscale documentation, run the following:
$ sudo tailscale cert ${MACHINE_NAME}.${TAILNET_NAME}
Known issues
If you encounter issues with IPv6 not working through your NixOS-based exit node, this might be an issue with the tailscale client's detection of whether IPv6 NAT is supported. This is the "checkSupportsV6NAT" function in the tailscale codebase. Enabling networking.nftables.enable = true;
and then rebooting may fix this issue if you are using iptables.
Running multiple Tailnet-accessible services on a single machine
The essence is to run multiple tailscaled
daemons on a machine, with the additional daemons using userspace networking rather than tun
, which seems to intercept connections to all Tailscale IPs on a machine. Basically for an additional service MYSERVICE
run the following commands:
$ STATE_DIRECTORY=/var/lib/tailscale/tailscaled-tt_rss $ sudo mkdir -p ${STATE_DIRECTORY} $ sudo env STATE_DIRECTORY=${STATE_DIRECTORY} tailscaled --statedir=${STATE_DIRECTORY} --socket=${STATE_DIRECTORY}/tailscaled.sock --port=0 --tun=user $ sudo tailscale --socket=${STATE_DIRECTORY}/tailscaled.sock up --auth-key=tskey-key-MYSERVICE_KEY_FROM_TAILSCALE_ADMIN_CONSOLE --hostname=MYSERVICE --reset