Tailscale¶
Tailscale is a Mesh VPN service based on the WireGuard protocol - https://www.tailscale.com.
Any devices logged into the same Tailnet are accessible form each other.
Setting up in Proxmox (within a Linux LXC)¶
-
At the Proxmox command line create a new LXC container based on Debian
- CT ID 300
- Hostname Tailscale
- set password
- use Debian 12 template
- 2GB HDD / 1 CPU / 512MB
- DHCP IPv4 network
- DNS servers 1.1.1.1, 1.0.0.1
-
Then install Tailscale using the Helper Script:
-
Then run a
tailscale upcommand
SSH
Remember if trying to subsequently SSH into this container that by default SSH is disabled for root - either need to setup another user or use nano /etc/ssh/sshd_config and replace PermitRootLogin prohibit-password with PermitRootLogin yes then do systemctl restart sshd
Subnet routing¶
This makes an IP range available to others on the Tailnet via the 'advertise-routes' command
Android, iOS, macOS, tvOS, and Windows automatically pick up your new subnet routes.
By default, Linux devices only discover Tailscale IP addresses. To enable automatic discovery of new subnet routes on Linux devices, add the --accept-routes flag when you start Tailscale
To share local IP range as well as accept routes and enable SSH
Linux reset
If changing some of the Linux settings (e.g., to disable ssh or to disable accepting routes) then append --reset to the desired setup command - this will then clear the other elements.
To stop advertising routes add the flag with a blank:
Extra subnet routing commands required in Linux
As explained at https://tailscale.com/kb/1019/subnets?tab=linux#connect-to-tailscale-as-a-subnet-router some additional commands are required on Linux to enable subnet routing:
LAN access on Windows¶
There's an issue with the interface metric being set to auto on Windows which causes LAN traffic to try and go via the Tailnet, either slowing it down or making it impossible to access local resources if there is no subnet router in place.
To fix this, set the interface metric to manual and a high numbers
Run as Powershell Admin
or follow the instructions at https://github.com/tailscale/tailscale/issues/1227#issuecomment-1049136141 (see Tailscale windows metric settings.png)
Then create a Scheduled Task in Windows (remembering to select 'Run with highest privileges') to run at login:
- Action: Start a program
- Program/script: PowerShell
- Add arguments:
-File "D:\Dropbox\Linux & Programming\tailscale_metric.ps1"(alter as required)
Funnel & Serve¶
tailscale funnel --bg c:\Users\alanj\Desktop
tailscale serve --bg c:\Users\alanj\Desktop
Docker¶
Docker to access services from different Docker containers
https://almeidapaulopt.github.io/tsdproxy/
Dozzle¶
Run agent over Tailnet https://dozzle.dev/guide/agent
Taildrop¶
For Linux machines any files received are pulled down as root into the Tailscale directory.
There are CLI commands to send/receive files - https://tailscale.com/kb/1106/taildrop?tab=linux
A script has been created for the ~/scripts folder to to simplify the usage of these commands:
~/scripts/taildrop.sh
#!/bin/bash
echo "AJR Taildrop transfer"
echo "---------------------"
if [ "$1" = "r" ]; then
echo "-> Receive option selected"
echo
echo "IMPORTANT NOTE:"
echo "1. Any files that have already been received to the Taildrop directory will be immediately transferred to ~/Downloads"
echo
echo "2. If there are no files in the Taildrop directory, the transfer will be initiated when"
echo "the first file is uploaded (in this case please go to the other device and initiate the transfer)"
echo
if [ ! -d ~/Downloads ]; then
echo "Creating ~/Downloads directory..."
mkdir ~/Downloads
echo
fi
echo "Initiating transfer..."
echo
if sudo tailscale file get ~/Downloads; then
echo "Transfer complete - new directory listing of ~/Downloads is as follows:"
sudo chown -R $USER:$USER ~/Downloads
chmod -R 755 ~/Downloads
echo
ls -alh ~/Downloads
echo
else
echo
echo "Error with transfer - see above"
fi
elif [ "$1" = "s" ]; then
echo "-> Send option selected"
echo
if [ -z "$2" ]; then
echo "No file path provided. Please provide the file path as the second argument."
exit 1
fi
file_path="$2"
if [ ! -f "$file_path" ]; then
echo "File not found: $file_path"
exit 1
fi
echo "Fetching list of online devices from Tailscale..."
echo
# Get the list of online devices, stopping at the first blank line and filtering out offline devices
devices=$(tailscale status | awk 'BEGIN {RS=""; FS="\n"} {for (i=1; i<=NF; i++) {if ($i ~ /offline/) continue; if ($i ~ /^#/) exit; print $i}}')
if [ -z "$devices" ]; then
echo "No online devices found."
exit 1
fi
# Present the list of online devices to the user
echo "Online devices:"
echo "$devices" | nl -w 2 -s '. '
echo
# Ask the user to choose a device
read -p "Enter the number of the device you want to send the file to: " device_number
chosen_device=$(echo "$devices" | sed -n "${device_number}p" | awk '{print $1}')
if [ -z "$chosen_device" ]; then
echo "Invalid selection."
exit 1
fi
# Send the file to the chosen device
echo "Sending file to $chosen_device..."
sudo tailscale file cp "$file_path" "$chosen_device:"
echo "File sent."
else
echo "No option selected - please use 'r' to receive or 's' to send. If sending files then please also specify the file to send, for example as ./taildrop.sh s /path/to/file"
fi
Receiving files¶
Files transferred to a Linux machine are by default owned by root and put in the Tailscale directory. This script will transfer them from there to the ~/Downloads directory. Usage is as below. If files are already in the Tailscale directory it will transfer them and exit. If no files are in the Tailscale directory it will sit waiting for files to be transferred via the Tailnet and then move them across.
Sending files¶
Use the below command to send files to another device on the Tailnet. It will show a list of currently active devices, just pick this to select the target device.