If you can’t get it working you can try Zerotier. That’s what I’m using, sounds very similiar.
Funny, just replied the same exact thing, at the same time!
1 Like
Zerotier is great. Tailscales selling point seems to be it does the same thing but uses your google account for authentication.
Tailscale is to internet and networking what the wheel was to humanity.
It
is
so
user
friendly!
I keep it on all my devices now, and my firewalls and local networks are free from open ports and whatnot. I can access anything from anywhere any time now. The only thing I wonder, is when will Tailscale have their first “incident”??
I’m sorry for asking a (perhaps insulting) simple question. Did you install Tailscale on your old Macbook? Does it show up in the Tailnet device list? I’ve had issues with magicDNS on Android sometimes, so I’ve turned it off and only use ip’s. I never tried the exit node, all the devices I want accessible are already able to install Tailscale. But I’d need the exit node if I wanted to get all my IoT off the cloud.
1 Like
It was your post back a yeah or so ago that made me decide to try tailscale, just took me till now to ACTUALLY do it LOL. It was SUPER simple to set up. And I dont think its a tailscale issue at all. This is a lack of knowledge issue lol. I need to learn what to do next.
Not insulting at all! Yes I did install it on the MBP and it is connected and shows up in the device list. I did the exit node on the TrueNAS hoping to be able to get to my printers if I ever wanted to from work. I can slice and print things and my wife take them off the bed LOL
1 Like
Can you try to ping the TrueNAS from outside your home network using the tailnet IP? Perhaps it’s something with the port being used to access the trueNAS? Did you try a network mount? SMB or WebDAV?
1 Like
Ok i just looked up tailscale. I feel much better about it. Did not realize it was a vpn. Right now there are active attack teams in Russia, China, and Israel! They are all on an offensive worse than any other time in internet history. Mostly they are after corporations for the money, but anyone can be a target. Pfsense has openvpn and another vpn (cant remember its name) built in to secure access also. Problem with those is it can be tough at home because your ip address can change. There is dynamic dns but your firewall or vpn must support it.
( i said builin, but not truly yiu have to add it. If you look at optional packages for vpn you will find them. )
Just a few things I’ve thought of without using tailscale myself…
What does you’re local routing table look like? You can run route print on most OS to see it.
You need to make sure your internal subnet shows up with the vpns ip as the gateway.
I haven’t used tailscale. I assume everything running the client is supposed to be able to see each other?
I know with wireguard you can have weird routing issues when trying to access ports on the same system that wireguard server is running on.
Are you trying to access the freenas via ip or computer name?
This is precisely what Tailscale circumvents. The subnets and the gateways and the routing and whatnot. VPN and networking is messy, if you ask me!
All the clients on a tailnet are supposed to see each other when logged in. Tailscale is only an authenticator service, all the traffic goes directly between the devices - using Wireguard tunnels.
1 Like
Gotcha.
Sorry. I drank the cool aid. I’ve seen the light!
I’m a computer geek with years of networking.
Wireguard was easy for me to get going. Not to mention the latest version of the unifi firewall firmware has it built in. I still haven’t upgraded to that, though.
We use Wireguard at work for securing traffic to all of our aws vms.
Nice thing is I only need the one Wireguard server and all my clients can connect to everything inside my house. Bad thing about Wireguard is having to set up keys for every user.
1 Like
Yeah - I have a friend who is a savant in networking and computers. He says wireguard is eeeaaasyyy. Well, Tailscale is easier. But I have to trust the company! So far I chose to trust them rather than my own faculties…
I have a PiVPN with Wireguard. It’s
.
I’m running coreOs container on my home lab. It comes with Wireguard pre installed. Just have to toss a config in and turn it on.
192.168.0.x is a very common ip range. We use that at work and anyone who uses it at home has trouble when they connect via vpn (go figure). The tailscale site gives you a different ip for each connected computer. (Mine are in the 100.x.x.x range). After you see both the server and phone are connected, try connecting to the address tailscale gave you (this is what Turbinbjorn is saying). The exit node/subnet stuff should work too. But get that basic connection working first.
Another possibility is that TrueNas isn’t open to connecting on all interfaces/ranges. My first step was to use ping from termux on the phone to the server. Then I was able to access home assistant. If you can ping, but not connect to TrueNas, then the issue is with TrueNas.
Mine is actually 192.168.68.* And I have it set accordingly in the tailscale stuff. I think my issue is more of a login to truenas issue than it is a tailscale issue. But I was also hoping to be able to log into the different printers and I cant get to those either. I guess I need to look up putting tailscale on those Pis as well?? I thought having the truenas as an exit node with that full ip range set would allow me to get to them but so far its not. It doesn’t help that I have zero knowledge of how to do this kind of stuff lol
1 Like
The exit node stuff didn’t work for me. But I only tried for a few minutes. Routing is tricky. So is DNS. DNS over VPN is extra tricky.
When I run web servers with my own code. They usually have a configuration for which interfaces and ip ranges are allowed to access it. I usually kust let everything in, but TrueNAS is probably better about it.
I use local pi.hole instances. They are configured to send my local domain requests to my primary firewall running my dhcp.
Then my VPN is configured to override dns and use my internal pi.hole servers.
That gives me the benefit of having the extra protection of the pi.hole when connected to the VPN.
It’s when you try to split tunnel and use both external and internal dns where things fall apart.
There are ways of fixing that! Do you have an i.t. department?
P.s. i can send you my cell and help you change yours if like! It is what i do!