TrueNAS/Tailscale Questions

Thanks. We do have an IT department. They are handcuffed a little because corporate manages the routers and they are terrible at handling tickets. They care much more about arguing if some change has a business case than actually helping.

Mine isn’t an issue. I try to help people with it sometimes and I do things like ask them to send me the output of route and once I see it isn’t routing the right way, I point them at IT. The VPN client they want us to use stinks like malware in Linux, so I use an open source version (openconnect). I made some instructions to follow, but I give them the YMMV tag. It works for me.

o.k. well let me know if you ever need anything. Changing your local subnet is easy, usually everything is dhcp, so it is just one change

Idk if this was meant for me or someone else. But I sure might want someone willing to take the time in a PM to figure some of this out lol. I want so bad to understand it more but I just haven’t found it in a way that clicks for my head yet lol

I would love to help you, but i have no experience with tailscale. If others here cannot help you i will definitely try! Been doing this stuuf since windows for workgroups 3.5 !!!

And windows 2000 was my most favorite o.s. it was nearly perfect!

Once I get back home I’ll try to post screen shots of what all I have. I actually have a few things with the NAS I need to get figured out but this will be the main start. I’m just not sure how other stuff ties in with it. I hated to ask the questions right before I had to leave but never know if someone will just know right off lol. Get home this evening so tonight or tomorrow I’ll try to post some screen shots of how it’s all set up and see if anyone sees anything I screwed up

So watch this! Seems simple

And please be careful what you post!! You could post a key easily that allows anyone in here access

I will burr out anything like that if I see it before. Thankfully I don’t have anything anyone would want lmao

now that I am into this. I see Headscale, and I may need to give that a try!!!

I have been wanting proxmox, (especially since all the uproar at vmware and nix’ing free licensing.)
I may have to start a proxmox and put this on it.

I have another computer running proxmox with home assistant on it. That was a real simple setup.

yeah, I support esxi at work, have been watching proxmox for a long time. I really want a cluster here at home, but then sit here and say WHY! Lol

So when do you wanna wag the tailscale and get this running?

If I could run headscale and make it available anywhere, I wouldn’t need tailscale!

Oh sure. The office has 192.168.0-15.x and that has a bunch of static configs in the office and it would be a pain to use. Many routers default to 192.168.0.x. That’s where the trouble is. My house is 10.0.x.x. I like typing and saying that better and it usually doesn’t get clobbered like that. When coworkers have the issue, they have 192.168.0.x and they have trouble with the routing tables unless everything is routed through the office (which sucks, because my office is 1300 miles away). The office Internet is actually all sent through another proxy too, through New York State or Arizona, randomly. It’s a mess, but it’s super “secure”!

As a side note, I had some trouble with my ISP in the last week. Let me tell y’all a story…

It started last summer, when I helped my neighbor demolish a fence to save some money on a fence replacement. We accidentally cut the xfinity Internet cable. Those guys were on it. We didn’t call anyone and they were there within an hour running a “temporary” cable out of our way, down the easement to restore Internet for people. I use CenturyLink DSL, so I didn’t think much of it.

On Friday, there was a boring crew (with one of those cool horizontal boring machines) replacing that Xfinity cable and they cut my century link cable. No Internet at all. Karma, I guess. These guys were super nice, but there was nothing they could do.

I tried calling CenturyLink. I got to tech support and they wanted to send out a service call. I told them that I didn’t need a diagnosis, there was a crew out there that already told me they cut your wire a block from my house. I didn’t need anyone at my house, I need you to come fix this cable. They set an appointment for the tech support house call for the 6th (7 days after the cut). I was literally on chat/phone support for hours trying to tell them that I knew exactly who and where their cable was cut and they couldn’t get me past the front gate.

That doesn’t work for me, so I went and got the TMobile 5G router. My dad has been using it and I get pretty fast speedtest results on 5G at my house, so I thought I would give it a go. It worked fine, and we didn’t notice any problems. But the speed test results from my Home Assistant were pretty low. Still, I got a free week of Internet out of it. And my son has been home sick. So I’m glad we had it.

On the 6th, CL came back with a smart, polite guy that realized exactly what was happening. They closed the road yesterday and fixed the cable. I checked the connection and it was ok, but I’d had enough. I cancelled my CL Internet. It was good while it lasted.

Today, I got Xfinity connected and it is real quick. Much faster than I had before. We honestly didn’t notice any slowness with TMobile. The speed tests on my phone were occasionally over 200Mbps. But the server never measured that.

TL;DR: This is my Internet this week:

Screenshot_20240308-2024441152×1135 49 KB

The DSL router always had a double NAT and this particular model couldn’t do “NAT Loopback”. So I always had trouble with home server apps. T Mobile had a really messed up NAT (they don’t have emough ipv4 addresses, so you share them and it does something called “CGNAT”). TMobile’s ToS also says the connection is for individuals and not “computer to computer” connections. They don’t seem to enforce that, but it seems ridiculous to me. Isn’t an overnight update a “computer to computer” connection? Isn’t every connection (if I’m being very pedantic).

The new xfinity router is much more sensible and I don’t have double NAT anymore. I am hoping I can get some time and do some more home server projects like https to home assistant. Or at least a more reliable always on tailscale. I could also see myself opening up grocy. I have very little trust in Xfinity in general. But at least they are being good to me for the time being.

So headscale is tailscale only at your residence. Tailscale runs through tailscale servers and makes everything easy.

What i saw on headscale is you need a way to get to your house. Dyndns can handle that. Also i believe you most likely need to open ports on your firewall. (cannot guarantee it though.). I do like that headscale does not route through a corporation though! May not be a big deal if they cannot see through your encryption though!

i will do more research on headscale soon as i may want to run it here!!

Forget i brought up headscale. It is only command line. Etc etc etc. Tailscale being free is easy and alot less work!

Headscale seems awesome. I can imagine using that with friends and family to help them out. But it seems like if I could set up headscale, I could also just set up wireguard or openvpn, and I wouldn’t need tailscale.

Having corporate servers for tailscale is the biggest downside, but it is also what makes it easy. It is a catch 22.

When we first moved to our neighborhood, we only had fixed wireless for internet. 50mbps, but regularly dropped to <10 during peak usage.

When our provider started putting out info that they were bringing fiber to the neighborhood, I was one of the first to call and reserve a 1G connection.

The day of install, the installer ran the cable to my garage where my network stack is. He asked where I wanted him to put ‘his’ router. I said, “I don’t.”… I asked him to simply mount his media converter on the wall, plug the ethernet to the Wan port on my unifi firewall, then call his people and give them my Mac address.

He goes, “ok”. And didn’t ask any questions.

I haven’t had any outages or slowdown since install even though others in the neighborhood have complained occasionally.

I regularly see 980+mbps throughput. It’s very nice.

I use easyDNS for my personal domain and unifi has the ability to automatically update the subdomain A record when my WAN ip changes. I did have to do some interesting DNS api stuff to get let’s encrypt working on multiple internal devices for https to the house.

I considered setting up a nginx/caddy proxy inside the house so I could set up a single port forward, but I just run alternate ports on a few services.

When they offered 1Gbos I started drooling and looking at it. But I realized my wifi was limited to 60Mbps at the time. That convinced me we really didn’t need anything that fast. There are only 4 of us and we don’t do any torrenting or anything wild. Our TV isn’t that big, so 4k vs 1080p isn’t a big difference. I’m the only one that slightly cares.

So our 80Mbps/$45/mo was fine for us and the price was right. But when they cut the cable for our neighborhood and weren’t willing to look at the cable for a week, that isn’t acceptable IMHO. Internet isn’t as important as power, but it still is critical infrastructure. Especially for people working from home.

So I will settle for 300Mbps for $25/mo. I might spend the difference on a nabu casa subscription or a home lab setup to tinker with. It is only an intro price. But it is for 2 years.

So i use openvpn at work. I tailored it to my needs. I can very much help you with that. Pfsense makes it somewhat easy, really easy after it is setup! The hard part is getting the client correct to your needs. But pfsensehas a builtin vpn override for that too. I know there are other addins for pfsense, but when i did the project at work openvpn was best.

Hey Jeff, watch this.

Netbird is a self hosted (With Server for ease of use) that you could use!