Jump to content
  • 2

Tailscale Support


vtomaili

Question

Support for use keenetic modem as Tailscale exit node and access home/work network from keenetic modem. 
Subnet routers and traffic relay nodes · Tailscale
Exit Nodes (route all traffic) · Tailscale

I currently use raspberry pi as exit node in my network. 

Here is a client github repository
tailscale/tailscale: The easiest, most secure way to use WireGuard and 2FA. (github.com)

Tailscale is a VPN that modifies the Wireguard protocol slightly by adding Tailscale discovery messages. 

Relevant code: https://github.com/tailscale/tailscale/blob/main/disco/disco.go

 

 

Edited by vtomaili
Adding additional info about how to tailscale works in background
Link to comment
Share on other sites

4 answers to this question

Recommended Posts

  • 0
14 hours ago, vtomaili said:

Support for use keenetic modem as Tailscale exit node and access home/work network from keenetic modem.

What was the reason for making such modifications to the protocol? Is manual configuration (no discovery) still allows to connect existing Wireguard to your provider?

Link to comment
Share on other sites

  • 0

Entware has tailscale package. There is a topic in Russian on it - 

The problem is iptables rules that are recreated by firmware. Hooks should be used for tailscale on Keenetic to work.

Wireguard protocol is embeded in tailscale binary and is independent from firmware wireguard support.

I do use wireguard on Keenetic as an alternative internet route and use tailscale on my NAS (with --advertise-routes) to access my entire home lan from other places.

 

Link to comment
Share on other sites

  • 0
On 2/18/2022 at 7:31 AM, admin said:

What was the reason for making such modifications to the protocol? Is manual configuration (no discovery) still allows to connect existing Wireguard to your provider?

Tailscale is easy to use personal network. You just need to install and login to use it. There is no extra configuration to connect this private network. With WireGuard, you need to set up a WireGuard server to connect. With tailscale, you can exit on any device without a custom server. Of course, there are tailscale relay servers to connect another device. But they are p2p establishes connection. You can exit to the internet from your computer, laptop, VPS etc. Just need to installed and configured as exit node. And it's p2p, so you can use all the benefits of your network speed. Moreover, when you didn't use exit node, you don't need to break the active network for connecting to the tailscale network. Both The network can work in the same time. Like 2 different network cable connected to the computer in the same time. With WireGuard, if you have 1 Gbps network, and your WireGuard server has 10 Mbps network, you will have 10 Mbps network speed when you're connected to. Both the network is not working in same time with WireGuard itself, or need extra configuration which is hard for end users. Moreover, I can send all of my DNS requests over my tailscale network via a simple checkbox. And this DNS server can be Keenetic modem if it's in Tailscale network.

As @zyxmon said, I know it's possible to install. I prefer to use it with my Raspberry Pi instead install it to the Keenetic modem. Because it's more easy, and I can ensure about the Keenetic updates are not broke my configurations. And I believe this integration will be provided by Keenetic components. Then the personal home/work network will always be connected to your computer while you use any other network.

My system currently uses Keenetic modem to connect and manage 2 internet provider, which one is backup. A Raspberry Pi as a Tailscale exit node and DNS server (AdGuard home). I configured all of tailscale network to use my DNS server. So, when I work with any other internet connection, my laptop DNS requests are sent to the AdGuard instead of the DHCP DNS address of my internet connection. All of my home devices are Ad-Free and all of my computers (laptop) are Ad-Free, independent of the internet connection. And I can manage my personal network whenever I want without connect to the VPN (actually, it's always connected to the VPN but not as exit node). I have more configurations, but not related to this topic.

Edit: You cannot connect any WireGuard client to the Tailscale network because of the customizations. And there is no client app working like tailscale own client app. 

Edited by vtomaili
Answering extra question
Link to comment
Share on other sites

  • 0

Tailscale is available as an open package in the open package manager.

It should be no problem for the devs to add some web UI voodoo.

 

Tailscale in short:

Tailscale is a control plane for Wireguard managing the configuration of the nodes.
It easily creates a mesh-overlay network with NAT traversal and access control lists.

All configuration is done via the web interface or the API of the control server.

 

Btw. there is an open-source control server called headscale.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...