How to Setup The Tailscale VPN and Routing on pfsense th-cam.com/video/P-q-8R67OPY/w-d-xo.html Linode Offer www.linode.com/homelabshow How Tailscale Makes Managing Wireguard Easy th-cam.com/video/bcRVkoeSN0E/w-d-xo.html Forum Post With Commands forums.lawrencesystems.com/t/setting-up-headscale-video-commands/14803 Headscale GitHub github.com/juanfont/headscale Headscale Linux Setup github.com/juanfont/headscale/blob/main/docs/running-headscale-linux.md ⏱ Timestamps ⏱ 00:00 Headscale Tutorial 02:31 Headscale Documentation 03:01 Server Requirements 04:47 Customizing The Config File 07:30 headscale bash completion 08:13 Creating a Namespace 09:01 Creating keays 10:39 Allowing Routes 11:41 Node Web Registraion 13:16 Testing Connections
I set this up last night and struggled a lot but once I did it works so well. Not yet figured out how to add my own DERP servers but I will keep trying it out. It is impressive how well the LetsEncrypt certificates work out of the box without any tinkering.
11:20 here you enable also the 0/0 (route-all) address. This means that ALL traffic from the nodes that accept-routes will use this like an exit-node without configuring it as such. This might not be what you want when you also use these on completely different networks; as it will route all traffic over the pfsense node.
Nowadays using the Tailscale official app you can change the server URL and point your local one. Also it would be fair to say ACL implementation differ quite a lot here using namespaces. You can achieve similar behaviour than Tailscale plane, but with some overwork (and a tedious maintenance).
Namespaces are now called users. That was pretty confusing at first. I don't see much about tags for headscale. Maybe that is a tailscale only feature?
While it's always preferred to self-host these things, I feel it is too much trouble and not ready at this stage. I will keep an eye on its development. No iOS support is a deal breaker.
7:01 euh...why is it set to relaxed ?? hmmm.... maybe it's OK, I don't know the architecture enough. 11:33 why advertise default routes, you don't want split tunnel ?
TwinGate make a proprietary closed source tool that only connects to their control plane vs Tailscale makes an open source client that can use their cloud control plan or a self hosted one such as Headscale.
Can Headscale support routing for Subnets on a Tailscale Client Node? For instance if I have LXD or Docker Containers on a Tailscale Client Node they will be on their own 10.x.x.x networks. If there are multiple of these Client Nodes (possible different clouds or Data Centers) that 10.x.x.x Containers on one Node talk Layer 2 to Containers on a different Node?
@@AmaanC No I didn''t. If Headscale doesn't have the capability to route subnet traffic (from containers) on node I don't want to spend alot of time implementing it myself just to find out it doesn't as I have other projects ongoing. I thought asking others a prudent way to save time.
Many thanks for this. Can you please share your config file? I followed all instructions but keep getting this error: "While parsing config: yaml: line 12: did not find expected key"
I like the concept behind headscale. The fact that it runs wireguard really ruffles my jimmies. The only issue is that it is not scalable yet. Excited to see headscale mature. I've been running zerotier for a while and wish they would add wireguard support.
I'm sorry, because I'm a Chinese, so my English is not very good, this sentence is translated by translation software, please forgive me if there are grammatical errors, Please ask, how does headscale set the Exit Node, I want to use the network node traffic at home outside.
Acceptable alternative to Tailscale’s own management control plane but who would want to add an extra tool to manage unless the organisation has plenty of money to hire an employee and pay 💰
@@bugs181 Yeap ... if you look at value-added from tailscale, they don't even handle the MFA but outsourced, meaning can point fingers if troubleshooting arise. Yet, they want full-blown payment MONTHLY
headscale_1 | 2022-07-30T16:10:45Z FTL go/src/headscale/cmd/headscale/cli/server.go:21 > Error initializing error="failed to read or create private key: failed to save private key to disk: open : no such file or directory
How to Setup The Tailscale VPN and Routing on pfsense
th-cam.com/video/P-q-8R67OPY/w-d-xo.html
Linode Offer www.linode.com/homelabshow
How Tailscale Makes Managing Wireguard Easy
th-cam.com/video/bcRVkoeSN0E/w-d-xo.html
Forum Post With Commands
forums.lawrencesystems.com/t/setting-up-headscale-video-commands/14803
Headscale GitHub
github.com/juanfont/headscale
Headscale Linux Setup
github.com/juanfont/headscale/blob/main/docs/running-headscale-linux.md
⏱ Timestamps ⏱
00:00 Headscale Tutorial
02:31 Headscale Documentation
03:01 Server Requirements
04:47 Customizing The Config File
07:30 headscale bash completion
08:13 Creating a Namespace
09:01 Creating keays
10:39 Allowing Routes
11:41 Node Web Registraion
13:16 Testing Connections
I set this up last night and struggled a lot but once I did it works so well. Not yet figured out how to add my own DERP servers but I will keep trying it out. It is impressive how well the LetsEncrypt certificates work out of the box without any tinkering.
Would like to see you review the head scale ui that's under development
11:20 here you enable also the 0/0 (route-all) address. This means that ALL traffic from the nodes that accept-routes will use this like an exit-node without configuring it as such. This might not be what you want when you also use these on completely different networks; as it will route all traffic over the pfsense node.
Nowadays using the Tailscale official app you can change the server URL and point your local one.
Also it would be fair to say ACL implementation differ quite a lot here using namespaces. You can achieve similar behaviour than Tailscale plane, but with some overwork (and a tedious maintenance).
cant wait for it to solve the issue you mention at the start of the video
Thank you for commenting on my reddit post ❤ love your video
No problem 😊
Namespaces are now called users. That was pretty confusing at first. I don't see much about tags for headscale. Maybe that is a tailscale only feature?
While it's always preferred to self-host these things, I feel it is too much trouble and not ready at this stage. I will keep an eye on its development. No iOS support is a deal breaker.
Well then it's time to look again, because there's a "YES" by iOS now! :D
We just got to now wait for ios and android apps to app their support for custom servers. I hear it's in the works.
It's been supported in the official Android app as of Aug 1, 2022
Thank you very much, it worked the first time but I have a query where I can change the network segment of that headscale interface, regards.
7:01 euh...why is it set to relaxed ?? hmmm.... maybe it's OK, I don't know the architecture enough.
11:33 why advertise default routes, you don't want split tunnel ?
The android client is ready now :)
That is some great news
brilliant! thanks a lot!
It has some bugs with the exit node function
Can u please do a video on Tailscale vs TwinGate Review? Thanks in advance.
TwinGate make a proprietary closed source tool that only connects to their control plane vs Tailscale makes an open source client that can use their cloud control plan or a self hosted one such as Headscale.
Can Headscale support routing for Subnets on a Tailscale Client Node? For instance if I have LXD or Docker Containers on a Tailscale Client Node they will be on their own 10.x.x.x networks.
If there are multiple of these Client Nodes (possible different clouds or Data Centers) that 10.x.x.x Containers on one Node talk Layer 2 to Containers on a different Node?
Did you try it and find out?
@@AmaanC No I didn''t. If Headscale doesn't have the capability to route subnet traffic (from containers) on node I don't want to spend alot of time implementing it myself just to find out it doesn't as I have other projects ongoing. I thought asking others a prudent way to save time.
@@ncbmullan Haha, I understand, I was doing the same by asking you
Does it really need to be a static ip? It seems like it's accessed via hostname, which can be kept updated.
I would recommend static because once the nodes know where to find headscale they may not auto update DNS very fast when there is a change.
Many thanks for this. Can you please share your config file? I followed all instructions but keep getting this error: "While parsing config: yaml: line 12: did not find expected key"
I have since destroyed the VM's so I don't have the config anymore.
@@LAWRENCESYSTEMS nevermind a single space was causing all the problems. Took me 2 days to find out.
mine problem was with sqlite. needed new creation with the script
Let's go!
Great tutotial. Could you please make a video on Magic DNS. Thanks
Please also do for zero-ui zerotier
I like the concept behind headscale. The fact that it runs wireguard really ruffles my jimmies. The only issue is that it is not scalable yet. Excited to see headscale mature. I've been running zerotier for a while and wish they would add wireguard support.
I'm sorry, because I'm a Chinese, so my English is not very good, this sentence is translated by translation software, please forgive me if there are grammatical errors,
Please ask, how does headscale set the Exit Node, I want to use the network node traffic at home outside.
Acceptable alternative to Tailscale’s own management control plane but who would want to add an extra tool to manage unless the organisation has plenty of money to hire an employee and pay 💰
Self-hosted homelabber people that don't want to rely on online services?
@@bugs181 Yeap ... if you look at value-added from tailscale, they don't even handle the MFA but outsourced, meaning can point fingers if troubleshooting arise. Yet, they want full-blown payment MONTHLY
this video is super nice but requires update
Isn't this highly insecure? Everyone that knows the server url can register a node?
No, there are keys that the end points need to use that you have to provide.
DNS defines Reality ..
First
headscale_1 | 2022-07-30T16:10:45Z FTL go/src/headscale/cmd/headscale/cli/server.go:21 > Error initializing error="failed to read or create private key: failed to save private key to disk: open : no such file or directory
same issue here... ¢¤@¬@¤£¢¦