Tailscale Subnet Router Setup - Extending Your Local Network
ฝัง
- เผยแพร่เมื่อ 14 ต.ค. 2024
- Tailscale is easy and works great when you have client applications set up on your devices, however, there are times when you want to reach other devices that are unable to get the client or you simply do not want to use the client. Today we are going to walk through how to set up and a subnet router on Tailscale which will allow access to the rest of your devices.
For additional information on other products I use in my network, please visit the links below. These links are Amazon.com affiliate links and as an affiliate, I earn from qualifying purchases.
Wifi 6 Card: Ziyituod AX200 WiFi 6 Card (802.11ax): amzn.to/39Jugsr
QNAP QSW-M1208-8C: amzn.to/3Dp3mD...
TP Link 16 Port Managed Switch: amzn.to/2Ru7NFk
Unifi 6 Lite AP: amzn.to/3BrMw6Q
Shure SM7B: amzn.to/3mE6Ds7
Other Items in my network
10Gtek 10Gbe NIC card (Intel Compatible): amzn.to/2RtDte3
Sonnet Presto Solo 10GbE NIC: amzn.to/39qdmxP
Asus 10Gbe NIC card: amzn.to/2SDVfg0
QNAP QSW-M408-2C: amzn.to/35WuxbB
QNAP QSW-308-1C (with combo port): amzn.to/2uVZ8Wf
QNAP QSW-308 (without combo port): amzn.to/38o9Jrk - วิทยาศาสตร์และเทคโนโลยี
![[DRIP] ‘CLIK CLAK’ PREVIEW](http://i.ytimg.com/vi/bcxkcOSbpac/mqdefault.jpg)
Tailscale is a beast! Overlay networks are where it’s at!!!
Agreed!
Mike One thing I have to say is that your explanation was one of the best! I understood almost everything!! Kudos to your work!! I have just one question why did you select "192.168.0.0" and "192.168.40.0"? I'm sorry I'm not an advanced user, my question might be very basic.
Thanks for the comment and sorry about the delay in responding. I used those as those are my local networks that I was allowing access to, 192.168.0.xxx and 40.xxx. You may have a different range such as 192.168.1.xxx in which case you would allow 192.168.1.0 to encompass the entire network. Hope that helps and thank for the feedback.
@@MikeFaucher you seems very knowledgeable but even with your video im a bit confused... i have internet to my router and the router to all devices.. i want to set up my router to use Tailscale... dont know how to install client on it, if its even possible. my internet is provider by a cellphone and im trying to bypass Carrier Grade NAT by using Tailscale, maybe you can guide me privately, if you wouldnt mind. I think i can do it myself, im just not sure what the proper numbers for my setup are, or exactly how to determine them all.
@@Lilsquaw79 I don't think there's a router out there that allows you to install Tailscale. I know your question was asked over a year ago, but if you can find your IP address for your computer, you can likely figure out your settings from there.
For example, with most simple networks, you find your IP address for your computer or any other device, then just replace that fourth number with a 0, (e.g., if one of your devices is 192.168.212.24, you would use "192.168.212.0/24").
I hope this helps someone else.
@@MichaelVogtOK It did! Thanks a lot!
@@Lilsquaw79 You dont need to install tailscale on router, any of your device can act as vpn router..
Happy to see you continuing to work with TailScale. I hope you will do a video on how users might implement TailScale on a QNAP NAS so it can be accessed remotely without the hassle of setting up and maintaining a 'standard' VPN.
It is definitely on the list once they have a cleaner way to install it. I don't like to use third party repositories. Using this sub router approach has opened up a new world for me and I don't have to worry about standard VPNs any more. Thanks' for the feedback as always!.
@@MikeFaucher Tailscale is now available from the App Store to be installed directly, I second the original question, would love for you to make the said video and including the setup of the sub router for QNAP NAS’s.
Hope you can find the time Mike, it would be greatly appreciated.
@@MarkWoodhall Thanks, I will add that to my list. If you are interested, I just did one for the Apple TV (th-cam.com/video/o_2gHR5bTOc/w-d-xo.html)
@@MikeFaucher Thank you.
Unfortunately I do not have an Apple TV but will certainly watch the video, I do like how you explain things and it may be something I’d like to pick up in the future.
I am up and running in less than an hour, just becasue i was reading the docs too. else this is the easiest vpn alternative with a kill switch that always available even if you are outside your network. Awesome!
Thanks for the feedback. Glad you are up and running.
Just learned about TS. I’ve been using OpenVPN for several years but this is pretty nice as well.
So far I really like it. Use it daily.
I love that I don't need to open ports on my router just to access my servers from work. Tailscale is just amazing! I love it!
Agreed, and thanks for the feedback!
i only recently learned about tailscale. i'm looking through it to understand how to use it. so ur video helps in that regard, especially for how to remote and access ur nas without exposing it insecurely online.
thx for the video
Glad it helped. Check this one out as well. th-cam.com/video/76XY8ncctkE/w-d-xo.html
Great video! Thanks for sharing. Im going to try this with my TailScale setup today.
Awesome, let us know how it goes. It have been working great for me.
Great video! I had a much more complicated setup in mind for doing this. Your video is very helpful! Thank you!
Glad it was helpful. I rely on this everyday and it has worked great. In the process of moving it from a VM which I have been using to a small factor Linux PC for greater reliability as I am always messing with something and wanted a set it and forget it approach. Good luck if you end up using it.
😮Thanks for the video, that's exactly the information I was missing.
No problem! Thanks for the feedback.
Great video, thank you. Wondering what happens if the remote subnets on tailscaile is the same as my local one, wont there be conflicts with IPs
No. I deliberately set mine that was as that is what I need access to. Thanks for the feedback.
Been using Tailscale for a while. Works great. This is new and interesting to me. Question, what I’d your subnet router, in this case your Linux VM is stopped or rebooted? Do you have to manually enter everything in the command line again?
No,, it is a saved configuration so unless you have a drive failure, you should be good. I use a small PC that is set to reboot upon power failure and it has beeb working great.
@@MikeFaucher Excellent! Thank you sir!! I’ll have to give this a try. 😊👍🏻
Thanks Mike! I followed along and was able to spin up a Ubuntu VM on my unraid server and create subnet router option. Cheers!!
Outstanding! Glad you got it working. Good luck and thanks for the feedback!
Thank you good sir, yours is the only explanation that made any sense. 🎩
Awesome. Glad you found it useful. Thanks for the feedback.
Nice demo! I'm tinkering with it right now, but I can't seem to make the traffic bi-directional.
Works: Tailscale Host -> Tailnet -> Subnet Router -> Host
Doesn't Work: Host -> Subnet Router -> Tailnet -> Tailscale Host
I tried routing all packets for 100.64.0.0/10 to the local IP of my subrouter
When you are running a subnet, you only have to use the local IP not the tailscale IP. From you client, just browse or remote desktop or whatever you need to do with the direct IP. Do not use the tailscale IP.
Hello mike. Thanks for the tutorial, just a quick question, do you have define the subnet router as the gateway for the clients that are behind it?
No, once I defined a subnet route, the whole network is available so I can access anything. Great question.
great info with details. Just a newbie to Tailscale. I'm having trouble connecting with security cameras other than the PC which is running Tailscale. I want my other co-workers to access the same without installing Tailscale. How do you think I could do this?
There are two ways, if you can install Tailscale on you NVR that would be the best and most secure, if not, you will have to create a subnet router and allow all your VPN users in. They will be able to access anything that is on your network. I have a couple of videos on my channel on setting up a subnet router for both linux and windows. Check out the LInux one first as that is the best way but if that is not an option, Windows or Mac work fine as well.
Thank you for this.
I have a very limited understanding of networks (never created a vlan), so I wasn't sure about those subnet IP addresses. I did have it right, but it was nice to see your example to confirm that I had the right idea.
I have it working now, and like a lot of stuff with Tailscale, my main takeaway is that they've made this stuff too easy. I keep assuming I'm missing something because it just can't be that easy, but then it _is_ that easy.
Can you have multiple subnet routers at multiple locations, so long as they're advertising different subnet routes?
thanks for the feedback and glad you have everything running. Yes you can have multiple subnets and they can be added if you want to the subnet router.
Great video. I haven't installed Tailscale yet. This video is for accessing other hosts (not running the Tailscale client) on your local subnet from remote hosts running the Tailscale client, correct? On a local subnet can a Tailscale client host access a non-Tailscale client host? When you install a Tailscale client does create a virtual network interface in addition to the existing network interface?
Yes you are correct. Yes going through a subnet router a client can access a local host but not the other way around. Yes it creates a virtual nic. Works extremely well and had no issues with it so far.
Would love to see the next steps needed to get DNS working over the subnet router so you can hit internal resources by name. Perfect example would be AD connected devices communicating with an AD server / file server.
I will put it on my list. Thanks for the feedback.
Yep, this my same question. How does Tailscale work with Active Directory? AD makes use of it's own DNS. Does that still work over Tailscale? I want to connect various printer servers at remote locations to Active Directory.
Super video, thanks. Don’t I get IP conflicts if I have the same subnet on both ends? And do I need two subnet routers on both ends to get two devices to work, eg two PlayStations on two locations the client does not run on?
No just one subnet as that is the entrance to your network. Great question.
Can you make a remote device such as an android box with Tailscale loaded, use a specific app to stream all data thru the exit node or subnet? To make that remote device look like it’s streaming from your home network?
Sure, that is precisely what Tailscale does. You can get a small, low-cost PC and either load Windows or Linux on it or use most Android devices (tailscale.com/kb/1079/install-android), at least for now. You can also use an Apple TV, which is easier to set up.
Thanks! Was useful to enable my subnet with PiKVM
Great to hear. Glad it was helpful.
Hi. I'm wondering if it works in reverse. Can devices in the local network (without tailscale installed) then connect to devices on Tailscale network through the subnet?
No, connections go from local through TS, and from the outside, you have to through TS to connect to the subnet router. Great question.
great guide, thank you!
Thank you. Appreciate it.
At 3:30 you forgot to mention that now you have curl installed. You can run that first command.
I can see you had it in the terminal, but you went right now to say copy the 2nd line....
Thanks for pointing that out
Thanks sir, that’s very helpful
I wonder if the firewall could substitute this process
Example if your Tailscale device is behind pfsense on subnet x.x.x.10/24 Could we just use firewall rule to allow the traffic from machine to y.y.y.25/24
i.e allow x.x.x.10/24 to access y.y.y.25/24 device?
Using Tailscale you do not need any firewall rule as your devices are connecting out which is effectively bypassing your NAT. Once you are in the network, you can use firewall rules to allow access to other subnets or just add the subnets in the subnet router. There are many possibilities, but in the end it is safter to use Tailscale than to try and substitute it, not to mention you communications are encrypted when using Tailscale. Great question.
@@MikeFaucher thanks a lot, I may need elaborate more, i guess I’m trying to achieve communication between 2 subnets, both behind the same firewall.
Imaging having 2 vlan subnets, vlan 10 subnet has Ubuntu vm running tailscale and vlan 20 is not has a machine that I’d like to access through the tunnel that Ubuntu tailscale provides
Would that be possible?
And many thanks again
@@drreality1 If you go back to the video at around 4:20, this is where you set up the subnets you want to access via the subnet router. In my case, it is my main LAN and a VLAN which is what you are trying to do. I believe the same configuration will work for what you are trying to do.
@@MikeFaucher yea exactly, could we do the same instead through firewall rule to allow inter vlan traffic?
Cheers
@@drreality1 You can try but the subnet router may block it and it may depend on which firewall you are using
Thank you for the video! I'm running Plex on my Synology NAS using Tailscale. I can access Plex from my other devices (all running Tailscale clients) from other networks. But I'm having difficulty accessing Plex from remote TVs (not an Android TV, so I can't run Tailscale). What do you suggest I do to solve this?
The only real option if you can not install a client is to port forward plex on your router. I have the same issue and that is how I run mine. As plex uses a secure connector, it is the next best thing. Great question and thanks for the feedback.
How do i invite a family member to the network to ONLY access my jellyfin docker container and not be able to access the unraid ui and other hosts in the tailscale network?
The Subnet router opens everything though as long as the permissions for the other devices have been set correctly they most likely will not be able to access your other files. That said, the best way in your case is not to give them access to your tailscale but rather setup JellyFin to share files. Unlike Plex, Jellyfin makes a bit harder to setup outside access but there are several ways it can be done. This is the best approach as it eliminates potential issues from others messing with your network by accident. As I am not a Jellyfin user, I cant tell exactly how, but I can tell you it can be done. Hope that helps.
While I use Tailscale, I can't future out from your video what to do. I have a lot of unanswered questions. What subnets did you use? Is this on your router or a separate box? How are you not getting DHCP conflicts? Can you target specific devices? How did you specify which devices are on the subnet?
In its simplest form, all you are doing is routing into your subnet (192.168.x.x) from a Tailscale IP so if I logged into tailscale with my client and my subnet router, my client will connect to the subnet router allow me into my LAN rather than just a system that has Tailscale. The subnet router lets me have the whole LAN.
@@MikeFaucher is this 1-way? How do those internal machines connect to Tailscale machines?
@@Saturn2888 It is one direction, from you client when you away to anything on your network.
@@Saturn2888 Yes, it is from your external client to any device on your network.
@@MikeFaucher Thanks! That's what I thought. I spent forever, but figured out a way to NAT route the Internet connection of devices on the LAN through Tailscale.
Great video Mike...thank you
Thanks, glad you liked it and thanks for the feedback.
Excellent video! Thank you
Awesome, glad you like it and thanks for the feedback.
Hello @Mike , appreciate your guide. Could you give me some advice on my use case: I have a LG OLED TV (use webOS, no client available for WG or Tailscale) and I want to connect it to and VPS to route all traffic to use TH-cam premium features. I had tried with TS subnet but seem no luck with it. Thank you
Not sure I completely get what you are trying to do but for a VPS to connect to a TS subnet router the VPS has to have the client. As far as I know, WebOS can play TH-cam premium directly so why do you have to attach to a VPS? I need a little more understanding of the issue. Thanks.
Useful tutorial!! thanks!
Glad it was helpful! Thanks for the feedback!
Does anyone know if you still need a static IP for this to work?
No, you do not.
do I need to be in the tailscale folder or something? Sudo: tailscale: command not found when attempting this on Umbrel.
Tale a look at this doc. tailscale.com/download/linux as it has the exact commands to install Tailscale onto Linux. Hope that helps.
@@MikeFaucher I ended up ditching Tailscale completely and just using a Cloudflare custom domain tunnel in my truenas for remote jellyfin rocker access. Worked like a charm
ive successfully setup my tailscale subnet .. any hints how is the best way to update or run a DNS for this subnet ?? as of now I am forced to run a /etc/hosts file on my machine.. but I want to properly automate this for other consumers in the tailnet
Great question. Have not tried it yet but here is the link to their instructions (tailscale.com/kb/1054/dns/?q=DNS). I will be experimenting with this in the near future.
how did you connect your ubuntu machine to those unraid server, file share servers?
You install tailscale on the Linux server and run the commands from the video substituting your local network IP address such as 192.168..1.0/24. From there you should be able to access any IP such as your UNRAID server from another system outside your home that has a Tailscale client installed. Another words, client PC (such as a laptop) with Tailscale installed, connects to the Tailscale subnet router. When you use an IP address, it is transferred through the subnet router to your local LAN. Hope that helps.
i see that u installed tailescale on unraid nas? using a linux vm setup. does the process work similarly if using a qnap nas? is that safe to do.
does this mean my pfsense router firewall settings can remain intact as is, but i install the tailscale as a linux vm on say a qnap nas, then i am able to access the qnap remotely securely at that point?
i noticed in the tailscale site it shows synology being supported. wondering when there will be qnap support :/ i see that raspberry pi is listed, but i don't have one :{
Tailscale itself can be installed on both the Synology or QNAP but not the Subnet router. If you just simply want to access your NAS then installing it on the NAS is the safest and does not require any port forwarding. If your want to use the Subnet Router and access everything on your network than the raspberry pi is the best option. Check this video for a standard install it may help. th-cam.com/video/76XY8ncctkE/w-d-xo.html
Can you allow members to share an exit node?
Any user that you grant access to your system can can use the exit node.
Does this work both ways? I.e. can machines without tailscale access tailscale machines at their tailscale IP?
Not outside your local network. Good question.
@@MikeFauchergreat video. But to this point. So there is a tail scale subnet router active in my local lan. Can I access tailscale device from any machine of my local lan? Do I need to adjust some settings of my local lan setup?
@@knabbi For security reasons, a Tailscale machine can connect to any device on your LAN via the sunset router, but only machines on your LAN with Tailscale installed can access machines outside of your local LAN. Hope that makes sense. Great question.
I put in all those IP Forwarding prompts and I still get the message in the Tailscale settings: "Unable to relay traffic
This machine has IP forwarding disabled and cannot relay traffic. Please enable IP forwarding on this machine to use relay features like subnets or exit nodes."
Make sure you do it in the exact syntax as it is easy to make a mistake. This exact thing happened to me a couple of times. Also make sure you are logged in as the root user.
Can u use just a single subnet?
Absolutely. Great question.
What is exit nodes option on route settings popup ?
The exit node is so all traffic goes through the one node. Currently you only access the tailscale when you have a reason to access the LAN but all standard traffic goes to the WAN. The exit node is like a tunnel and routes everything trough. Hope that helps.
Good explanation and I understand the most. But all your connections over tailscale are unsecure. There are all http connections not https.
Thanks for the feedback, but actually that is not quite true. As the connection from an external Tailscale PC to the subnet router is encrypted, like any other vpn, the connection is secure. Once you are in your LAN nothing is exposed as it only communicates with internal devices or Tailscale connections. No other non Tailscale device can reach your LAN. Reference their white paper for more information as they possibly have a better explanation. tailscale.com/kb/1019/subnets/?q=sub. Great question that I am sure that others have has as well. Appreciate the feedback.
is it possible to setup subnet router using Windows Machine?
Not yet but it’s coming.
@@MikeFaucher hey mr mike. that would be great.
🙂
@@MikeFaucher New update Mr Mike , I have succeeded to configured TailScale Subnet Router on a Windows Machine 🙂
@@redpurple1035 Great to hear. How did you do it or where did you find the information so I can possibly do a video for others.
@@MikeFaucher I have posted answer in here numerous/countless times but it got deleted by youtube. I'm sorry sir.
test
Got your Test
@@MikeFaucher the filter is too strict. even if i removed d o t c o m . it just deletes it
@@redpurple1035 No worries. Just tell me name without anything and I will search it out. Thanks