ฝัง
- เผยแพร่เมื่อ 30 มิ.ย. 2024
- In today’s installment of our Tailscale Explained series, Alex walks you through everything you ever wanted to know about Tailscale subnet routers. He also shows you how to install Tailscale and configure subnet routers on Windows and Linux.
If you’ve been looking for a way to dip your toe into the Tailscale waters, then a subnet router makes this simple. Perhaps you’re about to migrate a large network and want to try us out without installing the Tailscale client on every device, or have an entire AWS VPC to hook up, a subnet router is a really simple, fast and easy way to get started.
Devices behind a subnet router do not count toward your pricing plan’s device limit either. Personal accounts are always free on Tailscale and can include up to 3 users and 100 devices. Get started today at tailscale.com/yt
Links:
* Subnet routers KB article - tailscale.com/kb/1019/subnets
* Enable IP forwarding - tailscale.com/kb/1019/subnets...
* Disable snat - tailscale.com/kb/1214/site-to...
* Auto approvers for routes and exit nodes - tailscale.com/blog/auto-appro...
* ACLs code snippet - github.com/tailscale-dev/vide...
* Tailscale Explained playlist - • Tailscale Explained
• Your Apple TV is a Sub... - Your Apple TV is a Subnet Router for Tailscale now!
===
Chapters:
00:00 - Start
00:38 - What is a Subnet Router?
05:11 - Windows setup
07:42 - Linux Setup
10:35 - AutoApprovers - วิทยาศาสตร์และเทคโนโลยี
Tailscale = black magic. Thanks, Alex.
I love how clear and concise you are with all the complicated network variables. Thank you for publishing these wonderful videos!
Really like this Tailscale Explained series. Any plans to create deeper-dive videos around Tailscale Access Control?
Thanks Alex, as always great videos. I’m using TS to bring in a VPS public IP to my self hosted mail server. The mail server is a Synology box that can reside on any connection anywhere as a result - it just needs to be able to get its Tailscale instance connected. The Synology is also setup to use the VPS as an exit node so it appears with the correct IP for sending emails. The VPS is running Debian and simply port forwards the required ports to the Synology. Slick, reliable and fast.
i feel, it's just a Magic when i use Tailscale all time man :) thank you for this video
Hi
Thank you for the clear explanation of subnet routers. I have been battling for a long time to share files or folders over the internet and using your example i managed to get it working.
Thanks once again for your video
Thanks again Alex
Before all, thank you all Tailscale team for this awesome tool, it's magic. I am trying to connect to my printer through a subnet from my Android phone outside my home network, but my phone can't "see" the printer. Is it a Android app issue, or am I doing something wrong? Thank you.
Awesome video 📹 as always
Thank you Alex 🎉
Would be really great to get an advanced video about using subnet routers to talk the opposite way too, i got it working at some point by configuring the subnet router as gateway for the ts ip range in my network.
also how does tailscale auth play into this topic? can i use the external ip range now in rules?
another question how to solve conflicting ip ranges from multiple subnet routers.
I love y'all so much!
Can Tailscale be installed directly in my home wifi router? Maybe as a service? or with OpenWRT? I would love to see a video about that!
Will there be any performance impact using the subnet router method versus a native installation on the devices I am routing this traffic to?
Thanks Alex. Such a great explanations you're doing. I've got a couple of questions though:
1. Given two environments: A machine XXX running Tailsacle in site S01 on a local network 192.168.1.0/24, and a remote machine YYY acting as a subnet-router running in another site S02 in which the network is also 192.168.1.0/24.
The question: Would this work? I guess this would cause a conflict.
Knowing that you don't have access to the router configuration on both sites to change the network configuration, how do you suggest setting the subnet-router to access devices in S02 that you can't install Tailscale on?
2. (much simpler question 😅): Is there a Discord server for the Tailscale commnity to chat/exchange on?
Thanks in advance.
Can you do Derp server next please? My host and clients are behind cgnat. I would like to know how we could solve this issue
Very useful video, I have one question though, I have succesfully enabled 2 subnet routes (debian server both), one local and one remote. The problem is that when both are enabled I cannot reach my local containers with local IPs like 192.168.0.xx. As soon as I disable the local subnet I can reach my containers and my remote network but obviously not the other way around. Any ideas? thanks
You might need to add a route like this. Though you mention containers so I’m not 100% sure what your layout is.
ip rule add to 10.42.0.0/20 priority 2500 lookup main
@@Tailscale Thank you for your reply, in my local network I have this server running tailscale and also running docker containers, if I enable subnet routes on the remote site I can reach remote network just fine but if I enable subnets on my local server also then I cannot reach my local ips not my local containers with local ips 192.168.0.xx but I still can reach the remote network with their local ip 192.168.178.xx. I think both subnets are conflickting to each other somehow. Thank you
Why tailscale website is not working ? When ever I am trying to visit and download tailscale setup file it is showing "this site can't be reached" ?? Why ?
I use tailscale+subnet to remote view my Jellyfin server, wol pc
We want start on boot for the android client
Wow!
You mean this IP code behaves like all other proper IP code!?
Hi Alex,can you make a video in German?
Nein. Mein Deutsch ist schlecht.
For now you’ll just have to enjoy an Americanized Alex!
Explaining how to set it up and use it doesn't help us understand how it's working. I opened this video hoping to understand exactly what it's actually doing, but what I got was a sales pitch. "Look how easy it is!" Oh, fine... But, "easy" usually isn't secure, and so why should I trust this? How do I know my network remains secure, even from the people at Tailscale? Forget "policy". How do I know that it's protected by enough "technical" barriers to prevent someone with top level access to Tailscale's control servers to grant themself permision to add themselves to my network? Explain THAT to me, and then I'd be sold. And, don't bother telling me that nothing is ever perfectly secure, or that a malicious patch could be pushed. No, thank you, Captain Obvious! You really think I don't already know that?