Subnet Routers | Tailscale Explained

แชร์
ฝัง

ความคิดเห็น • 70

  • @guilmm
    @guilmm 6 หลายเดือนก่อน +26

    Tailscale = black magic. Thanks, Alex.

  • @kurtisbradley5724
    @kurtisbradley5724 6 หลายเดือนก่อน +14

    I love how clear and concise you are with all the complicated network variables. Thank you for publishing these wonderful videos!

  • @JohnMcclaned
    @JohnMcclaned 5 หลายเดือนก่อน +5

    Can you please make a video on how to set up tailscale on a openwrt router? Thanks!

  • @zulh-civo
    @zulh-civo 6 หลายเดือนก่อน +3

    Really like this Tailscale Explained series. Any plans to create deeper-dive videos around Tailscale Access Control?

  • @ronarmstrong1229
    @ronarmstrong1229 5 หลายเดือนก่อน +4

    I use subnet routers to remotely manage a couple synchronized holiday light displays. Works great to be able to access all the lighting controllers that you can’t install Tailscale on!

  • @DanTheMan827
    @DanTheMan827 5 หลายเดือนก่อน +4

    I have multiple devices configured as a subnet router for the same subnet. Can I prioritize which devices are attempted first? I have a nas with a wired connection which I want to be the primary router, but I also have a backup router configured on a device with more limited bandwidth because its WiFi.

  • @uSlackr
    @uSlackr 5 หลายเดือนก่อน +4

    wouldn't it be nice to add tailscale to esp32 devices

  • @retrogear
    @retrogear 6 หลายเดือนก่อน +1

    Thanks Alex, as always great videos. I’m using TS to bring in a VPS public IP to my self hosted mail server. The mail server is a Synology box that can reside on any connection anywhere as a result - it just needs to be able to get its Tailscale instance connected. The Synology is also setup to use the VPS as an exit node so it appears with the correct IP for sending emails. The VPS is running Debian and simply port forwards the required ports to the Synology. Slick, reliable and fast.

  • @ramborambob3081
    @ramborambob3081 6 หลายเดือนก่อน

    Hi
    Thank you for the clear explanation of subnet routers. I have been battling for a long time to share files or folders over the internet and using your example i managed to get it working.
    Thanks once again for your video

  • @FabioSpelta
    @FabioSpelta 2 หลายเดือนก่อน +3

    What if the network ranges are the same on both sides? I guess this can't be done, right?

    • @LukasLindner
      @LukasLindner 2 หลายเดือนก่อน +2

      Yeah, I have the same question. There is no "translation" possible, right? For example, if you have location A with 192.168.0.0/24 and location B with 192.168.0.0/24 as well, but you want to include location b into your tailnet, it would be nice if the whole network gets mapped to a free ip range on your tailnet (for example 100.64.20.0/24) so that local devices in location A are still accessible. Is this possible?

  • @trafficant3
    @trafficant3 5 หลายเดือนก่อน +1

    Can Tailscale be installed directly in my home wifi router? Maybe as a service? or with OpenWRT? I would love to see a video about that!

  • @ramironunez3608
    @ramironunez3608 5 หลายเดือนก่อน +1

    Do you have mikrotik and/or ubiquiti on the waiting list?

  • @AbderrahmaneBOUZIRI
    @AbderrahmaneBOUZIRI หลายเดือนก่อน

    is there a way to not allow all the subnet to be accessible for remote users but allow specific ip and port, for example i want to allow users from accounting to access only account server.

  • @stevehoge
    @stevehoge หลายเดือนก่อน

    Not sure how this is different than designating my server running Tailscale as an Exit Node. Can you explain the scenarios that would recommend running as an Exit Node vs running as a plain subrouter?

  • @hornetbad
    @hornetbad 6 หลายเดือนก่อน

    i feel, it's just a Magic when i use Tailscale all time man :) thank you for this video

  • @abdallajamous9293
    @abdallajamous9293 หลายเดือนก่อน

    How I can use my Iphone or Ipad as exit node. is there a video for this ?

  • @mjscpr
    @mjscpr 5 หลายเดือนก่อน

    That was an incredibly well explained and overall well done video. Thanks!

  • @achan7396
    @achan7396 5 หลายเดือนก่อน

    Hi Alex, thank you for all the details setup for tailscale. Can you please do a video on how to Auto start tailscale when out of range of home wifi and auto turn off tailscale when back in the house wifi? Or is it even possible? I'm using android phone. Thanks in advance!

  • @nitinkumar29
    @nitinkumar29 หลายเดือนก่อน

    I'm using sublet router so i can use local ip address because then i don't have to change the ip address on the app and website when accessed when in local network and not using tailscale. But using tailscale subnet router, https is not available, for example on synology. Maybe you can explain how to enable https in subnet router or can we use synology certificate?

  • @jakubduda
    @jakubduda 6 หลายเดือนก่อน +1

    Will there be any performance impact using the subnet router method versus a native installation on the devices I am routing this traffic to?

    • @fabinhomattosBR
      @fabinhomattosBR 2 หลายเดือนก่อน

      claro que terá impacto no desempenho. Você está trabalhando com dados que trafegam pela internet, mesmo simulando uma lan ou sub-rede. Então, haverá sim, perdas de pacotes e atrasos de envio e recebimento. Quanto maior a velocidade up/down e melhor os dispositivos, menor será a perda de desempenho.

  • @flexzuu
    @flexzuu 6 หลายเดือนก่อน +1

    Would be really great to get an advanced video about using subnet routers to talk the opposite way too, i got it working at some point by configuring the subnet router as gateway for the ts ip range in my network.
    also how does tailscale auth play into this topic? can i use the external ip range now in rules?
    another question how to solve conflicting ip ranges from multiple subnet routers.

    • @fabinhomattosBR
      @fabinhomattosBR 2 หลายเดือนก่อน

      Coloque em cada roteador uma faixa de ip de distribuição diferente. Por exemplo, no rorteador 1: 192.168.1/24, roteador 2: 192.168.2/24. Assim, voce nem precisa libear o compartilhamento de rede local e não haverá conflito de ip.

  • @timekeeper3856
    @timekeeper3856 5 หลายเดือนก่อน

    So beautiful, I cant contain my joy

  • @MagicJF
    @MagicJF 2 หลายเดือนก่อน

    Hi! Which is the cheapest device that is capable of acting as a subnet router?

  • @naitcalo2141
    @naitcalo2141 6 หลายเดือนก่อน +1

    Very useful video, I have one question though, I have succesfully enabled 2 subnet routes (debian server both), one local and one remote. The problem is that when both are enabled I cannot reach my local containers with local IPs like 192.168.0.xx. As soon as I disable the local subnet I can reach my containers and my remote network but obviously not the other way around. Any ideas? thanks

    • @Tailscale
      @Tailscale  6 หลายเดือนก่อน

      You might need to add a route like this. Though you mention containers so I’m not 100% sure what your layout is.
      ip rule add to 10.42.0.0/20 priority 2500 lookup main

    • @naitcalo2141
      @naitcalo2141 6 หลายเดือนก่อน

      @@Tailscale Thank you for your reply, in my local network I have this server running tailscale and also running docker containers, if I enable subnet routes on the remote site I can reach remote network just fine but if I enable subnets on my local server also then I cannot reach my local ips not my local containers with local ips 192.168.0.xx but I still can reach the remote network with their local ip 192.168.178.xx. I think both subnets are conflickting to each other somehow. Thank you

  • @AndreasPatinas
    @AndreasPatinas 17 วันที่ผ่านมา

    Can I then logically setup a subnet router inside my local network and route all devices inside my network through another node as an exit node for example a node in another country as makeshift IP masker for my entire local network? - Is that possible? I do not have the option to use my actual router.

  • @LeeWaiHong
    @LeeWaiHong 3 หลายเดือนก่อน

    It's work like a magic. Thank you Alex.

  • @khanhtranduy1361
    @khanhtranduy1361 2 หลายเดือนก่อน

    Can't believe. So magical tool. Thanks!!

  • @pupirm8052
    @pupirm8052 6 หลายเดือนก่อน

    Before all, thank you all Tailscale team for this awesome tool, it's magic. I am trying to connect to my printer through a subnet from my Android phone outside my home network, but my phone can't "see" the printer. Is it a Android app issue, or am I doing something wrong? Thank you.

  • @turonlumpia
    @turonlumpia 6 หลายเดือนก่อน

    Can you do Derp server next please? My host and clients are behind cgnat. I would like to know how we could solve this issue

  • @Patronesofly
    @Patronesofly 12 วันที่ผ่านมา

    Followed this tutorial but I was not able to find my printer on the network, I was trying to use my devices that were on the network away from my network.

  • @qaim.ali1
    @qaim.ali1 5 หลายเดือนก่อน

    Why tailscale website is not working ? When ever I am trying to visit and download tailscale setup file it is showing "this site can't be reached" ?? Why ?

  • @Jordan-hz1wr
    @Jordan-hz1wr 2 หลายเดือนก่อน

    Such a crispy video.

  • @kevinmccauley3456
    @kevinmccauley3456 2 หลายเดือนก่อน

    I am trying to add printers to my tailnet via subnet routers. I had no problem setting up subnet routers and it works fine, but I would like to be able to send documents to my printer when I’m not home. I understand this is an issue with AirPrint due to multicast and I’m currently working on a fix with ZeroTier, but would like to know if anyone was able to find a cleaner solution.

  • @Feerab
    @Feerab 6 หลายเดือนก่อน +1

    Thanks again Alex

  • @LelouchviBritannia-e7h
    @LelouchviBritannia-e7h หลายเดือนก่อน

    Can a invited user also have access to my subnet router?

  • @avri210984
    @avri210984 6 หลายเดือนก่อน

    Awesome video 📹 as always

  • @HikaruGCT
    @HikaruGCT หลายเดือนก่อน

    something that would be cool would be to put a docker container with tailscale with subnetroute but i guess that would only work if the docker container had macvlan that rests on the subnet itself.

  • @GabrielFrisan
    @GabrielFrisan หลายเดือนก่อน

    and how about exit nodes?

  • @____-bu2jm
    @____-bu2jm 3 หลายเดือนก่อน

    I put in all the IP Forwarding prompts and I still get the message in the Tailscale settings: "Unable to relay traffic
    This machine has IP forwarding disabled and cannot relay traffic. Please enable IP forwarding on this machine to use relay features like subnets or exit nodes."

    • @Tailscale
      @Tailscale  3 หลายเดือนก่อน

      If you've done the sysctl commands, did you reboot? If you've tried the basics I'd encourage you to open a support ticket with us at support@tailscale.com and we'll get you straightened out.
      - Alex

  • @riddlediddleriddle
    @riddlediddleriddle 6 หลายเดือนก่อน

    I love y'all so much!

  • @thewebart
    @thewebart 6 หลายเดือนก่อน

    Thank you Alex 🎉

  • @ShubhamKumar-re4zv
    @ShubhamKumar-re4zv 4 หลายเดือนก่อน

    How to run subnet router on android phone?

  • @trackview9146
    @trackview9146 6 หลายเดือนก่อน

    We want start on boot for the android client

  • @tonyweavers4292
    @tonyweavers4292 5 หลายเดือนก่อน

    Thanks Alex.

  • @arnabganguly938
    @arnabganguly938 หลายเดือนก่อน

    all good, but I cannot access my router which will send the packets to an exit node!!

  • @yagoa
    @yagoa 5 หลายเดือนก่อน

    no MacOS instructions?

  • @IOAyman
    @IOAyman 6 หลายเดือนก่อน

    Thanks Alex. Such a great explanations you're doing. I've got a couple of questions though:
    1. Given two environments: A machine XXX running Tailsacle in site S01 on a local network 192.168.1.0/24, and a remote machine YYY acting as a subnet-router running in another site S02 in which the network is also 192.168.1.0/24.
    The question: Would this work? I guess this would cause a conflict.
    Knowing that you don't have access to the router configuration on both sites to change the network configuration, how do you suggest setting the subnet-router to access devices in S02 that you can't install Tailscale on?
    2. (much simpler question 😅): Is there a Discord server for the Tailscale commnity to chat/exchange on?
    Thanks in advance.

    • @Tailscale
      @Tailscale  5 หลายเดือนก่อน

      You're looking for our 4via6 subnet routing to solve for overlapping subnet ranges. - Alex
      tailscale.com/kb/1201/4via6-subnets

  • @pepeshopping
    @pepeshopping 6 หลายเดือนก่อน

    Wow!
    You mean this IP code behaves like all other proper IP code!?

  • @Jordan-hz1wr
    @Jordan-hz1wr 2 หลายเดือนก่อน

    My first thought was "this guy sounds exactly like Alex from Self-hosted"

    • @Tailscale
      @Tailscale  2 หลายเดือนก่อน

      He’s a great guy

  • @jjdunlap3363
    @jjdunlap3363 4 หลายเดือนก่อน

    First thing is thank you for taking the time to make these videos. I'm not trying to be negative here i'm just offering some constructive criticism. You make these videos and explain alot of things but then skip over the other stuff like we're super computer programmers or something. Those kinda people dont need these videos, the people watching your videos are just normal people trying to make something work more than likely, for me its a plex server. For the others who knows but im pretty sure im right. Im technology inclined but i still struggle with the more advanced stuff that you like to not talk about lol. So Ive setup my subnet routers by following along but how are people supposed to connect to my plex server now? What IP address do i use the tailscale one or the one provided by my router 192.168? It would be helpful if you could explain the rest of it like how to connect a printer and how to connect a tv or how to connect whatever really. Youve got to tailor your content more toward your audience (dumb it down a little and slow it down a little more lol). Other than that great videos lol. I hope you dont take this the wrong way lol

  • @enricoerasco
    @enricoerasco 6 หลายเดือนก่อน

    Hi Alex,can you make a video in German?

    • @Tailscale
      @Tailscale  6 หลายเดือนก่อน

      Nein. Mein Deutsch ist schlecht.
      For now you’ll just have to enjoy an Americanized Alex!

  • @sambrown9423
    @sambrown9423 3 หลายเดือนก่อน

    What about IOS

  • @TheChadXperience909
    @TheChadXperience909 5 หลายเดือนก่อน +10

    Explaining how to set it up and use it doesn't help us understand how it's working. I opened this video hoping to understand exactly what it's actually doing, but what I got was a sales pitch. "Look how easy it is!" Oh, fine... But, "easy" usually isn't secure, and so why should I trust this? How do I know my network remains secure, even from the people at Tailscale? Forget "policy". How do I know that it's protected by enough "technological" barriers to prevent someone with top level access to Tailscale's control servers to grant themself permision to add themselves to my network? Explain THAT to me, and then I'd be sold. And, don't bother telling me that nothing is ever perfectly secure, or that a malicious patch could be pushed. No, thank you, Captain Obvious! You really think I don't already know that?

    • @Diastolicflame
      @Diastolicflame 5 หลายเดือนก่อน +1

      Its free though

    • @TheChadXperience909
      @TheChadXperience909 5 หลายเดือนก่อน +1

      @@Diastolicflame That usually just means that YOU are the product, because nothing is ever really free. I wouldn't care if they paid me to use it, if it's going to provide somebody with a backdoor into my network.

    • @Tailscale
      @Tailscale  5 หลายเดือนก่อน +4

      Hi Chad,
      We have a comprehensive explanation over on our blog. Hope this helps! tailscale.com/blog/how-tailscale-works
      - Alex

    • @TheChadXperience909
      @TheChadXperience909 5 หลายเดือนก่อน +2

      @@Tailscale Uhh... This does not fully explain how Tailscale prevents an unauthorized party from gaining access to the coordination server and adding themself to the network. You describe how you outsource the authentication to third-parties. However, what's to prevent that third-party from, suffering a breach, or themselves resetting my password, and using the new credentials to access Tailscale? Actually, there are probably ways they could simply generate a valid access credential, even without resetting the password in a way completely tranparent to the user.
      Also, how is the user's database kept secure? Is it encrypted end-to-end with an independant key, with that credential never being shared with either Tailcale, or tied to the third-party authentication? For example, by using an independant key held exclusively client-side? Proton Mail offers an option to use a two-password scheme, with one never leaving the client.
      I'd like to have assurance that no outside party can either, suffer a breach, or be compelled to provide access to the account, as happened in the Lavabit case. Considering the level of potential exposure, I'd need some assurance that even with unfettered access to the account, an outside party would be unable to aquire anything other than what minimal PII and logs are necessary to provide the service, and the end-to-end encrypted blobs, of course.
      I'm already aware that we're able to self-host our own instance. However, I'm not asking about that.

    • @ChungWell
      @ChungWell 4 หลายเดือนก่อน +1

      Get used to that. If they don't like a technical question you ask them, they just blacklist you