How Tailscale Works tailscale.com/blog/how-tailscale-works/ How NAT traversal works tailscale.com/blog/how-nat-traversal-works/ Tailscale VS Zerotier th-cam.com/video/lAhD2JDVG08/w-d-xo.html How To Build Your Own Wireguard VPN Server in The Cloud th-cam.com/video/7yC-gJtl9mQ/w-d-xo.html Nebula Review th-cam.com/video/94KYUhUI1G0/w-d-xo.html ZeroTier Review th-cam.com/video/Bl_Vau8wtgc/w-d-xo.html Getting Started With The Open Source & Free Diagram tool Diagrams.NET th-cam.com/video/P3ieXjI7ZSk/w-d-xo.html Headscale:An open source, self-hosted implementation of the Tailscale coordination server. github.com/juanfont/headscale ⏱ Timestamps ⏱ 00:00 Tailscale Review 01:49 How Tailscale Works 04:52 Tailscale Pricing 05:25 Identity Management 06:34 Supported Clients 07:21 Dashboard 10:00 Tailscale Lab Test 20:15 Final Thoughts and Security
I signed up for the personal pro plan after watching your videos. $48 a year for 100 clients is cheap enough that I'm not going to bother rolling my own. The best part of it is how easy it handles DNS. I have a pihole VM running and you can install tailscale on it and set it as the nameserver for all the tailscale clients. Combine this with a subnet relay into my LAN and I can reach every device by name without worrying about split DNS.
Thanks for the demo sir! We started using these at our office to manage our backup solutions across our various clients and wanted to learn a bit more how it operates.
Thanks Tom, I have setup Zerotier and Tailscale for a customer who is behind an ISP Router that cannot be bridged so it is behind double NAT and this allows for remote users to connect to file server, thank you
I switched to zerotier from hamachi a while back because it was easier, better supported, and had a much friendlier speed cap. Now i mostly use a manual wireguard server but this still looks very interesting.
Never heard of Tailscale before but did try zerotier after your video... Setting up Tailscale is a breeze.. Seems to work great.. I cannot get it over 30mb/s either btw... maybe that is a hard cap on their end?? Thanks a lot for bringing this sollution to my attention!! :)
Awesome tutorial. I used your guide to setup pfSense a while back and it worked without a hitch. I'm planning on setting up a Terminal Server for a club a school and was wondering on the best solution for setting up VPN for just access to that server and nothing else on the network. And that terminal server shouldn't have access to other network interfaces and so on. Will Tailscale help with this or is there another guide that can help me go through with this?
Hey Tom, thanks again for awesome tutorial, please do an updated complete version of WireGuard when you get a chance sir, Regards Shane from Trinidad 🇹🇹
@@LAWRENCESYSTEMS Thank you, much appreciated sir, I was under the impression with the recent changes to wireguard in pfsense, 'that' initial tutorial was going to be updated to reflect the changes. I will rereview accordingly. Thanks again for your time, and kind guidance to the community. Take care and be safe! regards, Shane.
Interesting. Just thinking through this solution and of course risk appetite. With the dynamic ability of it to traverse the trusted network we could potentially have risk if a threat actor was able to manage the TS environment and a network / security admin was working to secure the network. Are there "kill switch" options? Referencing discussion around 12 minutes.
I am a little late to this party, but two questions: 1. Did you find out why your speed over tailscale was so slow? 2. how to say this: - Can we make it so that each node can only connect to a define list of nodes ? or - How can we create a list of servers, that every node can access, but not let the nodes access each other ???
Do you think this is "safer / more secure" than hosting your own openvpn server (and keeping it up to date, using a PSK) to then RDP into boxes? I know there are some unknows in this question but ya thought I would ask anyway
@@LAWRENCESYSTEMS As a person who is below the average person's understanding of IP networking, especially stuff about OSI layers and how they work, it's going to take me a couple weeks to wrap my head around this. I'm roughly 3 years behind the innovative curve.
yo lawrence, can you mention in a video how you can figure PF sense to automatically kill the state? when I modify my firewall rules to block traffic I want my states to be updated so that traffic stops immediately! I was able to achieve this by using squid proxy and manually disabling the service, but I would do it in an automated fashion. as you know lawrence, squid proxy introduces a host of new problems. please please share this in one of your videos I need to figure out the secret recipe
There was a video that you mention closing your business and go for TH-cam only. Please don’t do that. What makes this channel one of the unique ones is you being in the actual battle field. Your thoughts matter because you are not just a random guy who is reading some tutorial and showing those on VM environment. Continue you business please. And if you quit who is going to insult the networks. :)
has teen scale essentially become the toolkit for bot networks? it's all open sourced, including the open source version of the server. what's to stop the software rebundled into a cloaking layer and repurposed as a private botnet? trouble on the horizon brothers! can Wiregaurd and or tail scale the sniffed on the network so it can be detected?
@@LAWRENCESYSTEMS Tom, I think this would be a good topic for one of your live shows, and you can then expand on different types of endpoint monitoring systems. just an idea, keep doing what you're doing rock on buddy!
It’s because they use the Go implementation. If you check their github source, you will see that. Go is hampered by constant context switching since it resides in user space. Also, there is no x86 based vector acceleration or leveraging of SSE or AVX instruction sets in the user space implementation.
How Tailscale Works
tailscale.com/blog/how-tailscale-works/
How NAT traversal works
tailscale.com/blog/how-nat-traversal-works/
Tailscale VS Zerotier
th-cam.com/video/lAhD2JDVG08/w-d-xo.html
How To Build Your Own Wireguard VPN Server in The Cloud
th-cam.com/video/7yC-gJtl9mQ/w-d-xo.html
Nebula Review
th-cam.com/video/94KYUhUI1G0/w-d-xo.html
ZeroTier Review
th-cam.com/video/Bl_Vau8wtgc/w-d-xo.html
Getting Started With The Open Source & Free Diagram tool Diagrams.NET
th-cam.com/video/P3ieXjI7ZSk/w-d-xo.html
Headscale:An open source, self-hosted implementation of the Tailscale coordination server.
github.com/juanfont/headscale
⏱ Timestamps ⏱
00:00 Tailscale Review
01:49 How Tailscale Works
04:52 Tailscale Pricing
05:25 Identity Management
06:34 Supported Clients
07:21 Dashboard
10:00 Tailscale Lab Test
20:15 Final Thoughts and Security
I signed up for the personal pro plan after watching your videos. $48 a year for 100 clients is cheap enough that I'm not going to bother rolling my own. The best part of it is how easy it handles DNS. I have a pihole VM running and you can install tailscale on it and set it as the nameserver for all the tailscale clients. Combine this with a subnet relay into my LAN and I can reach every device by name without worrying about split DNS.
Thanks for the demo sir! We started using these at our office to manage our backup solutions across our various clients and wanted to learn a bit more how it operates.
Not all Heros wear capes, thanks again Lawrence Systems!
Thanks Tom, I have setup Zerotier and Tailscale for a customer who is behind an ISP Router that cannot be bridged so it is behind double NAT and this allows for remote users to connect to file server, thank you
I switched to zerotier from hamachi a while back because it was easier, better supported, and had a much friendlier speed cap. Now i mostly use a manual wireguard server but this still looks very interesting.
Never heard of Tailscale before but did try zerotier after your video... Setting up Tailscale is a breeze.. Seems to work great.. I cannot get it over 30mb/s either btw... maybe that is a hard cap on their end??
Thanks a lot for bringing this sollution to my attention!! :)
Thank you for making the video, could you please look into doing a video on how to link Edge Routers using Tailscale. Thank you in advance.
That's some awesome t-shirt, sir!!
Awesome tutorial. I used your guide to setup pfSense a while back and it worked without a hitch.
I'm planning on setting up a Terminal Server for a club a school and was wondering on the best solution for setting up VPN for just access to that server and nothing else on the network. And that terminal server shouldn't have access to other network interfaces and so on.
Will Tailscale help with this or is there another guide that can help me go through with this?
Thanks for making a video on this!
Hey Tom, thanks again for awesome tutorial, please do an updated complete version of WireGuard when you get a chance sir,
Regards Shane from Trinidad 🇹🇹
th-cam.com/video/7yC-gJtl9mQ/w-d-xo.html
@@LAWRENCESYSTEMS Thank you, much appreciated sir, I was under the impression with the recent changes to wireguard in pfsense, 'that' initial tutorial was going to be updated to reflect the changes. I will rereview accordingly. Thanks again for your time, and kind guidance to the community.
Take care and be safe!
regards,
Shane.
Interesting. Just thinking through this solution and of course risk appetite. With the dynamic ability of it to traverse the trusted network we could potentially have risk if a threat actor was able to manage the TS environment and a network / security admin was working to secure the network. Are there "kill switch" options? Referencing discussion around 12 minutes.
Awesome video! Thanks
This is really cool. Now I can LAN Party CS:GO with my friends sitting in a different city 😄. Free Account is more than enough to cover 10 System 😋
😎
I am a little late to this party, but two questions:
1. Did you find out why your speed over tailscale was so slow?
2. how to say this:
- Can we make it so that each node can only connect to a define list of nodes ?
or - How can we create a list of servers, that every node can access, but not let the nodes access each other ???
Not sure on the speed and Tailscale has a firewall rule system to control access.
Do you think this is "safer / more secure" than hosting your own openvpn server (and keeping it up to date, using a PSK) to then RDP into boxes? I know there are some unknows in this question but ya thought I would ask anyway
I fucking love tailscale
Is it self-hostable on a VPS or a droplet? No? If you can leave Wireguard behind, there's Nebula.
headscale is a thing
Great demo for a business user, what about the average Joe who just wants VPN back to their home LAN through laptops, phones and tablets.
Seems like an ideal fit for the average person.
@@LAWRENCESYSTEMS As a person who is below the average person's understanding of IP networking, especially stuff about OSI layers and how they work, it's going to take me a couple weeks to wrap my head around this. I'm roughly 3 years behind the innovative curve.
@@ZoraciousDCree How about now? ;)
Hi Lawrence, thanx for this video, i'm wondering, if you have some info on open source SDWAN project ?
Did you watch the video? I mention Headscale and Zerotier.
@@LAWRENCESYSTEMS i mean sdwan like an aggregator , or path selection for mpls links and vpn, something like riverbed or silverpeak
@@mateusjunior1937 zerotier.atlassian.net/wiki/spaces/SD/pages/568459265/Multipath
yo lawrence, can you mention in a video how you can figure PF sense to automatically kill the state? when I modify my firewall rules to block traffic I want my states to be updated so that traffic stops immediately! I was able to achieve this by using squid proxy and manually disabling the service, but I would do it in an automated fashion. as you know lawrence, squid proxy introduces a host of new problems. please please share this in one of your videos I need to figure out the secret recipe
Does Tails eliminates the need for the user to be admin in the machine in order to run the client?
There was a video that you mention closing your business and go for TH-cam only. Please don’t do that. What makes this channel one of the unique ones is you being in the actual battle field. Your thoughts matter because you are not just a random guy who is reading some tutorial and showing those on VM environment. Continue you business please. And if you quit who is going to insult the networks. :)
I am not closing the business, but going to spend more time creating content and insulting networks.
@@LAWRENCESYSTEMS "Insulting networks" 😛
has teen scale essentially become the toolkit for bot networks? it's all open sourced, including the open source version of the server. what's to stop the software rebundled into a cloaking layer and repurposed as a private botnet? trouble on the horizon brothers! can Wiregaurd and or tail scale the sniffed on the network so it can be detected?
Like any connection it can be watched and people should have proper end point monitoring so they know what is on their systems.
@@LAWRENCESYSTEMS Tom, I think this would be a good topic for one of your live shows, and you can then expand on different types of endpoint monitoring systems. just an idea, keep doing what you're doing rock on buddy!
I think you should consider also uploading your content on LBRY
forums.lawrencesystems.com/t/will-you-join-odysee-com/9270
Are the slower speeds because it's a Free account ?
Not that I could find in the docs
It’s because they use the Go implementation. If you check their github source, you will see that. Go is hampered by constant context switching since it resides in user space. Also, there is no x86 based vector acceleration or leveraging of SSE or AVX instruction sets in the user space implementation.
How does tailscale compare with openVPN for a small number of servers?
Very different solution
Is there an open source alternative?
Their client is open source but the controller management is not.
Just small note - NAT is not a firewall! You mentioned this couple of times during the video.
Correct, but most SMB firewalls also do NAT.
What about Netmaker?
¯\_(ツ)_/¯
The SSPL seems a troublesome license
this works good in China. like china to china ip address where port forwarding is impossible*.
Looks like Tailscale kind of worldwide router 😂
“Oh I don’t know, check the documentation”, but you do RECOMMEND IT eh?
¯\_(ツ)_/¯
Just use IPv6😮 (mostly)