The Homelab Show Episode 64: Tailscale and Headscale
ฝัง
- เผยแพร่เมื่อ 20 พ.ย. 2024
- tailscale site
tailscale.com/
Headscale GitHub
github.com/jua...
tailsacle NAT write up
tailscale.com/...
thehomelab.show/
The sponsor for today's episode www.linode.com...
lawrencesystem...
www.learnlinux...
Really appreciate this, I've just managed to get TailScale working, thanks for motivating me!
Been using Tailscale for years, it’s awesome
I so appreciate the extended conversation about this.
I am relying on Zerotier quite a bit.
It would have been nice to hear about how would tailscale would be different with Zerotier.
Tried ZT little bit, but in basic config my phone loses connection via tunnel even when I'm jumping from cell to WiFi
worth watching. Feel like a finished book
What are the best practices for securing a headscale server on a public IP? Running outside of home lab? Port forward from router? Reverse proxy running outside of lab? Something else?
I guess you could lock it down to only allow the IP addresses you will be coming from.
Very hard to find tuto about the Headscale part. The git page isnt super clear to me.
th-cam.com/video/-9gXP6aaayw/w-d-xo.html
what about netmaker?
¯\_(ツ)_/¯ have not had time to test it.
Can you do headscale on a raspberry pie?
They do have an ARM version, but you would still need to make sure it has access via a public IP
Secure networks do not allow RANDOM UDP or TCP ports in or out. Period.
Yes, adds inconvenience when somebody “decides” to start using a new service or application, but if you don’t have control of your network, somebody else will!
Trojans/spyware usually use non standard ports when trying to connect or send data to their command and control server.
The old malware used to use random ports, now modern C&C servers use 443 and Let's Encrypt Certs to better obfuscate the traffic.
First