Line 1: |
Line 1: |
| <!-- Template uses {{{name}}}, {{{series}}} --> | | <!-- Template uses {{{name}}}, {{{series}}} --> |
− | {{Template: Networking_rutos_manual_fw_disclosure | + | {{Template: Networking_device_manual_fw_disclosure |
− | | fw_version ={{Template: Networking_rutos_manual_latest_fw | + | | series = {{{series}}} |
| + | | name = {{{name}}} |
| + | | fw_version ={{Template: Networking_device_manual_latest_fw |
| | series = {{{series}}} | | | series = {{{series}}} |
| | name = {{{name}}} | | | name = {{{name}}} |
| }} | | }} |
| }} | | }} |
− | {{#ifeq: {{{series}}} | RUT9 |<br><i><b>Note</b>: <b>[[{{{name}}} VPN (legacy WebUI)|click here]]</b> for the old style WebUI (FW version {{Template: Networking_rutos_manual_latest_fw | series = RUT9XX}} and earlier) user manual page.</i>|}} | + | {{#ifeq: {{{series}}} | RUT9 |<br><i><b>Note</b>: <b>[[{{{name}}} VPN (legacy WebUI)|click here]]</b> for the old style WebUI (FW version {{Template: Networking_device_manual_latest_fw | series = RUT9XX}} and earlier) user manual page.</i>|}} |
− | {{#ifeq: {{{series}}} | RUT2 |<br><i><b>Note</b>: <b>[[{{{name}}} VPN (legacy WebUI)|click here]]</b> for the old style WebUI (FW version {{Template: Networking_rutos_manual_latest_fw | series = RUT2XX}} and earlier) user manual page.</i>|}} | + | {{#ifeq: {{{series}}} | RUT2 |<br><i><b>Note</b>: <b>[[{{{name}}} VPN (legacy WebUI)|click here]]</b> for the old style WebUI (FW version {{Template: Networking_device_manual_latest_fw | series = RUT2XX}} and earlier) user manual page.</i>|}} |
| ==Summary== | | ==Summary== |
| | | |
Line 86: |
Line 88: |
| <tr> | | <tr> |
| <td>TUN/TAP</td> | | <td>TUN/TAP</td> |
− | <td>TUN (tunnel) {{!}} TAP (bridged); default: <b>TUN (tunnel)</b></td> | + | <td>TUN (tunnel) {{!}} <span style="color:brown ;">TAP (bridged)</span>; default: <b>TUN (tunnel)</b></td> |
| <td>Virtual network device type. | | <td>Virtual network device type. |
| <ul> | | <ul> |
Line 93: |
Line 95: |
| </ul> | | </ul> |
| </td> | | </td> |
| + | </tr> |
| + | <tr> |
| + | <td><span style="color:brown ;">Bridge</span></td> |
| + | <td>Bridge interface for TAP; default: br-lan</td> |
| + | <td>Assign a TAP interface to a bridge.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 248: |
Line 255: |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td><span style="color: red;">TLS:</span> Private key decryption password (optional)</td> | + | <td><span style="color: red;">TLS</span>/<span style="color: SaddleBrown; " >Config File</span>: Private key decryption password (optional)</td> |
| <td>string; default: <b>none</b></td> | | <td>string; default: <b>none</b></td> |
| <td>A password used to decrypt the server's private key. Use only if server's .key file is encrypted with a password.</td> | | <td>A password used to decrypt the server's private key. Use only if server's .key file is encrypted with a password.</td> |
Line 266: |
Line 273: |
| <li>Purple for <span style="color: purple;">Authentication: Static key</span></li> | | <li>Purple for <span style="color: purple;">Authentication: Static key</span></li> |
| <li>Blue for <span style="color: #0054a6;">Authentication: Password</span></li> | | <li>Blue for <span style="color: #0054a6;">Authentication: Password</span></li> |
| + | <li>Brown for <span style="color: #8B4513;">OpenVPN config from file</span></li> |
| </ul> | | </ul> |
| </li> | | </li> |
Line 722: |
Line 730: |
| The <b>general settings</b> section is used to configure the main IPsec parameters. Refer to the figure and table below for information on the configuration fields located in the general settings section. | | The <b>general settings</b> section is used to configure the main IPsec parameters. Refer to the figure and table below for information on the configuration fields located in the general settings section. |
| | | |
− | [[File:Networking_rutos_vpn_ipsec_ipsec_instance_general_settings.png|border|class=tlt-border]] | + | [[File:Networking_rutos_vpn_ipsec_ipsec_instance_general_settings_v1.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 742: |
Line 750: |
| <tr> | | <tr> |
| <td>Authentication method</td> | | <td>Authentication method</td> |
− | <td>Pre-shared key {{!}} X.509; default: <b>Pre-shared key</b></td> | + | <td><span style="color:chocolate">Pre-shared key</span> {{!}} <span style="color:darkred">X.509 {{!}} EAP</span> {{!}} <span style="color:blue">PKCS#12</span>; default: <b>Pre-shared key</b></td> |
| <td>Specify authentication method. Choose between Pre-shared key and X.509 certificates.</td> | | <td>Specify authentication method. Choose between Pre-shared key and X.509 certificates.</td> |
| + | </tr> |
| + | <tr> |
| + | <td><span style="color:blue">PKCS#12:</span> PKCS12 container</td> |
| + | <td>string; default: <b>none</b></td> |
| + | <td></td> |
| + | </tr> |
| + | <tr> |
| + | <td><span style="color:blue">PKCS#12:</span> PKCS12 decryption passphrase</td> |
| + | <td>string; default: <b>none</b></td> |
| + | <td></td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 756: |
Line 774: |
| </tr> --> | | </tr> --> |
| <tr> | | <tr> |
− | <td><span style="color:darkred">X.509:</span> Key</td> | + | <td><span style="color:darkred">X.509: {{!}} EAP:</span> Key</td> |
| <td>A private key file; default: <b>none</b></td> | | <td>A private key file; default: <b>none</b></td> |
| <td>A private key file.</td> | | <td>A private key file.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td><span style="color:darkred">X.509:</span> Key decryption passphrase</td> | + | <td><span style="color:darkred">X.509: {{!}} EAP:</span> Key decryption passphrase</td> |
| <td>A password for private key files; default: <b>none</b></td> | | <td>A password for private key files; default: <b>none</b></td> |
| <td>If the private key file is encrypted, the passphrase must be defined.</td> | | <td>If the private key file is encrypted, the passphrase must be defined.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td><span style="color:darkred">X.509:</span> Local Certificate</td> | + | <td><span style="color:darkred">X.509: {{!}} EAP:</span> Local Certificate</td> |
| <td>.der file; default: <b>none</b></td> | | <td>.der file; default: <b>none</b></td> |
| <td>A local certificate file.</td> | | <td>A local certificate file.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td><span style="color:darkred">X.509:</span> CA Certificate</td> | + | <td><span style="color:darkred">X.509: {{!}} EAP:</span> CA Certificate</td> |
| <td>.der file; default: <b>none</b></td> | | <td>.der file; default: <b>none</b></td> |
| <td>A certificate authority file.</td> | | <td>A certificate authority file.</td> |
Line 807: |
Line 825: |
| <ul> | | <ul> |
| <li>Chocolate for <span style="color: chocolate;">Authentication method: Pre-shared key</span></li> | | <li>Chocolate for <span style="color: chocolate;">Authentication method: Pre-shared key</span></li> |
− | <li>Dark red for <span style="color: darkred;">Authentication method: X.509</span></li> | + | <li>Dark red for <span style="color: darkred;">Authentication method: X.509/EAP</span></li> |
| + | <li>Blue for <span style="color: blue;">Authentication method: PKCS#12</span></li> |
| </ul> | | </ul> |
| </li> | | </li> |
Line 827: |
Line 846: |
| <td>ID Selector</td> | | <td>ID Selector</td> |
| <td>%any, IP or FQDN; default: <b>none</b></td> | | <td>%any, IP or FQDN; default: <b>none</b></td> |
− | <td>Each secret can be preceded by a list of optional ID selectors. A selector is an IP address, a Fully Qualified Domain Name, user@FQDN or %any. When using IKEv1 use IP address.</br><b>NOTE:</b> IKEv1 only supports IP address ID selector.</td> | + | <td>Each secret can be preceded by a list of optional ID selectors. A selector is an IP address, a Fully Qualified Domain Name, user@FQDN or %any. When using IKEv1 use IP address. <b>NOTE:</b> IKEv1 only supports IP address ID selector.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
| <td>Type</td> | | <td>Type</td> |
− | <td>psk {{!}} xauth; default: <b>psk</b></td> | + | <td>PSK {{!}} XAUTH {{!}} EAP {{!}} <span style="color:darkred">RSA</span> {{!}} <span style="color:darkred">PKCS#12</span>; default: <b>PSK</b></td> |
− | <td>IPSec secret type.</br><b>NOTE:</b> XAUTH secrets are IKEv1 only.</td> | + | <td>IPSec secret type. <b>NOTE:</b> XAUTH secrets are IKEv1 only.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 840: |
Line 859: |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td><span style="color:darkred">RSA</span> Secret</td> | + | <td><span style="color:darkred">RSA {{!}} PKCS#12:</span> Secret</td> |
| <td>Private key file; default: <b>none</b></td> | | <td>Private key file; default: <b>none</b></td> |
| <td>A private key file.</td> | | <td>A private key file.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td><span style="color:darkred">RSA</span> Key decryption passphrase</td> | + | <td><span style="color:darkred">RSA {{!}} PKCS#12:</span> Key decryption passphrase</td> |
| <td>A password for private key files; default: <b>none</b></td> | | <td>A password for private key files; default: <b>none</b></td> |
| <td>If the private key file is encrypted, the passphrase must be defined.</td> | | <td>If the private key file is encrypted, the passphrase must be defined.</td> |
− | </tr>
| |
− | </table>
| |
− |
| |
− | ====Advanced Settings====
| |
− | ----
| |
− |
| |
− | The <b>Advanced settings</b> section is only visible when <b>X.509</b> is selected as Authentication method.
| |
− |
| |
− | [[File:Networking_rutos_vpn_ipsec_ipsec_instance_advanced_settings.png|border|class=tlt-border]]
| |
− |
| |
− | <table class="nd-mantable">
| |
− | <tr>
| |
− | <th>Field</th>
| |
− | <th>Value</th>
| |
− | <th>Description</th>
| |
− | </tr>
| |
− | <!-- removed on 7.0, to return on 7.1 <tr>
| |
− | <td>Certificate files from device</td>
| |
− | <td>off | on; default: <b>off</b></td>
| |
− | <td>Uses certificate file generated on this device instead of uploading. (You can generate certificates within this device via the System → Administration → [[{{{name}}}_Administration#Certificates|Certificates]] page.)</td>
| |
− | </tr> -->
| |
− | <tr>
| |
− | <td>Remote Certificate</td>
| |
− | <td>.crt file; default: <b>none</b></td>
| |
− | <td>Selects a certificate file from a computer.</td>
| |
| </tr> | | </tr> |
| </table> | | </table> |
Line 884: |
Line 878: |
| ---- | | ---- |
| | | |
− | [[File:Networking rutos vpn ipsec connection settings general settings v2.png|border|class=tlt-border]] | + | [[File:Networking rutos vpn ipsec connection settings general settings v3.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 956: |
Line 950: |
| ====Advanced settings==== | | ====Advanced settings==== |
| ---- | | ---- |
− | [[File:Networking_rutos_vpn_ipsec_connection_settings_advanced_settings_v2.png|border|class=tlt-border]] | + | [[File:Networking_rutos_vpn_ipsec_connection_settings_advanced_settings_v3.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 2,103: |
Line 2,097: |
| WireGuard works by adding an interface which acts as a tunnel. To create one enter its name and click the <b>Add</b> button. This should add a new Wireguard instance and open a configuration window. | | WireGuard works by adding an interface which acts as a tunnel. To create one enter its name and click the <b>Add</b> button. This should add a new Wireguard instance and open a configuration window. |
| | | |
− | [[File:Networking_rutx_vpn_wireguard_v1.png|border|class=tlt-border]] | + | [[File:Networking_rutx_vpn_wireguard_v2.png|border|class=tlt-border]] |
| | | |
| ===General Instance Settings=== | | ===General Instance Settings=== |
Line 2,111: |
Line 2,105: |
| Private keys and generate them, specify Port and IP addresses for communication. | | Private keys and generate them, specify Port and IP addresses for communication. |
| | | |
− | [[File:Networking_rutx_vpn_wireguard_instance_general_v1.png|border|class=tlt-border]] | + | [[File:Networking_rutx_vpn_wireguard_instance_general_v3.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 2,126: |
Line 2,120: |
| <tr> | | <tr> |
| <td>Private Key</td> | | <td>Private Key</td> |
− | <td>string; default: <b>none</b></td> | + | <td>string; default: <b>-</b></td> |
| <td>Private Key used in authentication.</td> | | <td>Private Key used in authentication.</td> |
| </tr> | | </tr> |
Line 2,135: |
Line 2,129: |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td>Generate</td> | + | <td>Generate key pair</td> |
| <td>-(interactive button)</td> | | <td>-(interactive button)</td> |
| <td>Click to generate Public Key and Private Key.</td> | | <td>Click to generate Public Key and Private Key.</td> |
− | </tr>
| |
− | <tr>
| |
− | <td>Listen Port</td>
| |
− | <td>integer [0..65535]; default: <b>none</b></td>
| |
− | <td>Specify port to listen for incomming connections. It will be set to a random integer if left empty.</td>
| |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 2,157: |
Line 2,146: |
| Advanced Settings section contains Metric and MTU configuration for this WireGuard interface. | | Advanced Settings section contains Metric and MTU configuration for this WireGuard interface. |
| | | |
− | [[File:Networking_rutos_vpn_wireguard_instance_advanced_v2.png|border|class=tlt-border]] | + | [[File:Networking_rutos_vpn_wireguard_instance_advanced_v3.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 2,168: |
Line 2,157: |
| <td>Metric</td> | | <td>Metric</td> |
| <td>positive integer; default: <b>none</b></td> | | <td>positive integer; default: <b>none</b></td> |
− | <td>Specify metric for this tunnel interface. Lower number means higher priority.</td> | + | <td>Specify (Optional) metric for this tunnel interface. Lower number means higher priority.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Listen port</td> |
| + | <td>integer [1..65535]; default: <b>51820</b></td> |
| + | <td>Required. UDP port used for outgoing and incoming packets.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
| <td>MTU</td> | | <td>MTU</td> |
− | <td>integer [1280..1420]; default: <b>none</b></td> | + | <td>integer [68..9200]; default: <b>none</b></td> |
− | <td>Maximum Transmission Unit for this tunnel interface.</td> | + | <td>Maximum Transmission Unit of tunnel interface. Range [68 to 9200]. If not specified, the MTU is automatically determined by physical interface MTU value.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
| <td>DNS servers</td> | | <td>DNS servers</td> |
− | <td>ip | ips; default: <b>none</b></td> | + | <td>ip; default: <b>none</b></td> |
| <td>DNS server(s) for this Wireguard interface.</td> | | <td>DNS server(s) for this Wireguard interface.</td> |
| </tr> | | </tr> |
Line 2,186: |
Line 2,180: |
| ---- | | ---- |
| | | |
− | The Peers section is used to create and configure all the peers for this interface. | + | The Peers section is used to create and configure all the peers for this interface. To create one enter its name and click the <b>Add</b> button. |
− | To create one enter its name and click the <b>Add</b> button. | + | |
− | To configure it click the <b>Edit</b> [[File:Networking_rutx_manual_edit_button_v1.png]] button.
| + | [[File:Networking_rutx_vpn_wireguard_instance_peer_v3.png|border|class=tlt-border]] |
− | [[File:Networking_rutx_vpn_wireguard_instance_peer_v2.png|border|class=tlt-border]] | |
| | | |
| | | |
Line 2,197: |
Line 2,190: |
| In the General section of Peer instance you can configure basic information about the endpoint to allow communications. | | In the General section of Peer instance you can configure basic information about the endpoint to allow communications. |
| | | |
− | [[File:Networking_rutos_vpn_wireguard_instance_peer_instance_general_v2.png|border|class=tlt-border]] | + | [[File:Networking_rutos_vpn_wireguard_instance_peer_instance_general_v3.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 2,208: |
Line 2,201: |
| <td>Public Key</td> | | <td>Public Key</td> |
| <td>string; default: <b>none</b></td> | | <td>string; default: <b>none</b></td> |
− | <td>Endpoint's Public Key.</td> | + | <td>Base64-encoded public key of peer.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Endpoint host</td> |
| + | <td>domain name {{!}} ip; default: <b>none</b></td> |
| + | <td>Host of peer. Names are resolved prior to bringing up the interface.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
| <td>Allowed IPs</td> | | <td>Allowed IPs</td> |
| <td>ip; default: <b>none</b></td> | | <td>ip; default: <b>none</b></td> |
− | <td>A single IP address or a list of them which are allowed to communicate with this peer.</td> | + | <td>IP addresses and prefixes that this peer is allowed to use inside the tunnel. Usually the peer's tunnel IP addresses and the networks the peer routes through the tunnel.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 2,223: |
Line 2,221: |
| <td>Route Allowed IPs</td> | | <td>Route Allowed IPs</td> |
| <td>off {{!}} on; default: <b>off</b></td> | | <td>off {{!}} on; default: <b>off</b></td> |
− | <td>Enable to create routes for <b>Allowed IPs</b> for this peer.</td> | + | <td>Create routes for Allowed IPs for this peer.</td> |
| </tr> | | </tr> |
| </table> | | </table> |
Line 2,234: |
Line 2,232: |
| settings such as its Description, Endpoint Host and Port, Preshared Key and other. | | settings such as its Description, Endpoint Host and Port, Preshared Key and other. |
| See more information below. | | See more information below. |
− | [[File:Networking_rutx_vpn_wireguard_instance_peer_instance_advanced_v1.png|border|class=tlt-border]] | + | [[File:Networking_rutx_vpn_wireguard_instance_peer_instance_advanced_v2.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 2,243: |
Line 2,241: |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td>Description</td> | + | <td>Tunnel source</td> |
− | <td>string; default: <b>none</b></td> | + | <td>Any {{!}} LAN {{!}} WAN {{!}} Mobile; default: <b>Any</b></td> |
− | <td>Description of this peer.</td> | + | <td>Interface to bind this instance to.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 2,253: |
Line 2,251: |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td>Route Allowed IPs</td>
| + | <td>Endpoint Port</td> |
− | <td>off {{!}} on; default: <b>off</b></td> | + | <td>integer [1..65535]; default: <b>none</b></td> |
− | <td>Enable to create routes for <b>Allowed IPs</b> for this peer.</td> | + | <td>Port of peer.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td>Endpoint Host</td> | + | <td>Persistent Keep Alive</td> |
− | <td>ip {{!}} url; default: <b>none</b></td>
| |
− | <td>IP or URL of Remote Endpoint.</td>
| |
− | </tr>
| |
− | <tr>
| |
− | <td>Endpoint Port</td>
| |
| <td>integer [0..65535]; default: <b>none</b></td> | | <td>integer [0..65535]; default: <b>none</b></td> |
− | <td>Specify port to connect to Remote Endpoint. It will be set to <b>51820</b> if left empty.</td> | + | <td>Seconds between keep alive messages. Default is 0 (disabled). Recommended value if this device is behind a NAT is 25. Range [0 to 65535].</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td>Persistent Keep Alive</td> | + | <td>Routing table</td> |
− | <td>integer [0..65535]; default: <b>none</b></td> | + | <td>string; default: <b>none</b></td> |
− | <td>Specify time amount in seconds between Keep Alive messages. By default this option is <b>0</b> which means it is disabled. Recommended value for a device behind NAT is 25.</td> | + | <td>Defines which routing table to use for this peer routes, not necessary to configure for most setups..</td> |
| </tr> | | </tr> |
| </table> | | </table> |
Line 2,421: |
Line 2,414: |
| <td>.key file; default: <b>none</b></td> | | <td>.key file; default: <b>none</b></td> |
| <td>Generated RSA public key.</td> | | <td>Generated RSA public key.</td> |
| + | </tr> |
| + | </table> |
| + | |
| + | ==Tailscale== |
| + | |
| + | Tailscale is a straightforward peer-to-peer VPN service that utilizes the open-source WireGuard protocol. |
| + | |
| + | <u><b>Note:</b> Tailscale is additional software that can be installed from the <b>System → [[{{{name}}} Package Manager|Package Manager]]</b> page.</u> |
| + | |
| + | [[File:Networking rutx vpn tailscale instance general v1.png|border|class=tlt-border]] |
| + | |
| + | <table class="nd-mantable"> |
| + | <tr> |
| + | <th>Field</th> |
| + | <th>Value</th> |
| + | <th>Description</th> |
| + | </tr> |
| + | <tr> |
| + | <td>Authentication method</td> |
| + | <td>Use login url | <span style="color: red;">Use authentication key</span>; default: <b>Use login url</b></td> |
| + | <td>Selects method to authenticate your tailscale network.</td> |
| + | </tr> |
| + | <tr> |
| + | <td><span style="color: red;">Authentication key</span></td> |
| + | <td>string; default: <b>none</b></td> |
| + | <td>Provide an auth key to automatically authenticate the node as your user account.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Enable</td> |
| + | <td>off | on; default: <b>off</b></td> |
| + | <td>Turns tailscale service off or on.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Login server</td> |
| + | <td>full url; default: <b>https://controlplane.tailscale.com</b></td> |
| + | <td>Provide the base URL of a control server. If you are using Headscale for your control server, use your Headscale instance’s URL.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Advertise routes</td> |
| + | <td>ipv4 or ipv6 with mask; default: <b>none</b></td> |
| + | <td>Expose physical subnet routes to your entire Tailscale network.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Default route</td> |
| + | <td><span style="color: green;">on</span> | off; default: <b>off</b></td> |
| + | <td>Route traffic through another exit node.</td> |
| + | </tr> |
| + | <tr> |
| + | <td><span style="color: green;">Exit node IP</span></td> |
| + | <td>ip; default: <b>none</b></td> |
| + | <td>IP address of the exit node.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Accept routes</td> |
| + | <td>on | off; default: <b>off</b></td> |
| + | <td>Accept subnet routes that other nodes advertise.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Exit node</td> |
| + | <td>on | off; default: <b>off</b></td> |
| + | <td>Offer to be an exit node for outbound internet traffic from the Tailscale network.</td> |
| </tr> | | </tr> |
| </table> | | </table> |
| | | |
| [[Category:{{{name}}} Services section]] | | [[Category:{{{name}}} Services section]] |