Tailscale Configuration Example: Difference between revisions

From Teltonika Networks Wiki
No edit summary
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
<p style="color:red">The information in this page is updated in accordance with [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.06.3'''] firmware version.</p>  
<p style="color:red">The information on this page is updated in accordance with [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.06.3'''] firmware version.</p>  
==Introduction==
==Introduction==


Line 7: Line 7:
<u><b>Note:</b> Tailscale is additional software that can be installed from the <b>System → Package Manager</b> page.</u>
<u><b>Note:</b> Tailscale is additional software that can be installed from the <b>System → Package Manager</b> page.</u>


<p style="color:red">The Tailscale VPN package is compatible exclusively with TRB140, TRB141, TRB142, TRB143, TRB145, TRB500 and RUTX, RUTM series devices. This is because Tailscale demands a larger amount of flash space, which surpasses the capacity available on our other devices.</p>  
<p style="color:red">The Tailscale VPN package is compatible exclusively with TRB1, TRB5, RUTX and RUTM series devices. This is because Tailscale demands a larger amount of flash space, which surpasses the capacity available on our other devices.</p>  


==Prerequisites==
==Prerequisites==


<ul>
<ul>
   <li>A RUTX series device (this example will using RUTX12)</li>
   <li>A RUTX series device (this example will use RUTX12)</li>
   <li>An end device to configure devices (PC, Laptop, Tablet, or Smartphone)</li>
   <li>An end device to configure devices (PC, Laptop, Tablet, or Smartphone)</li>
   <li>Activated Tailscale account. You can register <b><span class="plainlinks">[https://login.tailscale.com/login?next_url=%2Fwelcome here]</span></b>.</li>
   <li>Activated Tailscale account. You can register <b><span class="plainlinks">[https://login.tailscale.com/login?next_url=%2Fwelcome here]</span></b>.</li>
Line 26: Line 26:


<ol>
<ol>
   <li>First, let's make the process simple by installing the Tailscale package on our router. To accomplish this, navigate to System -> Package Manager -> Packages.</li>
   <li>First, let's start by installing the Tailscale package on our router. To accomplish this, navigate to System -> Package Manager -> Packages.</li>
   <li>Here, you can find it easily by typing "Tailscale" in the search bar as portrayed below.[[File:Networking tailscale configuration example end device tailscale configuration v1.png|border|class=tlt-border]]</li>
   <li>Here, you can find it easily by typing "Tailscale" in the search bar as portrayed below.[[File:Networking tailscale configuration example end device tailscale configuration v1.png|border|class=tlt-border]]</li>


   <li>Once the package is installed, you can go to "Services" -> "VPN" -> "Tailscale" to access the corresponding window.</li>
   <li>Once the package is installed, you can go to "Services" -> "VPN" -> "Tailscale" to access the corresponding window.</li>


   <li>The setup process is straightforward. Simply choose "Use login URL" (for increased security and you can use the "Authentication Key," but login will still be required) and activate the service by enabling it and pressing button "Save & Apply".[[File:Networking tailscale configuration example end device tailscale configuration v2.png|border|class=tlt-border]]</li>
   <li>The setup process is straightforward. Simply choose "Use login URL" (for increased security and you can use the "Authentication Key," but login will still be required) and activate the service by enabling it and pressing the button "Save & Apply".[[File:Networking tailscale configuration example end device tailscale configuration v2.png|border|class=tlt-border]]</li>
    
    
   <li>Once enabled, you'll see a login link that will direct you to the Tailscale website. There, you can connect RUTX12 to the account you created before starting. If the link is not visible, try saving the configuration and reloading the page.[[File:Networking tailscale configuration example end device tailscale configuration v3.1.png|border|class=tlt-border]]</li>
   <li>Once enabled, you'll see a login link that will direct you to the Tailscale website. There, you can connect RUTX12 to the account you created before starting. If the link is not visible, try saving the configuration and reloading the page.[[File:Networking tailscale configuration example end device tailscale configuration v3.1.png|border|class=tlt-border]]</li>
Line 41: Line 41:




====Another end device configuration configuration====
====Another end device configuration====


<ol>
<ol>
Line 52: Line 52:
   <li>You will be redirected to another page where you need to connect this device. Proceed to connect it.[[File:Networking tailscale configuration example rutx12 tailscale configuration 8.png|border|class=tlt-border]]</li>
   <li>You will be redirected to another page where you need to connect this device. Proceed to connect it.[[File:Networking tailscale configuration example rutx12 tailscale configuration 8.png|border|class=tlt-border]]</li>


   <li>Now, you will be redirected once again to the admin console, where both devices will be visible.[[File:Networking tailscale configuration example end device tailscale configuration 5.png]]</li>
   <li>Now, you will be redirected once again to the admin console, where both devices will be visible.[[File:Networking tailscale configuration example test configuration 1v.png|border|class=tlt-border]]</li>


</ol>
</ol>
Line 58: Line 58:
==Testing configuration==
==Testing configuration==


To test connection you need to open Command Line Interface on RUTX12 (Services → CLI) and login. Then type:
To test connection you need to open Command Line Interface on RUTX12 (Services → [https://wiki.teltonika-networks.com/view/RUT900_CLI CLI]) and login. Then type:
     tailscale status
     tailscale status
Both instances should be connected, and the output should resemble the following.
Both instances should be connected, and the output should resemble the following.
Line 72: Line 72:
==Configuring Tailscale exit node==
==Configuring Tailscale exit node==


To begin, we must allow traffic to be routed through RUTX12. Execute the following command in RUTX12 CLI:
To begin, in the Service -> VPN -> Tailscale press "Show advanced settings" and enable "Exit node" slider.
    tailscale set --advertise-exit-node
Next, in the admin panel, you should now see a new sign for "exit node." Proceed to enable routing traffic through RUTX12 by clicking on the three dots at the end of the RUTX12 interface and selecting "Edit route settings.


[[File:Networking tailscale configuration example configuring tailscale exit node 4.png.png|border|class=tlt-border]]
[[File:Networking tailscale configuration example configuring tailscale exit node v1.png|border|class=tlt-border]]


Then, activate the "Use as exit node" option.
After completing this step, go to the control panel on your laptop. In Tailscale, choose "exit node" -> RUTX12. This should complete the process, and now the traffic from your laptop will pass through the exit node RUTX12, with your laptop's traffic having the IP address of RUTX12.


[[File:Networking tailscale configuration example configuring tailscale exit node 2.png|border|class=tlt-border]]
==Configuring Advertised routes==


After completing these steps, go to the control panel on your laptop. In Tailscale, choose "exit node" -> RUTX12. This should complete the process, and now the traffic from your laptop will pass through the exit node RUTX12, with your laptop's traffic having the IP address of RUTX12.
Advertised routes refer to LAN networks behind the device advertising them. These networks are accessible to other Tailscale VPN clients.
 
Configuring it is quite simple. First, add the LAN network you want to access from other Tailscale VPN devices. In this case, we are selecting the network 192.168.1.0/24 and saving the configuration by pressing "Save & Apply."
 
[[File:Networking tailscale configuration example advertised routes 1 v1.png|border|class=tlt-border]]
 
Next, navigate to the Tailscale admin, where you'll notice that "Subnets" are already enabled from our router's side.
 
[[File:Networking tailscale configuration example advertised routes 2 v1.png|border|class=tlt-border]]
 
To complete the setup, we'll need to approve it from the console. Access the RUTX12 settings by clicking on the three-dot icon.
 
[[File:Networking tailscale configuration example advertised routes 3 v2.png|border|class=tlt-border]]
 
A pop-up window will appear. Here, enable your advertised subnet by checking the checkbox and then clicking the "Save" button.
 
[[File:Networking tailscale configuration example advertised routes 4 v1.png|border|class=tlt-border]]
 
Now, you'll be able to access that advertised LAN network from other Tailscale VPN clients.


==See also==
==See also==

Latest revision as of 16:19, 8 February 2024

The information on this page is updated in accordance with 00.07.06.3 firmware version.

Introduction

Tailscale is a straightforward peer-to-peer VPN service that utilizes the open-source WireGuard protocol. This page provides an example of how to configure Tailscale VPN nodes, including the option to use one of the nodes as an exit node.

Note: Tailscale is additional software that can be installed from the System → Package Manager page.

The Tailscale VPN package is compatible exclusively with TRB1, TRB5, RUTX and RUTM series devices. This is because Tailscale demands a larger amount of flash space, which surpasses the capacity available on our other devices.

Prerequisites

  • A RUTX series device (this example will use RUTX12)
  • An end device to configure devices (PC, Laptop, Tablet, or Smartphone)
  • Activated Tailscale account. You can register here.

End results

In the end, a secure tunnel will be established between RUTX12 and any of your devices. We can also utilize RUTX12 as the endpoint device, serving as the point through which our connection reaches the internet. This means that our device will have the IP address of RUTX12.

Tailscale instances

RUTX12 Tailscale configuration

  1. First, let's start by installing the Tailscale package on our router. To accomplish this, navigate to System -> Package Manager -> Packages.
  2. Here, you can find it easily by typing "Tailscale" in the search bar as portrayed below.
  3. Once the package is installed, you can go to "Services" -> "VPN" -> "Tailscale" to access the corresponding window.
  4. The setup process is straightforward. Simply choose "Use login URL" (for increased security and you can use the "Authentication Key," but login will still be required) and activate the service by enabling it and pressing the button "Save & Apply".
  5. Once enabled, you'll see a login link that will direct you to the Tailscale website. There, you can connect RUTX12 to the account you created before starting. If the link is not visible, try saving the configuration and reloading the page.
  6. Follow the instructions to connect your device. If everything is successful, you should see a similar success message.
  7. Now, you will be redirected to your admin console and with that, the RUTX12 setup is complete.


Another end device configuration

  1. Select another end device you intend to use, whether it's a PC, laptop, mobile phone, or any other device. Then, click the "Add device" button.
  2. Afterward, choose the specific device you will be using. For this setup, we'll be selecting a Windows laptop.
  3. Once the selected software is installed, go to the taskbar and click on the Tailscale icon.
  4. You will be redirected to another page where you need to connect this device. Proceed to connect it.
  5. Now, you will be redirected once again to the admin console, where both devices will be visible.

Testing configuration

To test connection you need to open Command Line Interface on RUTX12 (Services → CLI) and login. Then type:

   tailscale status

Both instances should be connected, and the output should resemble the following.

Now, you can try pinging devices using VPN addresses and even machine names provided by Tailscale. Note that machine names can be changed. If everything is set up correctly, the ping should return results in a similar fashion as shown in the image below.

Configuring Tailscale exit node

To begin, in the Service -> VPN -> Tailscale press "Show advanced settings" and enable "Exit node" slider.

After completing this step, go to the control panel on your laptop. In Tailscale, choose "exit node" -> RUTX12. This should complete the process, and now the traffic from your laptop will pass through the exit node RUTX12, with your laptop's traffic having the IP address of RUTX12.

Configuring Advertised routes

Advertised routes refer to LAN networks behind the device advertising them. These networks are accessible to other Tailscale VPN clients.

Configuring it is quite simple. First, add the LAN network you want to access from other Tailscale VPN devices. In this case, we are selecting the network 192.168.1.0/24 and saving the configuration by pressing "Save & Apply."

Next, navigate to the Tailscale admin, where you'll notice that "Subnets" are already enabled from our router's side.

To complete the setup, we'll need to approve it from the console. Access the RUTX12 settings by clicking on the three-dot icon.

A pop-up window will appear. Here, enable your advertised subnet by checking the checkbox and then clicking the "Save" button.

Now, you'll be able to access that advertised LAN network from other Tailscale VPN clients.

See also

References

Tailscale - Main Tailscale website

CLI - Tutorial how to access CLI via WebUI