Reminder to self to play around with [Wayback/Archive] Tailscale SSH · Tailscale
Tailscale SSH allows Tailscale to manage the authentication and authorization of SSH connections on your tailnet.
Archive for the ‘Wireguard’ Category
Tailscale SSH · Tailscale
Posted by jpluimers on 2024/07/12
Posted in *nix, *nix-tools, Hardware, Network-and-equipment, Power User, ssh/sshd, Tailscale, VPN, Wireguard | Leave a Comment »
Dave Anderson on Twitter: “Cool minor @Tailscale moment: I’m recommissioning a server that got moved from a different network, so all its network config was wrong, and generally I couldn’t get at it over the network, only IPKVM console. But then my `ping` over Tailscale started working?!” / Twitter
Posted by jpluimers on 2023/04/04
Wow, I wrote about Tailscale a few times before, and it is still on my research list, but this is a very compelling reason to use it. [Archive] Dave Anderson on Twitter: “Cool minor @Tailscale moment: I’m recommissioning a server that got moved from a different network, so all its network config was wrong, and generally I couldn’t get at it over the network, only IPKVM console. But then my ping over Tailscale started working?!” / Twitter
I archived the thread so it becomes easier to read: [Wayback/Archive] A readable Thread by @dave_universetf Says Cool minor @Tailscale moment: I’ – UnrollThread.com.
The core are these three tweets:
Turns out, IPv6 autoconfiguration is what happened. Sure, v4 configuration was entirely wrong (it was trying to connect to wifi, via a wifi dongle that was no longer installed, and wanted to talk to a DNS server that doesn’t exist any more), but eno1 had a cable plugged in!The server noticed IPv6 router advertisements, went “I’ll have some of that”, and got global IPv6 connectivity automagically. IPv4 and DNS were still down though, so all it had at this point is the ability to send/receive IPv6 packets.So, how did Tailscale get from there to a working setup? It still needs to contact https://t.co/hEs4S8qvTw to get a network map, and still needs to talk to DERP servers to get p2p tunnels working outside the LAN. Enter bootstrap DNS!
It means I have to re-read Source: Some links on Tailscale / Wiregard, especially the [Wayback] How Tailscale works · Tailscale bit, then decide how I want to organise my infrastructure to run parts under Tailscale (I have the impression it is a peer based set-up, not router based).
Then I have to read [Wayback/Archive] IPv4, IPv6, and a sudden change in attitude – apenwarr of which the conclusion is this:
IP mobility is what we do, in a small way, with Tailscale’s WireGuard connections. We try all your Internet links, IPv4 and IPv6, UDP and TCP, relayed and peer-to-peer. We made mobile IP a real thing, if only on your private network for now. And what do you know, the math works. Tailscale’s use of WireGuard with two networks is more reliable than with one network.
Finally I need to not just read it, but understand all it (:
Or maybe I should ask Kris, as I got here through:
- [Archive] Kris on Twitter: “Ich bin ĂĽbrigens komplett vergreist und sollte nicht mehr in die Nähe von Computern gelassen werden. Ich habe also die Wireguard Dokumentation gelesen und auf dem lokalen Windows-Laptop “scoop install wireguard” gemacht.” / Twitter
- [Archive] Brad Fitzpatrick on Twitter: “@eliasp @isotopp @Tailscale Und oft gibt es mehr als eine lokale Netzwerkoption (IPv6 link local + IPv4). Etwas verwandt: eine Geschichte ĂĽber einen Ăśberraschungs-Netzwerk-Link… …” / Twitter (linking to the Twitter thread at the top of this post)
I saved Kris’ message thread here at [Wayback/Archive] Thread by @isotopp on Thread Reader App – Thread Reader App.
An OK translation is at [Wayback/Archive] Thread by @isotopp on Thread Reader App – Thread Reader App.
–jeroen
Share this:
Posted in Hardware, Network-and-equipment, Power User, Scoop, Tailscale, VPN, Windows, Wireguard | 1 Comment »
Perkeep lets you permanently keep your stuff, for life.
Posted by jpluimers on 2022/03/30
For my link archive: [Wayback] Perkeep
Via [Wayback] bradfitz – Joining Tailscale: Simplifying Networking, Authentication, and Authorization (which has many interesting linkis, including [Archive.is] bradfitz/homelab: Brad’s homelab setup)
- [Wayback/Archive.is] ycombinator: Perkeep: personal storage system for life | Hacker News.
- Perkeep – Wikipedia
Perkeep (previously Camlistore, Content-Addressable Multi-Layer Indexed Storage) is a set of open-source formats, protocols, and software for modeling, storing, searching, sharing, and synchronizing data.
- [Wayback] Documentation – Perkeep
- [Archive.is] Perkeep (née Camlistore)
–jeroen
Share this:
Posted in Cloud, Hardware, Infrastructure, Network-and-equipment, Perkeep, Power User, Storage, Tailscale, VPN, Wireguard | Leave a Comment »
Some links on Tailscale / Wiregard
Posted by jpluimers on 2022/03/29
For my link archive:
- WireGuard – Wikipedia
- Brad Fitzpatrick – Wikipedia
- [Wayback] Installing Tailscale on Windows · Tailscale
- [Wayback] How Tailscale works · Tailscale
- [Wayback] Tailscale · Best VPN Service for Secure Networks
Tailscale is a zero config VPN for building secure networks. Install on any device in minutes. Remote access from any network or physical location.
Related: [Wayback] Using Tailscale on Windows to network more easily with WSL2 and Visual Studio Code – Scott Hanselman’s Blog
–jeroen
Share this:
Posted in Hardware, Network-and-equipment, Power User, Tailscale, VPN, Wireguard | Leave a Comment »
“Using Tailscale on Windows to network more easily with WSL2 and Visual Studio Code”
Posted by jpluimers on 2022/03/23
“Using Tailscale on Windows to network more easily with WSL2 and Visual Studio Code”
Points to [Wayback] Using Tailscale on Windows to network more easily with WSL2 and Visual Studio Code – Scott Hanselman’s Blog
Related:
–jeroen
Share this:
Posted in Hardware, Network-and-equipment, Power User, Tailscale, VPN, Wireguard | Leave a Comment »
Wake-on LAN over tailscale VPN
Posted by jpluimers on 2022/03/22
Hey macOS desktop in the basement, thanks for going to sleep while I was in the middle of typing at you via SSH.
Maybe that should be a signal not to sleep, eh?
$ sudo wakeonlan ac:87:a3:19:7e:81
Sending magic packet to 255.255.255.255:9 withWell, at least that works.
Related:
–jeroen
Share this:
Posted in Hardware, Network-and-equipment, Power User, Tailscale, VPN, Wireguard | Leave a Comment »
Some links on Wireguard as DHCP clients were not supported back then yet
Posted by jpluimers on 2021/11/12
Wireguard seems more light-weignt and secure than OpenVPN and IPsec. So I’m anxious to know how it is supposed to work for road warriors that often depend on receiving DHCP addresses into the network of the VPN server.
Some links that hopefully get me started to install a Wireguard VPN server and provide services to road warrior clients.
First the Twitter thread that got me investigating:
- [WayBack] DaniĂ«l Verlaan on Twitter: “Opgepast ⚠️ – nerd-tweet incoming. Ben echt ontzettend te spreken over WireGuard, een nieuw vpn-protocol dat sneller, veiliger en energiezuiniger is dan OpenVPN, IPSec of IKEv2. Goed te gebruiken met o.a. Algo, Mullvad of iVPN op desktop en mobile 🙌 … “
- [WayBack] Jeroen Pluimers on Twitter: “Hoe zit het met de handout van DHCP client adressen aan de VPN clients?… “
- [WayBack] DaniĂ«l Verlaan on Twitter: “durf ik niet te zeggen uit mijn hoofd, maar daar zal genoeg over te vinden zijn online… “
- [WayBack] Jeroen Pluimers on Twitter: “Mijn initiele poging was niet echt hoopvol, vandaar de vraag; ik denk dat ik iets over het hoofd zie. Mocht je iets tegenkomen met goede info, dan graag!… “
- [WayBack] Arian van Putten on Twitter: “Hai! Op dit moment nog niet gesupport. Maar wordt aan gewerkt https://t.co/qpdClRdRyw Waarschijnlijk niet via DHCP maar via ipv6… “
- [WayBack] Arian van Putten on Twitter: “Probleem is dat dynamic addresses en cryptokey-routing beetje tegen elkaar inwerken. Maar ipv6 geeft tools om dit wel mogelijk te maken zo ver ik begrijp… “
- [WayBack] Jeroen Pluimers on Twitter: “Eigenlijk ben ik al een tijd op zoek naar varvanging van Fritz!Box VPN naar meer moderne en liefst onderhoudsarme VPN zowel voor LAN-to-LAN als roaming mobiele apparaten die achter wisselende NATs hangen. Voorlopig (zie profiel) extreem laag in energie, dus alle hulp is welkom.… “
- [WayBack] Arian van Putten on Twitter: “maar maakt dan toch niet uit dat binnenin je VPN het netwerk static is? Wireguard lijkt me een goede fit. Vooral omdat het goed omgaat met roaming… “
- [WayBack] Jeroen Pluimers on Twitter: “Dank! Dit is waarom ik van Twitter hou: als je zelf even in een mentale dip zit en niet meer alles kunt overzien, gooit iemand het kwartje naar je toe zodat je het kunt laten vallen. Alle clients hun eigen vaste IPv4, dan maakt het niet meer uit vanachter welke NAT ze connecten.… “
- [WayBack] 𝓹𝓮𝓽𝓾𝓻 on Twitter: “Ik heb mijn clients allemaal een vast adres gegeven, dat lukt nog als het er niet te veel zijn. De server kant is een UBNT ER-X… “
- [WayBack] Arian van Putten on Twitter: “maar maakt dan toch niet uit dat binnenin je VPN het netwerk static is? Wireguard lijkt me een goede fit. Vooral omdat het goed omgaat met roaming… “
- [WayBack] Jeroen Pluimers on Twitter: “Eigenlijk ben ik al een tijd op zoek naar varvanging van Fritz!Box VPN naar meer moderne en liefst onderhoudsarme VPN zowel voor LAN-to-LAN als roaming mobiele apparaten die achter wisselende NATs hangen. Voorlopig (zie profiel) extreem laag in energie, dus alle hulp is welkom.… “
Then some links I found:
- [WayBack] WireGuard – Wikipedia
- [Archive.is] Brad Fitzpatrick on Twitter: “We just made the first bits of the @Tailscale code public, starting w/ the Linux client + its dependent/common code: … Still lots of rough edges & TODOs everywhere so temper expectations accordingly. We want to hack in open and not wait until it’s perfect.… “
- [WayBack] GitHub – tailscale/tailscale: The easiest, most secure, cross platform way to use WireGuard + oauth2 + 2FA/SSO
- [WayBack] Tailscale
- [WayBack] Brad Fitzpatrick – Wikipedia
- [Archive.is] Brad Fitzpatrick on Twitter: “”An update on bradfitz” After ~12.5 years at Google and ~10 years working on Go, it’s time for me to do something new. Tomorrow is my last day at Google. đź‘‹ I’ll still be involved with #golang but less, and differently. More: …”
- [Archive.is] Brad Fitzpatrick on Twitter: “Turns out Google’s internal business card order form only allows a few email address domain names in its drop-down. But that’s easy enough to fix by editing the DOM with Chrome DevTools. My parting gift arrived. (I couldn’t change the Google to a gopher, though.)… “
- [Archive.is] Brad Fitzpatrick on Twitter: “Unemployment got boring. I’m joining @Tailscale. More: …”
- [WayBack] bradfitz – Joining Tailscale
- [WayBack] Absolute scale corrupts absolutely – apenwarr
- [Archive.is] Dave Anderson on Twitter: “So, as of yesterday, I have a new job! I’m with @Tailscale. The ideas in the linked post were a huge part of what got me on board. I want to bring the LAN of old back into the modern world, and return to a simpler model for writing software.… “
- [Archive.is] David Crawshaw on Twitter: “What I am working on, and why. …”
- [WayBack] bradfitz – Joining Tailscale
- [WayBack] Installation – WireGuard
- [WayBack] Quick Start – WireGuard
- [WayBack] WireGuard: fast, modern, secure VPN tunnel
- [WayBack] TUMBLEWEED wireguard support?
- [WayBack] [Solved] Wireguard as a VPN “server” – Installing and Using OpenWrt – OpenWrt Forum
–jeroen
Share this:
Posted in Hardware, Network-and-equipment, Power User, Tailscale, VPN, Wireguard | Leave a Comment »
The Wiert Corner - irregular stream of stuff 