First Impressions on TailScale
If you haven’t heard TailScale, you have now. It is a secure and simple VPN product that enables computers registered onto it to see each other, even if they are roaming!
Actually, the definition of the VPN is exactly what TailScale does. The high level of the process as follows:
- Create a Virtual Private Network
- Register computers to that network.
- …
- Profit.
Now your computers can reach each other using IP Addresses that TailScale provides to you.
Also on the technical side of the coin, TailScale uses WireGuard. It is also recently very hot, given officially merged into the Linux kernel. WireGuard provides a basis for the TailScale, the protocol of the network…
This is the perfect solution for:
- Ever wanted to access files on your work computer which you have left locked but turned on.
- Ever wanted to access your home computer’s display via RDP or VNC but your ISP blocks them and one may not want to pay buggy or not-so-secure screen sharing software. (Teamviewer et. al.)
- Help your friend via the aforementioned it-just-works protocols, which also does not require any installation at all…
- Stream Netflix, Spotify, Steam from a host at DigitalOcean, AWS, Google Cloud to your computer.
- Access your wide-variety of IoT devices, Raspberry Pi, etc. with low latency, good speed link.
- Providing hardware solutions on the field? A client called in and now you need to travel 100 kilometers to their office.
Getting Started
The part I liked most. Very, easy. Period. I gave bold to secure and simple in the introduction and that completely stands. You may rethink that these words cannot be used in one sentence, at least in a sensible way. Well, you have been wrong and that rule is broken now.
- Sign up using the Getting Started link.
- Go to tailscale.com/download and install it using your platform’s instructions.
- From any computer, you can navigate to the menu,
Click toMy IP Addressto copy your address (eg: share with friends)
Click another device to copy theirs and use it for SSH or HTTP et.al.
The bonus point is that if you are using GSuite, you can see other people in the company.
Some use cases include:
- Directly connect to your friend’s development server;
Aka.localhost:8080gang. - SSH into your Raspberry Pi which is at the office, behind a firewall and even though, you can help your friend. (You can also use tmate for that)
- Share files directly using Windows file sharing (Samba) or macOS sharing.
The subnet is CG-NAT (Carrier Grade NAT) network. It is not considered local and having a vast number of addresses. (Theoretically speaking, 100.64/10 = 4,194,302 hosts!)
At IVEN (IoT cloud solution startup based in Istanbul, Turkey) we’ve always said that “Take control of your connected things.” and I’ve managed various IPSec VPNs, SSH Tunnels, weird hacks, port forwardings throughout projects.
TailScale exactly solves the problem that exists in between private networks. In my opinion, the sweet spot has been hit by them; open-source, easy and secure VPN. Just does what it has to, rest is yours.
- Doesn’t mangle routes,
- Doesn’t have layers and layers of configuration,
- Automatic key/certificate management,
- Centralized login, SSO availability,
- Native clients exist at the time of launch,
- No compatibility problems,
- Cheap, reliable, open-source,
- Simple UI, admin panel (web).
- It just works and free!
— I wish it was available before.
Extremely recommended for ‘More on Tailscale: How It Works’;
References
- TailScale: https://tailscale.com
- WireGuard: https://wireguard.com
tmate: tmux based collaboration tool: https://tmate.io- Wireguard 1.0 and Linux Kernel 5.6 @arstechnica: https://arstechnica.com/gadgets/2020/03/wireguard-vpn-makes-it-to-1-0-0-and-into-the-next-linux-kernel/
- TailScale Docs/Help for CGNAT: https://tailscale.com/kb/1015/100.x-addresses
- Seclists CGNAT: https://seclists.org/nanog/2012/Mar/588
- RFC for CGNAT (6598 and 6752):
https://tools.ietf.org/html/rfc6598
https://tools.ietf.org/html/rfc6752 - The Wikipedia Article on CGNAT: https://en.wikipedia.org/wiki/Carrier-grade_NAT
