readme for thewarrens setup
This commit is contained in:
parent
ac7dc8b9bc
commit
a98ce97787
1 changed files with 3 additions and 59 deletions
62
README.md
62
README.md
|
@ -1,68 +1,12 @@
|
||||||
# Tailscale
|
# Tailscale
|
||||||
|
|
||||||
|
|
||||||
This Ansible role installs and configure the [Tailscale client](https://tailscale.com/download)
|
This Ansible role installs and configure the [Tailscale client](https://tailscale.com/download) on debian machines and points it to my headscale instance.
|
||||||
for Linux (Ubuntu) devices.
|
|
||||||
|
|
||||||
This role was written based on [artis3n/ansible-role-tailscale](https://github.com/artis3n/ansible-role-tailscale).
|
This role was written based on [artis3n/ansible-role-tailscale](https://github.com/artis3n/ansible-role-tailscale).
|
||||||
|
|
||||||
|
|
||||||
## Use Tailscale as exit node and DNS server for devices
|
## Setup
|
||||||
|
|
||||||
For example, when abroad. The point then is to route *all traffic* via
|
Add a reusable key to vars/main.yml as tailscale_auth_key
|
||||||
our Tailscale exit node, *including* DNS queries.
|
|
||||||
|
|
||||||
Designate a Tailscale node as **exit node** via the web UI.
|
|
||||||
To route the traffic from your device to that exit node,
|
|
||||||
run`tailscale up --exit-node=<ip-exit-node>` (on Linux) or select the corresponding
|
|
||||||
menu option on Android.
|
|
||||||
|
|
||||||
When you use the exit node feature, DNS traffic is automatically forwarded
|
|
||||||
(so [no DNS leakage](https://github.com/tailscale/tailscale/issues/1713)).
|
|
||||||
Awesome!
|
|
||||||
|
|
||||||
Tailscale exit nodes can then be shared with other users in our Github org,
|
|
||||||
or with external users. Very cool!
|
|
||||||
|
|
||||||
Note that you need to add the Tailscale IP address of the exit node to
|
|
||||||
the **Nameservers** setting in the Tailscale web UI. Also, it might be a good
|
|
||||||
idea to set `override local DNS`.
|
|
||||||
|
|
||||||
Finally, internet connectivity from your Tailscale nodes will not work at all
|
|
||||||
unless you set Pi-Hole's listening behaviour to **Listen on all interfaces, permit all origins**
|
|
||||||
(default was **Listen only on eth0**).
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Use Tailscale as DNS server for Android devices?
|
|
||||||
|
|
||||||
The idea is to *not* route all traffic via the exit node, only the DNS traffic.
|
|
||||||
This might be useful in certain situations (where you don't mind the ISP seeing
|
|
||||||
your traffic, but you still want to benefit from our ad/tracker blocking).
|
|
||||||
|
|
||||||
I have not tested this properly yet.
|
|
||||||
|
|
||||||
+ https://shotor.com/blog/run-your-own-mesh-vpn-and-dns-with-tailscale-and-pihole/
|
|
||||||
+ https://forum.tailscale.com/t/need-some-help-with-default-dns-when-using-tailscale/341
|
|
||||||
+ https://github.com/tailscale/tailscale/issues/915
|
|
||||||
+ https://github.com/tailscale/tailscale/issues/74
|
|
||||||
|
|
||||||
|
|
||||||
## Notes on running Tailscale client inside LXC container
|
|
||||||
|
|
||||||
My DNS server (PiHole + unbound) runs as an LXC container.
|
|
||||||
In the same container we also run Tailscale.
|
|
||||||
|
|
||||||
This works fine. For details on how the LXC profile was setup,
|
|
||||||
see the [lxd-server role](https://codeberg.org/ansible/lxd-server).
|
|
||||||
|
|
||||||
|
|
||||||
## Refs
|
|
||||||
|
|
||||||
+ https://github.com/artis3n/ansible-role-tailscale
|
|
||||||
+ https://github.com/dockpack/base_tailscale
|
|
||||||
+ https://tailscale.com/kb/1103/exit-nodes/
|
|
||||||
+ https://tailscale.com/kb/1114/pi-hole/
|
|
||||||
+ https://tailscale.com/kb/1130/lxc-unprivileged/
|
|
||||||
+ https://tailscale.com/kb/1112/userspace-networking/
|
|
||||||
+ https://tailscale.com/kb/1084/sharing/#sharing--exit-nodes
|
|
||||||
|
|
Loading…
Reference in a new issue