defaults | ||
handlers | ||
tasks | ||
vars | ||
README.md | ||
ts.yaml~ |
Tailscale
This Ansible role installs and configure the Tailscale client for Linux (Ubuntu) devices.
This role was written based on artis3n/ansible-role-tailscale.
Use Tailscale as exit node and DNS server for devices
For example, when abroad. The point then is to route all traffic via our Tailscale exit node, including DNS queries.
Designate a Tailscale node as exit node via the web UI.
To route the traffic from your device to that exit node,
runtailscale up --exit-node=<ip-exit-node>
(on Linux) or select the corresponding
menu option on Android.
When you use the exit node feature, DNS traffic is automatically forwarded (so no DNS leakage). Awesome!
Tailscale exit nodes can then be shared with other users in our Github org, or with external users. Very cool!
Note that you need to add the Tailscale IP address of the exit node to
the Nameservers setting in the Tailscale web UI. Also, it might be a good
idea to set override local DNS
.
Finally, internet connectivity from your Tailscale nodes will not work at all unless you set Pi-Hole's listening behaviour to Listen on all interfaces, permit all origins (default was Listen only on eth0).
Use Tailscale as DNS server for Android devices?
The idea is to not route all traffic via the exit node, only the DNS traffic. This might be useful in certain situations (where you don't mind the ISP seeing your traffic, but you still want to benefit from our ad/tracker blocking).
I have not tested this properly yet.
- https://shotor.com/blog/run-your-own-mesh-vpn-and-dns-with-tailscale-and-pihole/
- https://forum.tailscale.com/t/need-some-help-with-default-dns-when-using-tailscale/341
- https://github.com/tailscale/tailscale/issues/915
- https://github.com/tailscale/tailscale/issues/74
Notes on running Tailscale client inside LXC container
My DNS server (PiHole + unbound) runs as an LXC container. In the same container we also run Tailscale.
This works fine. For details on how the LXC profile was setup, see the lxd-server role.
Refs
- https://github.com/artis3n/ansible-role-tailscale
- https://github.com/dockpack/base_tailscale
- https://tailscale.com/kb/1103/exit-nodes/
- https://tailscale.com/kb/1114/pi-hole/
- https://tailscale.com/kb/1130/lxc-unprivileged/
- https://tailscale.com/kb/1112/userspace-networking/
- https://tailscale.com/kb/1084/sharing/#sharing--exit-nodes