pwarren/ansible-role-headscale-client
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
ansible-role-headscale-client/README.md
Paul Warren 2b63ed37be initial commit
2023-10-21 19:53:32 +11:00

68 lines
2.5 KiB
Markdown
Raw Blame History

# Tailscale
This Ansible role installs and configure the [Tailscale client](https://tailscale.com/download)
for Linux (Ubuntu) devices.
This role was written based on [artis3n/ansible-role-tailscale](https://github.com/artis3n/ansible-role-tailscale).
## Use Tailscale as exit node and DNS server for devices
For example, when abroad. The point then is to route *all traffic* via
our Tailscale exit node, *including* DNS queries.
Designate a Tailscale node as **exit node** via the web UI.
To route the traffic from your device to that exit node,
run`tailscale up --exit-node=<ip-exit-node>` (on Linux) or select the corresponding
menu option on Android.
When you use the exit node feature, DNS traffic is automatically forwarded
(so [no DNS leakage](https://github.com/tailscale/tailscale/issues/1713)).
Awesome!
Tailscale exit nodes can then be shared with other users in our Github org,
or with external users. Very cool!
Note that you need to add the Tailscale IP address of the exit node to
the **Nameservers** setting in the Tailscale web UI. Also, it might be a good
idea to set `override local DNS`.
Finally, internet connectivity from your Tailscale nodes will not work at all
unless you set Pi-Hole's listening behaviour to **Listen on all interfaces, permit all origins**
(default was **Listen only on eth0**).
## Use Tailscale as DNS server for Android devices?
The idea is to *not* route all traffic via the exit node, only the DNS traffic.
This might be useful in certain situations (where you don't mind the ISP seeing
your traffic, but you still want to benefit from our ad/tracker blocking).
I have not tested this properly yet.
+ https://shotor.com/blog/run-your-own-mesh-vpn-and-dns-with-tailscale-and-pihole/
+ https://forum.tailscale.com/t/need-some-help-with-default-dns-when-using-tailscale/341
+ https://github.com/tailscale/tailscale/issues/915
+ https://github.com/tailscale/tailscale/issues/74
## Notes on running Tailscale client inside LXC container
My DNS server (PiHole + unbound) runs as an LXC container.
In the same container we also run Tailscale.
This works fine. For details on how the LXC profile was setup,
see the [lxd-server role](https://codeberg.org/ansible/lxd-server).
## Refs
+ https://github.com/artis3n/ansible-role-tailscale
+ https://github.com/dockpack/base_tailscale
+ https://tailscale.com/kb/1103/exit-nodes/
+ https://tailscale.com/kb/1114/pi-hole/
+ https://tailscale.com/kb/1130/lxc-unprivileged/
+ https://tailscale.com/kb/1112/userspace-networking/
+ https://tailscale.com/kb/1084/sharing/#sharing--exit-nodes
Reference in a new issue View git blame Copy permalink